Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by DuDuLu (13-04-2018 19:55:35)
Running from C:\Users\DuDuLu\Downloads
Windows 10 Pro Version 1709 16299.371 (X64) (2017-12-26 19:36:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2754859487-1066582896-1531444224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2754859487-1066582896-1531444224-503 - Limited - Disabled)
DuDuLu (S-1-5-21-2754859487-1066582896-1531444224-1000 - Administrator - Enabled) => C:\Users\DuDuLu
Guest (S-1-5-21-2754859487-1066582896-1531444224-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2754859487-1066582896-1531444224-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS Xonar DG Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Bytescout XLS Viewer 1.30a (FREEWARE) (HKLM-x32\...\Bytescout XLS Viewer_is1) (Version:  - Bytescout Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cities Skylines All That Jazz (HKLM-x32\...\Cities Skylines All That Jazz_is1) (Version:  - )
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
iRoot (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.8.8.20465 - SING)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KB4023057 (HKLM\...\{264FDD69-C4DF-476F-B1B8-7DCEE4AF839B}) (Version: 2.4.0.0 - Microsoft Corporation)
Malwarebytes verze 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2754859487-1066582896-1531444224-1000\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
MPC-HC 1.7.4 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.4 - MPC-HC Team)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 352.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.84 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 352.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.84 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ovládací panel NVIDIA 352.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 352.84 - NVIDIA Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PdfMerge (HKLM-x32\...\{238BE990-A412-4129-A434-D03B1A9E396E}) (Version: 1.22.0 - PdfMerge)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1045.0 - Passmark Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.9 - Vaclav Slavik)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
ProfiCAD 9.3.3 (HKLM-x32\...\ProfiCAD_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SOTI Pocket Controller for Android (HKLM-x32\...\{27C323C9-C757-44E2-AF70-245586D0F462}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Transport Fever (HKLM-x32\...\1720767912_is1) (Version: 2.0.0.2 - GOG.com)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Webshare uploader (HKLM-x32\...\WebshareDLC) (Version:  - Webshare)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2754859487-1066582896-1531444224-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
XiaoMiFlash (HKLM-x32\...\{9AF75396-D38E-4F07-831C-9F78923DC015}) (Version: 1.0.0 - XiaoMi)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-04] (AVAST Software)
ContextMenuHandlers1: [AntimalwareSolution] -> {3856E252-4F64-419D-AB37-3A4CA5AA3856} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-04] (AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-04-27] (COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [AntimalwareSolution] -> {3856E252-4F64-419D-AB37-3A4CA5AA3856} =>  -> No File
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-04-27] (COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-04] (AVAST Software)
ContextMenuHandlers4: [AntimalwareSolution] -> {3856E252-4F64-419D-AB37-3A4CA5AA3856} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-05-10] (NVIDIA Corporation)
ContextMenuHandlers6: [AntimalwareSolution] -> {3856E252-4F64-419D-AB37-3A4CA5AA3856} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-04] (AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-04-27] (COMODO)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01702BEF-B03F-4780-A436-39C5EF00979D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0A80F508-9ECF-4D98-8F50-6E30DE459C63} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {22FF8D43-0586-4F0B-8370-A7C9E49383DA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {25DBC01F-788D-4BB9-84D8-789181655CAC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {26C6F273-40F0-45D5-A3C7-AD9EBEF46C01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {281900A0-E1C8-465C-9547-780FEAF75EB3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {29FAC46B-A624-49CD-B97C-A6238AFBE90F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A5DE654-E181-46A5-A0FD-BA2B22E0EEDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2CC6D64F-96DA-420E-A845-50FD7B5EF821} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {315BAEFA-720C-4D65-A52A-26E464AE8561} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-27] (COMODO)
Task: {38F0925D-D1AA-470A-9C47-2927D828F8DB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {40DE13CD-4AC0-487A-94FC-653C375BD030} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4959693C-A73A-45CD-879C-80FA8E1253C3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A2AE6D1-B4BE-4B83-AFA4-4D2EF7DED0EE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {50CC6816-CC38-415E-9FA8-31E8AA22B169} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {56419DD6-4E2F-4A6F-B2D2-AF037EBE4239} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {597E57FA-6A02-4575-B97E-43761244D32C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-10] (Piriform Ltd)
Task: {5D788C58-9A0B-4A50-AADC-7DB0D8E11114} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {61DC4720-F2F1-425F-B2AE-971BA4C6E191} - System32\Tasks\{BBD446B5-D24B-4A52-820A-C240F5D96ED7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.1.59.105/cs/abandoninstall?page=tsMain
Task: {65AE1AC5-4808-4F37-94C9-77AE8EDE0FEF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {674D06CC-C3ED-469A-9663-76476B8CC45A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {67938758-B21B-47E5-BE82-983C5B763934} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73268FEA-4C2C-4404-A566-1D58030E131C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7D9B1C68-59A2-4948-A86C-FD8844C260F0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85960E8A-EC25-47DE-B3A5-CC9351B4A61D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {86223FCD-BFF2-4BAA-B905-CF12B2D438EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A531CF2-0F9B-4B11-A632-6273780DCF9F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {948320B6-DA51-41D6-9811-DCBDF4880639} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {999E7E6D-0745-4498-8725-871035E6C539} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-27] (COMODO)
Task: {A33AD13B-1808-4835-B65F-28892E50AB52} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A5956B6C-DA13-440D-A489-D0BD2612FD30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A7A750D7-7CCA-4F53-9932-418BC99072F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8E3E066-7B08-4FA8-9B7A-D139C6F6DCFC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B815546A-464C-4852-88C7-B1A00E1C7D0A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B90D1D0A-D6B9-4BE4-858A-5033A6D3F1B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BE35402E-2D11-4292-B316-50DD9A062C5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-10] (Piriform Ltd)
Task: {BEF0823A-349A-4229-A35A-A1BCC95555B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {C73B82A7-CAB7-4A87-9969-E615B6DA0B46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CAB261F3-CC33-4F7D-ACC9-C33A94F47877} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE6C62AD-450A-48ED-937E-5BC7941510B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5F5F3D2-B0A9-47B5-8649-7C7D2FD159F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DAB85AB9-7D2B-40F3-8BD3-0B9C7CE22342} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DCB513B1-4FB6-43FE-A7B6-1BFCE489AFBD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DD8A8F4D-9110-46CA-A267-F4B4CAC37C5B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DE954257-9DA5-4026-8080-302D5F58E9D7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2E9A357-7299-425C-9BF0-2C51707FE802} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-10] (AVAST Software)
Task: {F366607C-64D3-4251-835A-90D89C9A76BD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6BCEEE4-D2F8-4BB2-9CC3-B66DEFD5BBC0} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-27] (COMODO)
Task: {FA844387-A3C1-4444-A172-67C11EFD0DA0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-04] (AVAST Software)
Task: {FEEBD3E7-D3EF-4A5F-AA04-117F757506D2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-27] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-15 19:02 - 2015-05-10 21:41 - 000116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-26 09:58 - 2017-07-26 09:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-04-11 20:49 - 2018-04-11 20:49 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 20:49 - 2018-04-11 20:49 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-27 10:45 - 2018-03-27 10:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 10:45 - 2018-03-27 10:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-15 11:31 - 2018-03-26 19:23 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-03-23 13:12 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 13:12 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-14 16:12 - 2018-03-14 16:12 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 16:12 - 2018-03-14 16:12 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-13 16:48 - 2018-04-13 16:48 - 000113152 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_ctypes.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000080896 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\bz2.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001585152 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_hashlib.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000128512 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32api.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000137728 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\pywintypes27.dll
2018-04-13 16:48 - 2018-04-13 16:48 - 000548864 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\pythoncom27.dll
2018-04-13 16:48 - 2018-04-13 16:48 - 000689664 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\unicodedata.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000438784 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32com.shell.shell.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001489408 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._core_.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001007104 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._gdi_.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001039872 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._windows_.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001325056 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._controls_.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000916992 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._misc_.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 001084416 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\pysqlite2._sqlite.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000149504 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32file.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000136192 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32security.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000007680 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\hashobjs_ext.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000020992 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\thumbnails_ext.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000118784 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\usb_ext.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000047616 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_socket.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 002224128 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_ssl.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000014848 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\common.time34.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000023040 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32event.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000033280 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows.conditional.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000019968 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows.winwrap.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000107520 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows.volumes.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000223232 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32gui.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000173568 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_elementtree.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000169472 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\pyexpat.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000048128 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32inet.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000103424 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\wx._html2.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000046080 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_psutil_windows.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000633240 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows._cacheinvalidation.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 005408256 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\cello.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000010752 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\select.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000011776 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32crypt.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000301568 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\PIL._imaging.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000032256 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_multiprocessing.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000026112 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\_yappi.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000044032 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32process.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000027648 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32pipe.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000029696 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32pdh.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000038400 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows.connectivity.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000071168 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\windows.device_monitor.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000020480 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32profile.pyd
2018-04-13 16:48 - 2018-04-13 16:48 - 000026624 _____ () C:\Users\DuDuLu\AppData\Local\Temp\_MEI95882\win32ts.pyd
2018-02-15 19:05 - 2015-05-10 23:12 - 000011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-07 16:27 - 2012-06-06 03:56 - 000143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2018-04-04 15:39 - 2018-04-04 15:39 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-03 15:26 - 2018-03-03 15:26 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-04 15:39 - 2018-04-04 15:39 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-04 15:39 - 2018-04-04 15:39 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-04 15:38 - 2018-04-04 15:38 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\MASetupCaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\MusiccityDownload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboutSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcGenral.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcSpecfc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\APHostService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidtel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppLockerCSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppManagementConfiguration.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVClientPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPublishing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserexport.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cldapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\convertvhd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyHrtfEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dusmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgeIso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EdgeManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\edputil.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FsIso.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HeadTrackerStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HologramCompositor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HolographicExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HoloShellRuntime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvhostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IcsEntitlementHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IEAdvpack.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IndexedDbLegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ISM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\iumbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iumcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iumdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IumSdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicensingWinRT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mqqm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT-KB890830.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msIso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msvcp110_win.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp_win.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotifyIcon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetDriverInstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nmwcdclsx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvd3dumx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435284.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435284.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvinitx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvoglshim64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvspbridge64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvumdshimx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvwgf2umx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneCoreCommonProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\OpenVideo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ortcengine.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\OVDecode64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCShellCommonProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenanceClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pngfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qcCoInstaller.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\qcCoInstaller.dll:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rdpbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpserverbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rmclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rtmcodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rtmmvrortc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rtmpal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rtmpltfm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\runexehelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SDFHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecurityHealthAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecurityHealthProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecurityHealthService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEMgrSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_User.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SharedPCCSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmsRouterSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Spectrum.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpectrumSyncClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StartTileData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StateRepository.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\svf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TileDataRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase_enclave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UpdateAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UsoClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vac.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vertdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wcimage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\webplatstorageserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebRuntimeManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wextract.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32appinventorycsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Payments.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryPS.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WPTaskScheduler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshhyperv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhosdeployment.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AcGenral.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AcSpecfc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppLockerCSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppVClientPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cldapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceReactivation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgeIso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EdgeManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edputil.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HoloShellRuntime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hvsicontainerservice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IEAdvpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicensingWinRT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MASetupCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msexcl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msIso.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp110_win.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp_win.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvd3dum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvinit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglshim32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvumdshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvwgf2um.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenVideo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ortcengine.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OVDecode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pngfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpserverbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rfxvmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rmclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtmcodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtmmvrortc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtmpal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtmpltfm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcomapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StateRepository.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TileDataRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webplatstorageserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wextract.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Payments.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wldp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshhyperv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdk8.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdppm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\aswHdsKe.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ataport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\beep.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cldflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dmvsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtliteusbbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dumpstorport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\farflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fs_rec.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gpuenergydrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hamachi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\HdAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hyperkbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\HyperVideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\intelppm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\irda.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\isapnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lltdio.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MbamChameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamswissarmy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mqac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msrpc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndisuio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\npfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\null.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pcw.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\processr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qcusbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qcusbser.sys:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\raspptp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpdr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RfxVmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storqosflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storufs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storvsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Synth3dVsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UcmUcsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb2ser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vdrvroot.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VMBusHID.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmgencounter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmgid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vms3cap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcnfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winnat.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\DuDuLu\14044990_10206886106580209_1609985198_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\14074525_10206886104740163_1381647410_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\9047_3930426348123_167446121_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\16194964_10208195891524014_2359814778824386547_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\17_0058453.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\20170103_125639.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\21534364_10210610089277333_1683805941_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\21584137_10210610119718094_837353094_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\21584383_10210610119878098_1791146464_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\21584528_10210610086957275_310098196_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\80498443 (1).jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\80498443.jpg:$CmdZnID [0]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Better Off Alone (UK Edit).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Brimstone(0000285301).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\D2 a odpovědi.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Denik-strojvudce.720p.HDTV.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\epsfileviewer_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\epsfileviewer_setup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\EVP00308023_201801.pdf:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\EVP00308023_201803.pdf:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\IMG_20170915_172457.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\KiesSetup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\leixo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\PocketControllerForAndroid_2.1.963.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\PocketControllerForAndroid_2.1.963.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Potvrzeni_o_provedene_platbe_01.03.2017_06-00.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\radeon-hd-6850-9999.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Scan2017-08-16T08-36-56-608_1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\STASTNIMUZI.CZ VYMENA MANZELEK 2 cz porno.wmv:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\stažený soubor,.html:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\test v8.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\Z11_se zm1 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Desktop\_MG_0478.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\10847666_10152763483829842_7483181281342308033_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\11807392_1056570457689193_4105185548233880624_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\13076923_10206278605033050_3394738648962499438_n (1).jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\13076923_10206278605033050_3394738648962499438_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\13589171_10201764551871031_1614357482_o (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\13589171_10201764551871031_1614357482_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\14570568_10207267954806176_361428415296266027_o.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\16708447_10202646515119561_5557968675000982372_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\17 - S44896_2017-SZDC-GR-O12 - Vynos 5 k D1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\19143323_1153611158117739_1398871528006942500_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\20160701_184800.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\201709.7046922.7517154395.F.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\201712.7046922.H.pdf:$CmdZnID [0]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\201801.7046922.7518030010.F.pdf:$CmdZnID [0]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\201801.7046922.7518030010.S.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\201801.7046922.H.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\20180411_125756.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24209220_1966276526721087_155066389_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24259468_1966276540054419_1256586592_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24259710_1966276563387750_802611136_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24271525_1966276500054423_1881582262_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24281573_1966276546721085_671719289_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\24323958_1966276493387757_1980046241_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\30127545_1994076133953337_2153857297862885376_o.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\31-42-17 I.pdf:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\34-42-17.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\376346_3515446333882_117391027_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\A-Monster-Calls(0000283008).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Arrival(0000282635).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Cestování-červí-dírou-s-Morganem-Freemanem-I---1---Existuje-stvořitel---dokument-(Disc.-2010)-cz.avi:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Cestování-červí-dírou-s-Morganem-Freemanem-I---2---Záhada-černých-děr---dokument-(Disc.-2010)-cz.avi:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ChromeSetup.exe:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\cj_0080_18-O18.pdf:$CmdZnID [0]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Clean Bandit - Symphony feat. Zara Larsson (Audio) (1).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Clean Bandit - Symphony feat. Zara Larsson (Audio).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ClientList.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\cm-12-20141116-UNOFFICIAL-i9082.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\cs.locale:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Detection.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Detection.exe:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\DTLiteInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\DTLiteInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Everest(0000264009).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Hacksaw-Ridge(0000282005).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\HDDScan_v31.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\hdtune_255 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\hdtune_255 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\hdtune_255.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\hdtune_255.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\IMG_20180411_125604.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\IMG_20180411_125611.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\IMG_20180411_125617.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Návod k použití CZ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Ordinace v růžové zahradě 2 (806) Musím zapomenout.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Pandemic(0000271209).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\pdf024088 (1).pdf:$CmdZnID [0]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\pdf024088.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Pověřenec pro ochranu osobních údajů - informace.pdf:$CmdZnID [32]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Příloha č.3 PVP 02_70_2018  - Výše osobního ohodnocení jednotlivých kategorií  a KZAM.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Ratatouille_cz_lukuz_filmy.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\recovery.tar.md5:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Registr_pravnich_pozadavku k 13.10.2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\San-Andreas(0000259706).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\SMUTNÁ LUCIE.p12:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\snapshot_1512323981967.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\The-Nagano-tapes_1080_CZ-titulky_midla.mkv:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Tvar-vody-The-Shape-of-Water-2017-WEB-DL.x264-cz.tit.mkv:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\V_eobecné obchodní podmínky platné od 25.5.2018.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Zadani otazek pro ZOZ leden-duben 2018.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\zadost-o-rozvod-navrh-na-rozvod-manzelstvi.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\Zajmy strojvudce20_nahled03.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ZOH-Nagano-1998-Zlatý-turnaj-století.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ZOZ_komplet (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\DuDuLu\Downloads\ZOZ_komplet.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2754859487-1066582896-1531444224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DuDuLu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-2754859487-1066582896-1531444224-1000\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FC275082-8555-44C4-91AC-D1C77B0F3E19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [{CE2D4511-DC6A-45F7-8BB0-FACDDA2D7D18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Istrolid\istrolid.exe
FirewallRules: [{F09A0C84-7FA9-4846-ABFA-8730CB3C705A}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{2BC47E03-F449-4568-9CCC-22EE9043DE5F}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{4A9B74CE-F82B-483D-8672-5FDF8A4832D2}] => (Block) C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe
FirewallRules: [{8D70D006-CEF7-49ED-8C43-F7F407C3473C}] => (Block) C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe
FirewallRules: [UDP Query User{505D41A6-8A18-4163-9E27-D023A83ED249}C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe] => (Allow) C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe
FirewallRules: [TCP Query User{04CC0838-0715-4222-8A6E-77B25A2A2902}C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe] => (Allow) C:\users\dudulu\downloads\utorrentfilms\igg-fortifyv1.0.6\igg-fortifyv1.0.6\fortify.exe
FirewallRules: [{B0B8573F-699A-4A47-AAEB-734E24789FD5}] => (Block) C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{76B853D8-9395-4D35-96FA-AA7AFC4557FE}] => (Block) C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B2A83892-79A9-4A59-BFD2-D3CE080EB816}C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A54FE565-FE0A-485A-80A6-BB5B2C3EFA54}C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dudulu\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{7E92BDA3-C590-4910-B41F-715E5C842780}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{662104D2-8BEF-4555-AE79-839751B95C1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0E294C3B-3DBD-4690-BB94-3A4870F233ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F954DDC9-22B9-4AB1-981D-A8C650F10E08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{62C9D057-6814-41DD-92E9-5AA5F56A1870}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{86CDD892-F6A9-4E25-828F-8F678632E66A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{7C1A7FDC-088A-42D8-ADE9-FD4CF707D5E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{7D80CF66-7514-44DC-8601-DB24A968DAE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6661B2DD-22FC-4591-9B93-6B62D69B8439}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4ED766F-DBD2-4C9D-84FA-DF21C862424A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0406E5F-85FD-46BA-B4CD-E63A54107DE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7226C0BD-508B-4233-B35D-82A2C75AC224}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E84A3BD1-2C72-439F-B56B-D1ED7D272A10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{37E3C28F-D5F2-4E4A-A7E3-69543559FF47}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AB5BD6F5-900B-4527-BD35-A39575F95DBC}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{1182AEC8-0092-418C-9BD7-6EC2F1912AEB}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{2C8D28EB-115C-4EC1-A035-95C60B06AA1A}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{F2A80003-DB3D-41A6-BE1B-0E6ED65F0784}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4DD40325-A442-4E58-8138-DFFCC7902E5B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6293DB4B-9C80-47CA-9F88-0E68C2A0B697}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{775524C2-D3E8-44B5-AC91-A98566877460}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [TCP Query User{A0B68A95-C66C-4D92-B553-0A760238CB98}C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe] => (Allow) C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe
FirewallRules: [UDP Query User{6D8513C5-B1C5-44CF-B944-A42C45459B00}C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe] => (Allow) C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe
FirewallRules: [{3CC09BD9-A74D-4FB0-B330-842BA04782B2}] => (Block) C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe
FirewallRules: [{076FF409-37FC-41CE-9AAF-72A568CBAF1C}] => (Block) C:\users\dudulu\downloads\utorrentfilms\simairport.v28.03.2017\simairport.v28.03.2017\simairport.exe
FirewallRules: [{A67FBFBB-4903-42CA-A1A9-A6D3A3A89FC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BD3ED114-FEC4-457B-B289-C6BFE5BBE322}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03A3824D-06A2-4233-A8B5-15E10220BFC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{971BE0EA-EC41-480C-806B-E3EE6E414AA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BBBD3E-C45A-458F-8C12-0AB9C44D43A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-03-2018 19:33:53 Naplánovaný kontrolní bod
02-04-2018 14:40:38 Naplánovaný kontrolní bod
10-04-2018 14:58:03 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2018 07:46:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.16299.15, časové razítko: 0x290d9f78
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x40c4
Čas spuštění chybující aplikace: 0x01d3d34f4776a3aa
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: ede63918-0831-4d55-8632-3d35c4801c63
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (04/13/2018 07:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.16299.15, časové razítko: 0x290d9f78
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x4148
Čas spuštění chybující aplikace: 0x01d3d34e917c211d
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: e5576f81-61c7-407e-a907-133e071d3491
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (04/13/2018 07:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.16299.15, časové razítko: 0x290d9f78
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x2c10
Čas spuštění chybující aplikace: 0x01d3d34e034cea92
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: 547a4a96-8d05-4998-8648-928acf442094
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (04/13/2018 07:36:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DllHost.exe, verze: 10.0.16299.15, časové razítko: 0x5e7a01e6
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ffddac402b8
ID chybujícího procesu: 0x2678
Čas spuštění chybující aplikace: 0x01d3d34e009f98fd
Cesta k chybující aplikaci: C:\WINDOWS\system32\DllHost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 94c69ede-101e-42ed-bc28-f7bb3a2b8777
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (04/13/2018 07:26:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.16299.15, časové razítko: 0x290d9f78
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x3b0c
Čas spuštění chybující aplikace: 0x01d3d34c8841d6f1
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: 77122618-0f05-46a3-b2c9-884d1f3f272e
Úplný název chybujícího balíčku: Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (04/13/2018 07:26:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HxTsr.exe, verze: 16.0.9126.2153, časové razítko: 0x5ac722e9
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x34c8
Čas spuštění chybující aplikace: 0x01d3d34c8818c884
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe\HxTsr.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: f6d4a38e-1781-4a20-9570-8145cda30c5a
Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/13/2018 07:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.Photos.exe, verze: 2018.18022.15810.0, časové razítko: 0x5abea41c
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x3574
Čas spuštění chybující aplikace: 0x01d3d34a6a54a45f
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: 3194ced7-39f3-455b-98ab-54a83aebe91f
Úplný název chybujícího balíčku: Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (04/13/2018 06:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.Photos.exe, verze: 2018.18022.15810.0, časové razítko: 0x5abea41c
Název chybujícího modulu: guard64.dll, verze: 8.2.0.5027, časové razítko: 0x57211bfc
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000012c6
ID chybujícího procesu: 0x7a4
Čas spuštění chybující aplikace: 0x01d3d3489ebb9a21
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Cesta k chybujícímu modulu: C:\Windows\system32\guard64.dll
ID zprávy: 9a939854-74d4-46bc-a86c-fc491fd039a5
Úplný název chybujícího balíčku: Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (04/13/2018 07:51:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (04/13/2018 07:36:57 PM) (Source: DCOM) (EventID: 10010) (User: amdsmutny)
Description: Server {7966B4D8-4FDC-4126-A10B-39A3209AD251} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2018 05:46:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2018-01-06 13:07:08.915
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {BA0245C8-F659-4940-BCE0-65F2EE72A358}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-01-06 12:55:31.265
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B431940A-521B-4A84-881F-C17078083AA7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-01-06 12:46:16.893
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B4894B18-AFEB-4703-BE38-2F34055B712B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-01-05 20:44:35.834
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5F8EB3F3-F452-4647-A813-CA02E2C3250B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-01-05 20:29:59.509
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {59289898-BE3E-4E52-9F90-E90C3E35AFFE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-01-04 09:13:31.620
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.259.1155.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.14405.2
Kód chyby: 0x800704e8
Popis chyby :Vzdálený systém není k dispozici. Informace týkající se řešení potíží se sítěmi naleznete v Nápovědě systému Windows.  

Date: 2018-01-04 09:13:31.620
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 118.2.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu: 
Předchozí verze modulu: 2.1.14202.0
Kód chyby: 0x800704e8
Popis chyby :Vzdálený systém není k dispozici. Informace týkající se řešení potíží se sítěmi naleznete v Nápovědě systému Windows.  

Date: 2017-12-27 17:58:55.027
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.259.850.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.14405.2
Kód chyby: 0x800704e8
Popis chyby :Vzdálený systém není k dispozici. Informace týkající se řešení potíží se sítěmi naleznete v Nápovědě systému Windows.  

Date: 2017-12-27 17:58:55.026
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 118.2.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu: 
Předchozí verze modulu: 2.1.14202.0
Kód chyby: 0x800704e8
Popis chyby :Vzdálený systém není k dispozici. Informace týkající se řešení potíží se sítěmi naleznete v Nápovědě systému Windows.  

Date: 2017-12-27 17:58:54.461
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.259.850.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.14405.2
Kód chyby: 0x800704e8
Popis chyby :Vzdálený systém není k dispozici. Informace týkající se řešení potíží se sítěmi naleznete v Nápovědě systému Windows.  

CodeIntegrity:
===================================

Date: 2018-04-13 19:41:36.665
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 19:26:18.112
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 19:11:09.094
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 19:01:36.241
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 18:57:33.050
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 18:47:39.882
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 18:32:38.871
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-13 18:30:17.965
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 960T Processor
Percentage of memory in use: 78%
Total physical RAM: 4094.11 MB
Available physical RAM: 885.27 MB
Total Virtual: 8190.11 MB
Available Virtual: 3959.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.58 GB) (Free:359.13 GB) NTFS
Drive d: (Cities Skylines All That Jazz) (CDROM) (Total:5.88 GB) (Free:0 GB) UDF

\\?\Volume{c5f35aba-d54e-11e3-8af7-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{7065897e-0000-0000-0000-70abe8000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
\\?\Volume{20ad32dc-ef48-11e6-aed1-5404a6102050}\ () (CDROM) (Total:1.21 GB) (Free:0 GB) CDFS
\\?\Volume{20ad3432-ef48-11e6-aed1-5404a6102050}\ () (CDROM) (Total:0 GB) (Free:0 GB) 

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================