VIRY.CZ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:10:24, on 2.2.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pc\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE13DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [OneDrive] "C:\Users\pc\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: Amazon Assistant Service - Unknown owner - C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10986 bytes

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by pc (02-02-2017 19:30:54)
Running from C:\Users\pc\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-25 17:44:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-966644435-3839093438-2598601741-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-966644435-3839093438-2598601741-503 - Limited - Disabled)
Guest (S-1-5-21-966644435-3839093438-2598601741-501 - Limited - Disabled)
pc (S-1-5-21-966644435-3839093438-2598601741-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Aktualizace NVIDIA 2.11.4.125 (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Amazon Assistant (HKLM-x32\...\{CFCB3B71-2A0F-4E91-8B8E-A9DF809DEF6A}) (Version: 10.17.0201 - Amazon) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
COMODO Firewall (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
GeekBuddy (HKLM\...\{A7A52219-FAAF-4FAA-91D9-7DEFD1BBBF81}) (Version: 4.27.170 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 52.15.25.665 - Comodo)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 5.7.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 5.7.0 - )
KMPFaster (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.3.2.860 - simplitec GmbH) <==== ATTENTION
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Ovládací panel NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Settlers 2 GOLD (HKLM-x32\...\Settlers 2 GOLD_is1) (Version: - GOG.com)
Seznam Software (HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\SeznamInstall) (Version: - Seznam.cz)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.52a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-966644435-3839093438-2598601741-1000_Classes\CLSID\{ab7632c1-97a7-4f23-aae9-dd93c30e8f0f}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B7B37F-3CF3-4B95-8AEB-A7F157A87DD3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B1671CB-4C05-4193-A347-8D3DB9678AB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {15EF94DF-C712-49AB-BC7A-7FCB2BD755AE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1BF6A307-C520-4D00-ADDC-64F6B5C44F04} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {295A637C-2FC8-41A2-B52E-FA54DEF87323} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016-03-27] (Safer-Networking Ltd.)
Task: {36211A1C-01D1-42CA-A3F5-D1E162936DEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-30] (Adobe Systems Incorporated)
Task: {372FC1A1-8ECE-4339-BA3D-E699510B5D2A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {3C3E06F6-914E-46F0-BBF5-0BE949B37694} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3C9D78C5-B375-4BA7-8BBD-047C726426F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3FBA83A2-7342-4F52-BE68-7A4D5D75164F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-03] (COMODO)
Task: {45DC0994-51C2-48AC-9A0E-115EED96CE7A} - System32\Tasks\{9F385CA0-6E51-4749-B8C0-30BC542D3CCD} => pcalua.exe -a "C:\Program Files (x86)\simplitec\KMPFaster\unins000.exe"
Task: {5218680E-0716-4F69-94F3-BCB306EB0DE4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-10-03] (COMODO)
Task: {5B03D695-0863-42AB-9CDC-85AA27B5B99C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EA1C7AC-5BE6-4C08-9B81-9FB037F3EE41} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5F7863E8-F8C2-48D9-AA6A-0939B995508B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6272C0CE-A633-4CCB-A3DB-52F8F0D88752} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65414EF7-EC22-41EE-BEA2-D01E5EF9F102} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe [2015-10-27] (simplitec GmbH) <==== ATTENTION
Task: {677AF9E9-D26F-4052-9E43-9A8D9349BB15} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {69FC1577-81B9-402F-8819-519BD671B484} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.)
Task: {6A82FA7C-49E8-406E-8F14-C1BBA8E566DB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6B45CAA6-EAC6-429F-9371-C4DD45A939D5} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe [2015-10-27] (simplitec GmbH) <==== ATTENTION
Task: {6F8CA44C-BBCA-4B42-A81B-2D5CEB4BEB4C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {75C79FDA-892D-478D-8564-FA5AFC58DC76} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {791EE5B8-29CB-40C8-9154-210EB5E1CD9E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7D72A1B9-850E-49F3-B502-2680DE2B333B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8285AE83-6845-45D6-9085-9E570DF6DF10} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B6992F-E3F2-412D-B092-0D8297B46668} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {920C3D30-EAAE-4F93-AC90-14D2BAB31422} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-27] (Safer-Networking Ltd.)
Task: {930FEFF2-0F82-4ADC-A0F3-A71E6AE18021} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-27] (Safer-Networking Ltd.)
Task: {99B6210E-8B6C-4722-9952-91185C4E7F6A} - System32\Tasks\SafeZone scheduled Autoupdate 1465659212 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {9A5C7F1D-ACB3-4B22-8646-1333251C2F84} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {9CFB3D26-834D-4C6D-8DB2-FB80961D3345} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A09FECCF-85EC-413D-A4D5-B79BBE96E4AF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A3ECD2AB-F03A-4874-91BA-25CC81FE3875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA7C34CD-252C-4442-9CF3-F9FC041983D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB08BD63-350F-43D2-BE86-5692961646F0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ABA77167-193B-49AA-AE5F-D75AEA71FD38} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-09] (AVAST Software)
Task: {ACAC91E0-13BA-46E2-B9BD-1AE519F9DC08} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AD4EE107-0F45-4507-97EA-D4EBF6DE3DB6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AD6CC34F-0A7A-4963-B113-73ED1BF44412} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AE4478A8-352E-4817-A83E-1682EB3D7178} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B1DB64D0-67F5-4A52-88E2-540ADE32FB3B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BCE82FC9-DF13-44E3-A2B6-B2E691BE14AF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C31CE13E-0032-4BFF-8439-1ECB15BDA298} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.)
Task: {C388526C-8971-429E-947A-619EE36CBA6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C5AB4C9D-DD38-4907-8958-B34CC25A45AC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5E47653-91A8-4F49-8B7F-691ECF117123} - System32\Tasks\{09F8AA72-AB17-4241-898E-9C57F04A5AB0} => pcalua.exe -a "C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH5G8AQ7\JavaSetup8u73.exe" -d C:\Users\pc\Desktop
Task: {D2558BBE-D684-4B6E-8FE1-89215ABADE2C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7850638-422D-41FE-846E-6DC80A116563} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-03] (COMODO)
Task: {DC4386D9-69C4-4017-8119-9028F1CD1074} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DC800567-7CDC-4C43-9B24-FCD0E75E44EB} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-10-03] (COMODO)
Task: {E0C8A5BB-E1C5-4CB7-9531-096AD5C18B58} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E2E35C9B-2D31-491F-8C6F-6CC9EA68446E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F78DD694-8E91-496E-B194-0E2C335AA58E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\simplitec Power Suite (Tray).job => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 13:44 - 2016-12-14 13:44 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 18:18 - 2016-11-14 12:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-01 12:41 - 2017-02-02 17:52 - 00100528 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2016-12-17 13:33 - 2016-11-14 13:30 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-02 18:09 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\pc\AppData\Roaming\Seznam.cz\bin\28888libfoxloader-x64.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 13:44 - 2016-12-14 13:44 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-25 19:10 - 2016-09-25 19:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 13:31 - 2017-01-23 13:31 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 13:31 - 2017-01-23 13:31 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 13:31 - 2017-01-23 13:31 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:34 - 2016-12-14 13:36 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-04-02 18:09 - 2016-04-02 18:09 - 00457384 _____ () C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-04-02 18:09 - 2016-04-02 18:09 - 00073896 _____ () C:\Users\pc\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-12-16 11:38 - 2016-12-16 11:38 - 00123384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-09-09 09:48 - 2016-09-09 09:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-02 13:28 - 2017-02-02 13:28 - 04377600 _____ () C:\Program Files\AVAST Software\Avast\defs\17020200\algo.dll
2016-09-09 09:48 - 2016-09-09 09:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-27 22:43 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-27 22:43 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-27 22:43 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-27 22:43 - 2016-03-27 22:43 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-27 22:43 - 2016-03-27 22:43 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-12-17 13:33 - 2016-11-14 13:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-02 18:09 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\pc\AppData\Roaming\Seznam.cz\bin\28881libfoxloader.dll
2016-04-02 18:09 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\pc\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-06-30 11:20 - 2016-06-30 11:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-15 12:22 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 12:22 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ERUNT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngkeyhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mousecpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mqcmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434174.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434174.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434201.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TiltWheelMouse.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DLLDEV32i.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mqmigplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\t_mouse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Desktop\07-Peter-Pan-outfit-for-a-small-boy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12718220_10154026807412295_4668597059644010896_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12744723_10153930762643826_3563546126070622926_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12792167_10153962789848826_2366565679636654792_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1383778154_paris-hilton-zoom.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\15078951_10206314924946790_8343942202136672747_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\16594.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1973760_821086021236970_380260415863764005_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\200830.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\4284564-a-small-boy-with-a-balloon-in-the-garden.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\686-15058D0-2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\aid960846-728px-Care-for-a-Pig-With-Pneumonia-Step-1-Version-3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\anarchist_guy_by_xeramon-d4rqepn.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\art-godmachine-illustrations-rtf-12.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\BACK COVER CD.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brooklyn_Museum_-_What_Our_Lord_Saw_from_the_Cross_(Ce_que_voyait_Notre-Seigneur_sur_la_Croix)_-_James_Tissot.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brussels Riots 1.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\c74a4c42ea7294271ffaff1be0bef7a3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\ca1eb4985aa384220c65df5b023bd192.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\clothing-plastic-body-model-fashion-shenzhen-convention-exhibition-center-fifteenth-china-shenzhen-international-brand-56468374.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\COVER-speedwolf.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Cover.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Daemon_Primarch_Angron.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Dark-Legion.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\destroyer666wildfire 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Draenor_loading_screen.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Hour-of-Penance-Regicide.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\i-115.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\impericon.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Machine-Head-2014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (5).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pain train 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Peacock_Plumage.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pirate-flag-wwi-lc.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\serbian-national-flag-unit-march-16018893.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\speedwolf-ride-with-death.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\The-Black-Dahlia-Murder-2015-by-Jonathan-Pushnik.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Unleash-the-Archers-Time-Stands-Still-02.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wh40k_1429b3_5618330.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wow.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\10-Years---Feeding-The-Wolves-(Deluxe-Edition).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\10.years.feeding.the.wolv.ace:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2010 - Head Movies.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2012 - DOES.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013 - The Wall Eater.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013---A-Storm-of-Light---Nations-to-Flames.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\20160927_potvrzeni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2016_no_care.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe.q3mp5he.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-STORM-OF-LIGHT---2008---And-We-Wept-The-Black-Ocean-Within-[neurot].rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light---Latitudes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light-–-As-The-Valley-Of-Death-Becomes-Us,-Our-Silver-Memories-Fade-(2011).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Bro.2012.DVDRip.XviD.PTpOWeR.1012664.seventorrents.com.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Chelsea-Grin-Ashes-To-Ashes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DBM-Core-7.1.12.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (2).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Dkpttr - W wll Dstry... Y Wll Oby!!.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.1d6c8b61f291007e5f31e24e71da8c76.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.384515caa09c371502c081a171a1a231.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DT pravidla.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\goatreich-fleshcult-4ffe6e1c7930b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HeroesWoWClient.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Hvězdná-brána---1994---sci-fi,-akční,-dobrodružný.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdZnID [0]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\lotrolive.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Mumie-Hrob-Draciho-cisare-(2008)-dobrodr.,B.Fraser,J.Li,M.Yeoh,CZ-dab,DTVMir,107'.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Nekromantheon---Rise,-Vulcan-Spectre-2012-od-robhalford.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\OneBank3-v3.7.6.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Recount-v7.1.5a release.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Robot-Jox---by-MissHell.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Rock 10 Years Feeding The Wolv Downloader.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Smernice_c._4_2012_I_-_O_ochrane_osobnich_udaju.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\teamspeak3-server_win32-3.0.12.4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\The-tunnel-(2011).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Thy-Art-Is-Murder---Holy-War-(2015)-320.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Tropicka-boure-(2008)-Cz-(78PT).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\udrzbasite_p5.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Warcraft (2016) [3D] [YTS.AG].torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Wilsonov-2015-CZfilm.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Zasady_spolecenskeho_chovani_-_prez.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]conspiracy.encounters.2016.hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]daddys.home.2015.brrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.1080p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.new.hdts.xvid.ac3.cpg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]gods.of.egypt.2016.720p.hdts.999mb.shaanig.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]hail.caesar.2016.hc.hdrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]london.has.fallen.2016.720p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]mark.of.the.witch.2014hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]metro.2033.redux.update.5.2014.pc.repack.от.xatab.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]point.break.2015.brrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]star.wars.episode.vii.the.force.awakens.2015.1080p.bluray.x264.dts.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e17.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e18.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]zootopia.2016.1080p.hdrip.x264.ac3.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] All Out War - Dying Gods.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] Bleeding Red - Evolution s Crown.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] nobody one - no care.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Černí-baroni-1992,-CZ.mkv:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis.. (1).odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis...odt:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-966644435-3839093438-2598601741-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\Desktop\Machine-Head-2014.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{C54127C6-398D-40BA-A9BC-09A4F5BC6131}C:\users\pc\desktop\teamspeak3-server_win32\ts3server.exe] => C:\users\pc\desktop\teamspeak3-server_win32\ts3server.exe
FirewallRules: [TCP Query User{90C28C0F-4BC3-46F8-AE60-D8387B7172D4}C:\users\pc\desktop\teamspeak3-server_win32\ts3server.exe] => C:\users\pc\desktop\teamspeak3-server_win32\ts3server.exe
FirewallRules: [UDP Query User{839CFF2B-A62B-4095-82C0-8A675EBF4125}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{CA368D64-6F13-473B-BFB4-41AAD3A75B55}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [{3D4D1E76-CC2B-4919-A7C9-E2BE009C2673}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{74EE254B-038E-4C23-B41D-DB724DB4A240}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0186A4A3-768D-4F4A-BDD6-CC326104C352}] => C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{0F2A61DE-FABD-4930-8D7D-BF486A9B773D}] => C:\Games\World_of_Warplanes\worldofwarplanes.exe
FirewallRules: [{FB26A8E1-3594-48AF-B25D-6902D42FFB7E}] => C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [{EA2FB88F-3236-4FAC-BA1E-D46505DB44A3}] => C:\Games\World_of_Warplanes\WoWPLauncher.exe
FirewallRules: [UDP Query User{B3DCCD95-9FB3-4DD9-947E-6F191023EAF9}E:\program files\diablo iii\diablo iii.exe] => E:\program files\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{90CE67E0-D13C-4BFC-9335-58F1043EC485}E:\program files\diablo iii\diablo iii.exe] => E:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{F57C2F67-E51C-4C60-9FBA-034ED2AA93A2}E:\program files\hearthstone\hearthstone.exe] => E:\program files\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{5E88867D-0D5B-4B51-B22A-C642EAED6EEC}E:\program files\hearthstone\hearthstone.exe] => E:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F922C576-699D-4FCF-A1DB-B3A65B89FC04}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [TCP Query User{D35F7213-3031-4E15-ACAD-10B4D3A651BC}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{268D23BE-710F-4B0D-A83C-F073BAFA756D}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BBB26056-EB6A-48C4-AB2B-A70C140407F1}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EA1A8468-40AF-44C9-A1C5-B1A700F24D8D}] => C:\Users\pc\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{85F60E99-B441-4920-9A53-9BA2F1AAC052}] => C:\Users\pc\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{01DC0801-908D-4D54-8F15-E055F6B3A4BF}] => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CC3C611D-D5DC-4B5C-8B49-4CEEB82B2445}] => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{42D66461-9B9B-4C98-8728-C6F23DCE2961}] => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{2F0927D0-1813-4FC8-B97D-E8433A33BFE6}] => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{27B74444-364A-466A-BA61-6A73528B64AD}] => C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe
FirewallRules: [{12B6FC74-F6BB-4AF0-853C-29797090B4FE}] => C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe
FirewallRules: [{23BF2181-BEA8-4BC0-86F4-2A9FD126BC17}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{C3EE9799-CFAF-49B2-A6E4-7ABE6C196931}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{BAAF38F1-605C-42B7-BB18-FA2695438326}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{B2895B42-C219-4101-8190-9178A2EBED5A}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{2F228F81-7743-4898-A2D4-A09B1DD1CE57}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{F5B9E490-897A-4C19-A07C-521FB7DCEEA5}] => C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
FirewallRules: [{6C1F00CB-AA58-4008-9F81-65A9BEE3AE8D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07544FDE-646E-4F90-BC26-069E8F6030F9}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2317DF89-D787-4B7A-9039-FC14D3C39687}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B61ADCE2-2C81-4FF8-A53E-8A4286AE1EFF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{86A2BA8F-D921-405E-A8B1-248E5A99D164}] => C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{7E80EBC7-7C62-4B22-966E-72C6747A7F28}] => C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E95CB353-B552-44D9-8542-63E47810BA7D}] => C:\Program Files (x86)\Steam\steamapps\common\Everquest F2P\LaunchPad.exe
FirewallRules: [{5AAC091B-00AC-4431-B951-3361EA304B32}] => C:\Program Files (x86)\Steam\steamapps\common\Everquest F2P\LaunchPad.exe
FirewallRules: [{80308A0F-408C-4947-8897-B973555A7CE4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{433328EA-881F-43E7-B07E-4462592AEB3E}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C250B13-17C8-4DEC-9B69-42C403F89CCC}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{A27DE418-EE74-49CD-8884-54476D901312}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [TCP Query User{4AEED827-895B-49CA-86BA-769F24BEE149}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3DCDAE40-A503-4C4F-8231-B3CFF86405D2}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{142D0F97-D817-4A30-A83C-AA115DDF9C4F}] => C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{7C2A1FF3-E3DC-4EAB-83A5-0562C64EC000}] => C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{75A74C12-3CE3-4DA0-877D-C93BA9A8A9CD}] => C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{DE1B3EBA-C8D7-4F15-9FFE-4EBF3B8395FE}] => C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{E79FB25D-700A-4BA3-A5FB-F66ED65EE461}] => C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{C226FB1D-9E89-4AF8-BF4A-B3BF4EC7E24E}] => C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [TCP Query User{0563757D-52A8-4357-BD3A-7A2AE277E04A}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F49276AD-F7BE-4BB7-B0C4-3DCD4C1158DF}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D0362CC3-A2AC-4BDE-BCEE-9BA9780DA12B}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe
FirewallRules: [UDP Query User{C324B407-B3F2-4099-BF1B-1EC02117D35E}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe] => C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe
FirewallRules: [TCP Query User{7C3EF8DE-92F0-4CE6-A246-40B2FEDE28F9}C:\users\pc\appdata\local\akamai\netsession_win.exe] => C:\users\pc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9E0F4BB9-11BE-4F4E-A9E8-48E4FC337FAC}C:\users\pc\appdata\local\akamai\netsession_win.exe] => C:\users\pc\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{5EB31DD4-193E-44B5-9068-67C66B2E141D}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{B54F6D0C-1E9A-4DF5-AFA3-F92FBAD3F422}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [{757DC6CE-A8A9-49A3-8E87-75D697296FBF}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{22566FC8-5F08-4715-921D-B4302B49B965}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CD061761-0BE4-4146-8AA1-45CE285F05A1}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3A713225-C82A-42B1-8C9A-79991FB7C716}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AA95B3A5-560C-4526-AA4F-26E7B86CD470}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ECAAB6C6-F4EC-4C6B-BD13-3168B2E5DFDE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5CF8EB87-68AD-4CB3-804C-EDE6D8EFCC32}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B52DB0CE-1C1B-4A43-BA5C-8160AE94651F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

15-12-2016 19:04:21 Windows Update
30-12-2016 22:30:26 Naplánovaný kontrolní bod
07-01-2017 21:38:41 Naplánovaný kontrolní bod
13-01-2017 14:41:03 Windows Update
29-01-2017 22:05:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2017 06:01:15 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů rdyboost. První čtyři bajty (DWORD) datové sekce obsahují kód chyby systému Windows.

Error: (02/02/2017 06:01:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (02/02/2017 04:28:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-PC)
Description: Aplikaci Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144980991. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/02/2017 04:22:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-PC)
Description: Aplikaci Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144980991. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/02/2017 04:22:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-PC)
Description: Aplikaci Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144980991. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/02/2017 01:28:12 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/02/2017 01:28:12 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/02/2017 01:28:12 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/02/2017 01:28:12 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)

Error: (02/02/2017 01:28:12 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
(HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (02/02/2017 06:26:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/02/2017 06:26:30 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a60\??\C:\Users\pc\AppData\Local\Microsoft\Windows\UsrClass.dat

Error: (02/02/2017 06:25:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (02/02/2017 05:50:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/02/2017 05:50:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (02/02/2017 04:31:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/02/2017 04:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (02/02/2017 01:29:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/02/2017 06:24:32 AM) (Source: DCOM) (EventID: 10010) (User: PC-PC)
Description: Server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/02/2017 06:24:32 AM) (Source: DCOM) (EventID: 10010) (User: PC-PC)
Description: Server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===================================
Date: 2017-02-02 19:19:20.081
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:20.039
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:19.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:19.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:19.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:19.836
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:16.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:19:14.422
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:15:44.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-02-02 19:15:43.980
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 4095.04 MB
Available physical RAM: 2044.84 MB
Total Virtual: 8191.04 MB
Available Virtual: 5028.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:507.85 GB) NTFS
Drive e: () (Fixed) (Total:146.48 GB) (Free:51.83 GB) NTFS
Drive f: () (Fixed) (Total:151.61 GB) (Free:58.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 44C144C0)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6DA6E4C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

To je jenom Additional. Potřebuji ještě FRST. Najdete ho v C:\Users\pc\Downloads .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by pc (administrator) on PC-PC (02-02-2017 19:29:42)
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(simplitec GmbH) C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\pc\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\pc\Downloads\HijackThis (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\WINDOWS\RAVCpl64.exe [6296064 2008-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-12-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2473472 2016-03-17] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2016-03-27] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2016-04-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-01] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2016-03-27] (Safer-Networking Ltd.)
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\pc\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2016-04-02] ()
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\pc\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2016-04-02] ()
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {5d9bf4e4-180c-11e5-a15c-00221588abab} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {c5dd89a7-0c47-11e6-a502-00221588abab} - "G:\autorun.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3e53-b8d8-11e6-b9e9-00221588abab} - "G:\SETUP.EXE"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3ee2-b8d8-11e6-b9e9-00221588abab} - "G:\autorun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2016-03-17]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-08] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{1ef7e8b7-6bbf-4506-b8a8-9856008fc112}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {0A23EC87-F443-4009-B3BF-957ED779889B} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {1DB0C6F9-858B-403F-8BB2-DF6F91F6D17C} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {4EBDCDF3-6174-4BBB-BCAF-7F1FC3E8C63E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {51D2B5B9-181B-428A-83DC-718E73E8918D} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {82BC7E1B-51BD-42F2-A720-D75320A8A1E7} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {9B01FABD-0897-4E30-A279-522CA9D2C112} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {A3647080-D208-4487-9843-D8517E35395F} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {A6310884-94FE-436E-8E40-DDFBF620CE4F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> {AF610616-F1EA-4DDC-A3BB-B38A190C21C5} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-10-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (Prezentace Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-18]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18]
CHR Extension: (Disk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (Seznam Lištička - Email) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-01-30]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-01-30]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Tabulky Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-01-30]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [460472 2017-02-01] (Amazon Inc.)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [100528 2017-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-10] (BitRaider, LLC)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2273424 2016-10-05] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76984 2016-03-17] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-03] (COMODO)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2473472 2016-03-17] (Comodo Security Solutions, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-12-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2016-11-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-12-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-12-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-12-17] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2016-03-27] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2016-03-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2016-03-27] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-24] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [37976 2014-12-25] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [54336 2016-09-08] (COMODO)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-27] (Disc Soft Ltd)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2015-08-31] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 19:29 - 2017-02-02 19:30 - 00021048 _____ C:\Users\pc\Downloads\FRST.txt
2017-02-02 19:28 - 2017-02-02 19:29 - 00000000 ____D C:\FRST
2017-02-02 19:28 - 2017-02-02 19:28 - 02420736 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2017-02-02 18:09 - 2017-02-02 18:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\pc\Downloads\HijackThis (1).exe
2017-02-02 17:59 - 2017-02-02 17:59 - 00003248 _____ C:\WINDOWS\System32\Tasks\{9F385CA0-6E51-4749-B8C0-30BC542D3CCD}
2017-02-02 14:21 - 2017-02-02 14:21 - 00188020 _____ C:\Users\pc\Downloads\OneBank3-v3.7.6.zip
2017-02-02 14:19 - 2017-02-02 14:19 - 04175557 _____ C:\Users\pc\Downloads\DBM-Core-7.1.12.zip
2017-02-02 14:19 - 2017-02-02 14:19 - 00000000 ____D C:\Users\pc\Desktop\Recount
2017-02-02 14:18 - 2017-02-02 14:19 - 00391366 _____ C:\Users\pc\Downloads\Recount-v7.1.5a release.zip
2017-02-01 15:50 - 2017-02-01 15:50 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-01 15:50 - 2017-02-01 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-01 15:49 - 2017-02-01 15:49 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-01 15:48 - 2017-02-02 17:52 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-02-01 15:48 - 2017-02-01 23:59 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Settings
2017-02-01 15:48 - 2017-02-01 15:48 - 00739392 _____ (Oracle Corporation) C:\Users\pc\Downloads\JavaSetup8u121.exe
2017-01-27 17:46 - 2017-01-27 17:46 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-27 17:45 - 2017-01-27 17:57 - 00000000 ____D C:\Users\pc\AppData\Roaming\discord
2017-01-27 17:44 - 2017-02-02 17:53 - 00000000 ____D C:\Users\pc\AppData\Local\Discord
2017-01-27 17:44 - 2017-01-27 17:46 - 00000000 ____D C:\Users\pc\AppData\Local\SquirrelTemp
2017-01-27 17:40 - 2017-01-27 17:44 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\pc\Downloads\DiscordSetup.exe
2017-01-26 21:15 - 2017-01-26 20:49 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 21:15 - 2017-01-26 20:49 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-18 13:44 - 2017-01-18 13:44 - 00262144 ____N C:\WINDOWS\Minidump\011817-33921-01.dmp
2017-01-10 22:03 - 2017-01-10 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 22:03 - 2017-01-10 21:41 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 22:03 - 2017-01-10 21:40 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 22:03 - 2017-01-10 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 22:03 - 2017-01-10 21:40 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 22:02 - 2017-01-10 21:43 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 22:02 - 2017-01-10 21:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 22:02 - 2017-01-10 21:43 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 22:02 - 2017-01-10 21:43 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 22:02 - 2017-01-10 21:43 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 22:02 - 2017-01-10 21:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 22:02 - 2017-01-10 21:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 22:02 - 2017-01-10 21:41 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 22:02 - 2017-01-10 21:41 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 22:02 - 2017-01-10 21:41 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 22:02 - 2017-01-10 21:41 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 22:02 - 2017-01-10 21:41 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 22:02 - 2017-01-10 21:41 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 22:02 - 2017-01-10 21:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 22:02 - 2017-01-10 21:39 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 22:02 - 2017-01-10 21:39 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 22:02 - 2017-01-10 21:39 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 22:02 - 2017-01-10 21:39 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 22:02 - 2017-01-10 21:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:55 - 2017-01-10 21:41 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:54 - 2017-01-10 21:43 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:54 - 2017-01-10 21:42 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:54 - 2017-01-10 21:42 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:54 - 2017-01-10 21:41 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:54 - 2017-01-10 21:41 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:54 - 2017-01-10 21:40 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:54 - 2017-01-10 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:54 - 2017-01-10 21:40 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:54 - 2017-01-10 21:40 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:54 - 2017-01-10 21:40 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:54 - 2017-01-10 21:40 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:53 - 2017-01-10 21:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:53 - 2017-01-10 21:43 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:53 - 2017-01-10 21:43 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:53 - 2017-01-10 21:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:53 - 2017-01-10 21:43 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:53 - 2017-01-10 21:42 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:53 - 2017-01-10 21:42 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:53 - 2017-01-10 21:42 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:53 - 2017-01-10 21:42 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:53 - 2017-01-10 21:42 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:53 - 2017-01-10 21:41 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:53 - 2017-01-10 21:41 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:53 - 2017-01-10 21:41 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:53 - 2017-01-10 21:41 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:53 - 2017-01-10 21:41 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:53 - 2017-01-10 21:40 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:53 - 2017-01-10 21:40 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:53 - 2017-01-10 21:40 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:53 - 2017-01-10 21:40 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:53 - 2017-01-10 21:40 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:53 - 2017-01-10 21:40 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 21:53 - 2017-01-10 21:40 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:53 - 2017-01-10 21:39 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:52 - 2017-01-10 21:43 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:52 - 2017-01-10 21:43 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:52 - 2017-01-10 21:43 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:52 - 2017-01-10 21:43 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:52 - 2017-01-10 21:43 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:52 - 2017-01-10 21:42 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:52 - 2017-01-10 21:42 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:52 - 2017-01-10 21:42 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:52 - 2017-01-10 21:42 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:52 - 2017-01-10 21:41 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:52 - 2017-01-10 21:40 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:52 - 2017-01-10 21:39 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:51 - 2017-01-10 21:40 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:51 - 2017-01-10 21:40 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:51 - 2017-01-10 21:40 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:51 - 2017-01-10 21:40 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-09 22:12 - 2017-01-09 22:12 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 19:25 - 2016-09-25 18:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-02 18:32 - 2016-04-02 18:09 - 00000000 ____D C:\Users\pc\AppData\Roaming\Seznam.cz
2017-02-02 18:27 - 2016-09-25 19:48 - 00000000 ____D C:\Users\pc\AppData\Local\Deployment
2017-02-02 18:25 - 2016-09-25 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-02 18:25 - 2016-09-25 18:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-02 18:25 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-02 18:24 - 2016-09-25 18:22 - 00000000 ____D C:\Users\pc
2017-02-02 18:10 - 2015-06-16 12:57 - 00000000 ____D C:\Users\pc\AppData\Local\VirtualStore
2017-02-02 18:02 - 2015-10-27 13:59 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-02 18:01 - 2016-12-02 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2017-02-02 18:01 - 2016-12-02 23:48 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2017-02-02 18:01 - 2016-11-20 12:58 - 00000000 ____D C:\ProgramData\HappyCloud
2017-02-02 17:58 - 2016-06-01 21:36 - 00000000 ____D C:\Games
2017-02-02 17:53 - 2016-12-02 23:47 - 00000000 ____D C:\Program Files (x86)\Diablo
2017-02-02 17:48 - 2015-06-18 10:09 - 00000000 ____D C:\Users\pc\AppData\Local\Battle.net
2017-02-02 16:48 - 2015-06-18 10:09 - 00000000 ____D C:\Users\pc\AppData\Roaming\Battle.net
2017-02-02 16:37 - 2015-06-18 10:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-02 13:32 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-02 13:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-02 13:31 - 2016-12-17 12:45 - 00004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B5E44A3-9DAC-428C-8E69-54CDA5BBDB8B}
2017-02-02 00:02 - 2016-07-24 17:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-02 00:02 - 2016-01-28 16:16 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-01 15:51 - 2016-02-28 10:57 - 00000000 ____D C:\ProgramData\Oracle
2017-02-01 12:54 - 2015-09-17 14:14 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2017-01-31 04:04 - 2015-06-21 23:21 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-01-29 22:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-27 13:53 - 2016-09-25 18:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-25 13:41 - 2016-09-25 18:41 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-19 13:12 - 2016-12-13 13:20 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 13:12 - 2016-05-22 20:22 - 00002378 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-19 13:12 - 2016-05-22 20:22 - 00000000 ___RD C:\Users\pc\OneDrive
2017-01-18 13:44 - 2016-10-25 10:50 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-16 03:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-15 06:06 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-15 06:06 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-14 12:29 - 2016-05-22 20:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-14 12:24 - 2016-09-25 18:16 - 00269776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-14 04:37 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-14 04:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-14 04:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-14 04:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-14 04:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-13 15:12 - 2015-06-16 14:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 15:02 - 2015-06-16 14:47 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 22:12 - 2016-09-25 18:22 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-09 20:56 - 2016-12-24 22:41 - 00000000 ____D C:\Users\pc\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2015-06-18 15:25 - 2016-05-18 20:35 - 0052224 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2016-11-06 22:15 - 2016-11-06 22:15 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp\5rot4sbh.dll
2017-01-10 12:29 - 2017-01-10 12:29 - 0036864 _____ () C:\Users\pc\AppData\Local\Temp\918xdlpr.dll
2016-10-28 23:02 - 2016-10-28 23:02 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp\d-wwuo1j.dll
2016-11-04 14:26 - 2016-11-04 14:26 - 0046592 _____ (Sony DADC Austria AG) C:\Users\pc\AppData\Local\Temp\drm_dialogs.dll
2016-11-20 14:27 - 2016-11-20 14:27 - 0716696 _____ (Happy Cloud, Inc.) C:\Users\pc\AppData\Local\Temp\hcuninstaller_20161120_142748_616.exe
2017-02-01 15:44 - 2017-02-01 15:44 - 0739904 _____ (Oracle Corporation) C:\Users\pc\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-26 23:15 - 2016-10-26 23:15 - 0006656 _____ () C:\Users\pc\AppData\Local\Temp\vfyabyen.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-02 19:03

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-01] (Oracle Corporation)
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {5d9bf4e4-180c-11e5-a15c-00221588abab} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {c5dd89a7-0c47-11e6-a502-00221588abab} - "G:\autorun.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3e53-b8d8-11e6-b9e9-00221588abab} - "G:\SETUP.EXE"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3ee2-b8d8-11e6-b9e9-00221588abab} - "G:\autorun.exe"
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
U3 idsvc; no ImagePath
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\pc\AppData\Local\Temp
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DLLDEV32i.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mqmigplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\t_mouse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Desktop\07-Peter-Pan-outfit-for-a-small-boy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12718220_10154026807412295_4668597059644010896_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12744723_10153930762643826_3563546126070622926_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12792167_10153962789848826_2366565679636654792_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1383778154_paris-hilton-zoom.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\15078951_10206314924946790_8343942202136672747_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\16594.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1973760_821086021236970_380260415863764005_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\200830.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\4284564-a-small-boy-with-a-balloon-in-the-garden.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\686-15058D0-2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\aid960846-728px-Care-for-a-Pig-With-Pneumonia-Step-1-Version-3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\anarchist_guy_by_xeramon-d4rqepn.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\art-godmachine-illustrations-rtf-12.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\BACK COVER CD.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brooklyn_Museum_-_What_Our_Lord_Saw_from_the_Cross_(Ce_que_voyait_Notre-Seigneur_sur_la_Croix)_-_James_Tissot.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brussels Riots 1.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\c74a4c42ea7294271ffaff1be0bef7a3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\ca1eb4985aa384220c65df5b023bd192.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\clothing-plastic-body-model-fashion-shenzhen-convention-exhibition-center-fifteenth-china-shenzhen-international-brand-56468374.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\COVER-speedwolf.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Cover.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Daemon_Primarch_Angron.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Dark-Legion.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\destroyer666wildfire 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Draenor_loading_screen.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Hour-of-Penance-Regicide.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\i-115.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\impericon.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Machine-Head-2014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (5).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pain train 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Peacock_Plumage.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pirate-flag-wwi-lc.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\serbian-national-flag-unit-march-16018893.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\speedwolf-ride-with-death.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\The-Black-Dahlia-Murder-2015-by-Jonathan-Pushnik.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Unleash-the-Archers-Time-Stands-Still-02.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wh40k_1429b3_5618330.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wow.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\10-Years---Feeding-The-Wolves-(Deluxe-Edition).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\10.years.feeding.the.wolv.ace:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2010 - Head Movies.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2012 - DOES.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013 - The Wall Eater.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013---A-Storm-of-Light---Nations-to-Flames.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\20160927_potvrzeni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2016_no_care.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe.q3mp5he.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-STORM-OF-LIGHT---2008---And-We-Wept-The-Black-Ocean-Within-[neurot].rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light---Latitudes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light-–-As-The-Valley-Of-Death-Becomes-Us,-Our-Silver-Memories-Fade-(2011).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Bro.2012.DVDRip.XviD.PTpOWeR.1012664.seventorrents.com.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Chelsea-Grin-Ashes-To-Ashes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DBM-Core-7.1.12.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (2).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Dkpttr - W wll Dstry... Y Wll Oby!!.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.1d6c8b61f291007e5f31e24e71da8c76.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.384515caa09c371502c081a171a1a231.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DT pravidla.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\goatreich-fleshcult-4ffe6e1c7930b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HeroesWoWClient.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Hvězdná-brána---1994---sci-fi,-akční,-dobrodružný.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdZnID [0]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\lotrolive.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Mumie-Hrob-Draciho-cisare-(2008)-dobrodr.,B.Fraser,J.Li,M.Yeoh,CZ-dab,DTVMir,107'.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Nekromantheon---Rise,-Vulcan-Spectre-2012-od-robhalford.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\OneBank3-v3.7.6.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Recount-v7.1.5a release.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Robot-Jox---by-MissHell.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Rock 10 Years Feeding The Wolv Downloader.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Smernice_c._4_2012_I_-_O_ochrane_osobnich_udaju.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\teamspeak3-server_win32-3.0.12.4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\The-tunnel-(2011).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Thy-Art-Is-Murder---Holy-War-(2015)-320.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Tropicka-boure-(2008)-Cz-(78PT).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\udrzbasite_p5.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Warcraft (2016) [3D] [YTS.AG].torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Wilsonov-2015-CZfilm.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Zasady_spolecenskeho_chovani_-_prez.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]conspiracy.encounters.2016.hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]daddys.home.2015.brrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.1080p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.new.hdts.xvid.ac3.cpg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]gods.of.egypt.2016.720p.hdts.999mb.shaanig.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]hail.caesar.2016.hc.hdrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]london.has.fallen.2016.720p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]mark.of.the.witch.2014hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]metro.2033.redux.update.5.2014.pc.repack.от.xatab.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]point.break.2015.brrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]star.wars.episode.vii.the.force.awakens.2015.1080p.bluray.x264.dts.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e17.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e18.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]zootopia.2016.1080p.hdrip.x264.ac3.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] All Out War - Dying Gods.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] Bleeding Red - Evolution s Crown.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] nobody one - no care.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Černí-baroni-1992,-CZ.mkv:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis.. (1).odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis...odt:$CmdZnID [26]

EmptyTemp:
End

Uložte do C:\Users\pc\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by pc (02-02-2017 20:40:11) Run:1
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-01] (Oracle Corporation)
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {5d9bf4e4-180c-11e5-a15c-00221588abab} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {c5dd89a7-0c47-11e6-a502-00221588abab} - "G:\autorun.exe"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3e53-b8d8-11e6-b9e9-00221588abab} - "G:\SETUP.EXE"
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\...\MountPoints2: {fd4a3ee2-b8d8-11e6-b9e9-00221588abab} - "G:\autorun.exe"
SearchScopes: HKU\S-1-5-21-966644435-3839093438-2598601741-1000 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
U3 idsvc; no ImagePath
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\pc\AppData\Local\Temp
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DLLDEV32i.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mqmigplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\t_mouse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Desktop\07-Peter-Pan-outfit-for-a-small-boy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12718220_10154026807412295_4668597059644010896_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12744723_10153930762643826_3563546126070622926_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\12792167_10153962789848826_2366565679636654792_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1383778154_paris-hilton-zoom.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\15078951_10206314924946790_8343942202136672747_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\16594.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\1973760_821086021236970_380260415863764005_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\200830.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\4284564-a-small-boy-with-a-balloon-in-the-garden.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\686-15058D0-2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\aid960846-728px-Care-for-a-Pig-With-Pneumonia-Step-1-Version-3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\anarchist_guy_by_xeramon-d4rqepn.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\art-godmachine-illustrations-rtf-12.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\BACK COVER CD.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brooklyn_Museum_-_What_Our_Lord_Saw_from_the_Cross_(Ce_que_voyait_Notre-Seigneur_sur_la_Croix)_-_James_Tissot.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Brussels Riots 1.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\c74a4c42ea7294271ffaff1be0bef7a3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\ca1eb4985aa384220c65df5b023bd192.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\clothing-plastic-body-model-fashion-shenzhen-convention-exhibition-center-fifteenth-china-shenzhen-international-brand-56468374.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\COVER-speedwolf.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Cover.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Daemon_Primarch_Angron.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Dark-Legion.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\destroyer666wildfire 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Draenor_loading_screen.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Hour-of-Penance-Regicide.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\i-115.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\impericon.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Machine-Head-2014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (2).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault (5).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\maxresdefault.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pain train 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Peacock_Plumage.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\pirate-flag-wwi-lc.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\serbian-national-flag-unit-march-16018893.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\speedwolf-ride-with-death.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\The-Black-Dahlia-Murder-2015-by-Jonathan-Pushnik.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Unleash-the-Archers-Time-Stands-Still-02.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wh40k_1429b3_5618330.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Desktop\Wow.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\10-Years---Feeding-The-Wolves-(Deluxe-Edition).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\10.years.feeding.the.wolv.ace:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2010 - Head Movies.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2012 - DOES.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013 - The Wall Eater.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2013---A-Storm-of-Light---Nations-to-Flames.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\20160927_potvrzeni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\2016_no_care.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe.q3mp5he.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-STORM-OF-LIGHT---2008---And-We-Wept-The-Black-Ocean-Within-[neurot].rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light---Latitudes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\A-Storm-Of-Light-–-As-The-Valley-Of-Death-Becomes-Us,-Our-Silver-Memories-Fade-(2011).rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ageofconan-en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Bro.2012.DVDRip.XviD.PTpOWeR.1012664.seventorrents.com.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\bsplayer269-1079.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Chelsea-Grin-Ashes-To-Ashes.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DBM-Core-7.1.12.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace (2).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Diplomova_prace.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DiscordSetup.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Dkpttr - W wll Dstry... Y Wll Oby!!.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.1d6c8b61f291007e5f31e24e71da8c76.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\dro_setup.384515caa09c371502c081a171a1a231.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DT pravidla.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\DTLiteInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\EveLauncher-1097946.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-0-160.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\GlyphInstall-14-1.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\goatreich-fleshcult-4ffe6e1c7930b.jpg:$CmdZnID [26]

AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\Gw2Setup-64.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HeroesWoWClient.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\HijackThis.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Hvězdná-brána---1994---sci-fi,-akční,-dobrodružný.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\ISORecorder31x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\JavaSetup8u121.exe:$CmdZnID [0]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\kmplayer-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\lotrolive.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Mumie-Hrob-Draciho-cisare-(2008)-dobrodr.,B.Fraser,J.Li,M.Yeoh,CZ-dab,DTVMir,107'.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Nekromantheon---Rise,-Vulcan-Spectre-2012-od-robhalford.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\OneBank3-v3.7.6.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Recount-v7.1.5a release.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Robot-Jox---by-MissHell.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Rock 10 Years Feeding The Wolv Downloader.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SkyforgeLoader_en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Smernice_c._4_2012_I_-_O_ochrane_osobnich_udaju.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\spybot-2.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SteamSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\survarium-web-installer-041a6.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\SWTOR_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\tcmd852ax32.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\teamspeak3-server_win32-3.0.12.4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\TERA-Setup-HC.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\pc\Downloads\The-tunnel-(2011).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Thy-Art-Is-Murder---Holy-War-(2015)-320.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Tropicka-boure-(2008)-Cz-(78PT).avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\udrzbasite_p5.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Warcraft (2016) [3D] [YTS.AG].torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Wilsonov-2015-CZfilm.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\pc\Downloads\WoWP_internet_install_eu.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Zasady_spolecenskeho_chovani_-_prez.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]conspiracy.encounters.2016.hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]daddys.home.2015.brrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.1080p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]deadpool.2016.new.hdts.xvid.ac3.cpg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]gods.of.egypt.2016.720p.hdts.999mb.shaanig.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]hail.caesar.2016.hc.hdrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]london.has.fallen.2016.720p.hdrip.korsub.x264.aac2.0.stuttershit.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]mark.of.the.witch.2014hdrip.xvid.ac3.evo.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]metro.2033.redux.update.5.2014.pc.repack.??.xatab.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]point.break.2015.brrip.xvid.ac3.etrg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]star.wars.episode.vii.the.force.awakens.2015.1080p.bluray.x264.dts.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e17.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e18.720p.hdtv.x264.dimension.rartv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[kat.cr]zootopia.2016.1080p.hdrip.x264.ac3.jyk.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] All Out War - Dying Gods.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] Bleeding Red - Evolution s Crown.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\[Sound-Park.ru] nobody one - no care.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Černí-baroni-1992,-CZ.mkv:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis.. (1).odt:$CmdZnID [26]
AlternateDataStreams: C:\Users\pc\Downloads\Životopis...odt:$CmdZnID [26]

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d9bf4e4-180c-11e5-a15c-00221588abab} => key removed successfully
HKCR\CLSID\{5d9bf4e4-180c-11e5-a15c-00221588abab} => key not found.
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5dd89a7-0c47-11e6-a502-00221588abab} => key removed successfully
HKCR\CLSID\{c5dd89a7-0c47-11e6-a502-00221588abab} => key not found.
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd4a3e53-b8d8-11e6-b9e9-00221588abab} => key removed successfully
HKCR\CLSID\{fd4a3e53-b8d8-11e6-b9e9-00221588abab} => key not found.
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd4a3ee2-b8d8-11e6-b9e9-00221588abab} => key removed successfully
HKCR\CLSID\{fd4a3ee2-b8d8-11e6-b9e9-00221588abab} => key not found.
HKU\S-1-5-21-966644435-3839093438-2598601741-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\pc\AppData\Local\Temp" folder move:

Could not move "C:\Users\pc\AppData\Local\Temp" => Scheduled to move on reboot.

C:\WINDOWS\system32\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Shell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.Diagnostics.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winlogon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winsrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wkssvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WlanMediaManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlidsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpAXHolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcRefreshTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcTok.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpncore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpnprv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuaueng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wups.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuuhext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwansvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\x3daudio1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\x3daudio1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\X3DAudio1_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_10.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_8.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine2_9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xactengine3_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAPOFX1_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XAudio2_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblAuthManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xinput1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xinput1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\aadtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AboveLockAppHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\aclui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppContracts.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\apprepapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\apprepsync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppxPackaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\asycfilt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\atmlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AUDIOKSE.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AuthBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AuthExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\authui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BluetoothApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cdp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Chakra.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Chakradiag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ClipboardServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cngkeyhelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\combase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CoreMessaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CoreUIComponents.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovhost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\crypt32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CryptoWinRT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3D12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d8.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_33.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_34.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_35.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_36.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_37.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_38.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_39.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_40.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_41.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_42.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_43.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_47.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dcsx_42.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dcsx_43.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_33.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_34.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_35.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_36.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_37.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_38.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_39.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_40.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_41.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_42.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx10_43.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx11_42.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx11_43.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_24.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_25.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_26.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_27.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_28.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_29.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_30.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_31.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_33.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_34.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_35.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_36.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_37.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_38.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_39.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_40.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_41.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_42.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DX9_43.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DevicePairing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dialclient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DisplayManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DLLDEV32i.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dlnashext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dtdump.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxtrans.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\edgehtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\efswrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EmailApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ErrorDetails.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\findnetprinters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\fontdrvhost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gdi32full.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieapfltr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iedkcs32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieframe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iepeers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iertutil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\imapi2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\inetcpl.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InstallAgent.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\jscript9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LicenseManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LicenseManagerApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LogonController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MbaeApiPublic.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mbsmsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MCRecvSrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFMediaEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MiracastReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mispace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mqmigplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msfeeds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mshtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mshtmled.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssrch.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mstsc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mtxclu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NaturalLanguage6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupShim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\odbcconf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offlinesam.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ole32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\oleacc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\oleaut32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\olepro32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PrintDialogs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rdpcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rdpencom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ReAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RTMediaFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchIndexer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ShareHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\shell32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\storagewmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\StoreAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sud.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SyncSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\systemcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TokenBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tquery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tsmf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinapi.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIRibbonRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\unimdm.tsp => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\updatepolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\uReFS.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\urlmon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDataAccountApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserMgrProxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\vbscript.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\win32kfull.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Energy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Import.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\windows.storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinRtTracing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WwaApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\x3daudio1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\x3daudio1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\X3DAudio1_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_10.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_8.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine2_9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xactengine3_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAPOFX1_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_5.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XAudio2_7.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xinput1_1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xinput1_2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xinput1_3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\capimg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\clfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cng.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\crashdmp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dam.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dumpsd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgkrnl.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgmms1.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgmms2.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fastfat.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\http.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\iorate.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\MegaSas2i.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\modem.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ndis.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ntfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\partmgr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\pci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\rdbss.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\sdbus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\spaceport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\srv2.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\storahci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\stornvme.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\storport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tcpip.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\t_mouse.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vhdmp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vpci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\wcifs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\wdcsam64.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\WdiWiFi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\winhvr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\xboxgip.sys => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Desktop\07-Peter-Pan-outfit-for-a-small-boy.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\12718220_10154026807412295_4668597059644010896_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\12744723_10153930762643826_3563546126070622926_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\12792167_10153962789848826_2366565679636654792_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\1383778154_paris-hilton-zoom.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\15078951_10206314924946790_8343942202136672747_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\16594.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\1973760_821086021236970_380260415863764005_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\200830.gif => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\4284564-a-small-boy-with-a-balloon-in-the-garden.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\686-15058D0-2.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\aid960846-728px-Care-for-a-Pig-With-Pneumonia-Step-1-Version-3.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\anarchist_guy_by_xeramon-d4rqepn.png => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\art-godmachine-illustrations-rtf-12.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\BACK COVER CD.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Brooklyn_Museum_-_What_Our_Lord_Saw_from_the_Cross_(Ce_que_voyait_Notre-Seigneur_sur_la_Croix)_-_James_Tissot.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Brussels Riots 1.png => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\c74a4c42ea7294271ffaff1be0bef7a3.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\ca1eb4985aa384220c65df5b023bd192.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\clothing-plastic-body-model-fashion-shenzhen-convention-exhibition-center-fifteenth-china-shenzhen-international-brand-56468374.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\COVER-speedwolf.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Cover.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Daemon_Primarch_Angron.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Dark-Legion.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\destroyer666wildfire 2016.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Draenor_loading_screen.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Hour-of-Penance-Regicide.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\i-115.png => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\impericon.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Machine-Head-2014.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\maxresdefault (1).jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\maxresdefault (2).jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\maxresdefault (5).jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\maxresdefault.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\pain train 2.png => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Peacock_Plumage.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\pirate-flag-wwi-lc.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\serbian-national-flag-unit-march-16018893.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\speedwolf-ride-with-death.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\The-Black-Dahlia-Murder-2015-by-Jonathan-Pushnik.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Unleash-the-Archers-Time-Stands-Still-02.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Wh40k_1429b3_5618330.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Desktop\Wow.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\10-Years---Feeding-The-Wolves-(Deluxe-Edition).rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\10.years.feeding.the.wolv.ace => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\2010 - Head Movies.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\2012 - DOES.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\2013 - The Wall Eater.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\2013---A-Storm-of-Light---Nations-to-Flames.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\20160927_potvrzeni.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\2016_no_care.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\342.01-desktop-win10-64bit-international.exe.q3mp5he.partial => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\A-STORM-OF-LIGHT---2008---And-We-Wept-The-Black-Ocean-Within-[neurot].rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\A-Storm-Of-Light---Latitudes.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\A-Storm-Of-Light-–-As-The-Valley-Of-Death-Becomes-Us,-Our-Silver-Memories-Fade-(2011).rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\ageofconan-en.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\ageofconan-en.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\Battle.net-Setup-enGB.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Bro.2012.DVDRip.XviD.PTpOWeR.1012664.seventorrents.com.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\bsplayer269-1079.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\bsplayer269-1079.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Chelsea-Grin-Ashes-To-Ashes.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\DBM-Core-7.1.12.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Diplomova_prace (1).doc => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Diplomova_prace (2).doc => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Diplomova_prace.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\DiscordSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\DiscordSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Dkpttr - W wll Dstry... Y Wll Oby!!.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\dro_setup.1d6c8b61f291007e5f31e24e71da8c76.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\dro_setup.384515caa09c371502c081a171a1a231.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\DT pravidla.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\DTLiteInstaller (1).exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\DTLiteInstaller (1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\DTLiteInstaller.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\DTLiteInstaller.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\EveLauncher-1097946.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\EveLauncher-1097946.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\FRST64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\FRST64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\GlyphInstall-0-160.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\GlyphInstall-0-160.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\GlyphInstall-14-1.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\GlyphInstall-14-1.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\goatreich-fleshcult-4ffe6e1c7930b.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Gw2Setup-64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\Gw2Setup-64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Gw2Setup-64.tmp => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\HeroesWoWClient.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\HijackThis (1).exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\HijackThis (1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\HijackThis.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\HijackThis.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Hvězdná-brána---1994---sci-fi,-akční,-dobrodružný.avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\IE10-Windows6.1-x64-cs-cz.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\IE11-Windows6.1-x86-cs-cz.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\ISORecorder31x86.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\ISORecorder31x86.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\JavaSetup8u121.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\JavaSetup8u121.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\kmplayer-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\kmplayer-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\lotrolive.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Mumie-Hrob-Draciho-cisare-(2008)-dobrodr.,B.Fraser,J.Li,M.Yeoh,CZ-dab,DTVMir,107'.avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Nekromantheon---Rise,-Vulcan-Spectre-2012-od-robhalford.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\OneBank3-v3.7.6.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Recount-v7.1.5a release.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Robot-Jox---by-MissHell.avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Rock 10 Years Feeding The Wolv Downloader.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\SkyforgeLoader_en.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\SkyforgeLoader_en.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Smernice_c._4_2012_I_-_O_ochrane_osobnich_udaju.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\spybot-2.4.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\spybot-2.4.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\SteamSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\SteamSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\survarium-web-installer-041a6.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\survarium-web-installer-041a6.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\SWTOR_setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\SWTOR_setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\tcmd852ax32.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\tcmd852ax32.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.16.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\TeamSpeak3-Client-win64-3.0.19.3.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\teamspeak3-server_win32-3.0.12.4.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\TERA-Setup-HC.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\TERA-Setup-HC.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\The-tunnel-(2011).avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Thy-Art-Is-Murder---Holy-War-(2015)-320.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Tropicka-boure-(2008)-Cz-(78PT).avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\udrzbasite_p5.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Warcraft (2016) [3D] [YTS.AG].torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124 (1).jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\where-ironcrosses-grow-4faa92b489124.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Wilsonov-2015-CZfilm.avi => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\WoWP_internet_install_eu.exe => ":$CmdTcID" ADS could not remove.
C:\Users\pc\Downloads\WoWP_internet_install_eu.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Zasady_spolecenskeho_chovani_-_prez.ppt => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]conspiracy.encounters.2016.hdrip.xvid.ac3.evo.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]daddys.home.2015.brrip.xvid.ac3.evo.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]deadpool.2016.1080p.hdrip.korsub.x264.aac2.0.stuttershit.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg (1).torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]deadpool.2016.720p.hc.hdrip.x264.aac.etrg.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]deadpool.2016.new.hdts.xvid.ac3.cpg.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]gods.of.egypt.2016.720p.hdts.999mb.shaanig.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]hail.caesar.2016.hc.hdrip.xvid.ac3.etrg.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]london.has.fallen.2016.720p.hdrip.korsub.x264.aac2.0.stuttershit.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]mark.of.the.witch.2014hdrip.xvid.ac3.evo.torrent => ":$CmdZnID" ADS removed successfully.
"C:\Users\pc\Downloads\[kat.cr]metro.2033.redux.update.5.2014.pc.repack.??.xatab.torrent" => ":$CmdZnID" ADS not found.
C:\Users\pc\Downloads\[kat.cr]point.break.2015.brrip.xvid.ac3.etrg.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia (1).torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]spectre.2015.french.720p.bluray.x264.amnesia.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]star.wars.episode.vii.the.force.awakens.2015.1080p.bluray.x264.dts.jyk.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e17.720p.hdtv.x264.dimension.rartv.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]the.big.bang.theory.s09e18.720p.hdtv.x264.dimension.rartv.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[kat.cr]zootopia.2016.1080p.hdrip.x264.ac3.jyk.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[Sound-Park.ru] All Out War - Dying Gods.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[Sound-Park.ru] Bleeding Red - Evolution s Crown.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\[Sound-Park.ru] nobody one - no care.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Černí-baroni-1992,-CZ.mkv => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Životopis.. (1).odt => ":$CmdZnID" ADS removed successfully.
C:\Users\pc\Downloads\Životopis...odt => ":$CmdZnID" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54441249 B
Java, Flash, Steam htmlcache => 77595002 B
Windows/system/drivers => 91669849 B
Edge => 39975833 B
Chrome => 862263923 B
Firefox => 0 B
Opera => 137197226 B

Temp, IE cache, history, cookies, recent:
Default => 6828 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 29026468 B
NetworkService => 0 B
pc => 524388752 B
DefaultAppPool => 6828 B

RecycleBin => 9700749 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-02-2017 20:43:34)

C:\Users\pc\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:43:39 ====

Změnilo se něco?

spouští se to pořád při startu ... jako by to bylo v registrech asi .. žádá to po mě instalaci aplikace..jde to z venku..ale kde je ten lokální soubor netuším..ten pro-grámek jsem odinstaloval...je to pryč...a tohle zůstalo..

Z příkazového řádku příkazem msconfig spusťte konfigurační utilitu Windows. Na záložce "Po spuštění" ji najděte a odstraňte zatržítko. Nastavení uložte a restartujte. Vir to není, tak to alespoň odstraníte ze startupu.

je to ok...je to bloklý ...díky za radu ...

Rádo se stalo!