Solved Trojan found

mom26gr8kids · Jun 23, 2015

My SAS found a trojan during its scan last night. The trojan is found in a program that I downloaded a few weeks ago from a safe application. This is how the SAS listed it:

Trojan.Agent/Gen-Qudamah
C:\PROGRAM FILES (X86)\HOSPITAL HUSTLE\HOSPITAL HUSTLE.EXE
C:\Windows\Prefetch\HOSPITAL HUSTLE.EXE-6FFD58FD.pf

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by songe_000 (administrator) on MOMSPC on 23-06-2015 01:02:39
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 & (Available Profiles: songe_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-13] (Apple Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-11] (COMODO)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-12] (Acer Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2015-01-05] (CompSoft)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-12] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35E41C0F-2342-4FB7-AC06-AE79D8DBCF9B}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com [2015-06-03]
FF Extension: WOT - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (WOT) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-25]
CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Avira SafeSearch) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (SiteAdvisor) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-02-12] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-20] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-12] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-11] (COMODO)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [155368 2015-06-04] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-09] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-03] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 01:02 - 2015-06-23 01:03 - 00024301 _____ C:\Users\songe_000\Downloads\FRST.txt
2015-06-23 00:59 - 2015-06-23 01:02 - 00000000 ____D C:\FRST
2015-06-23 00:59 - 2015-06-23 00:59 - 02109952 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
2015-06-16 11:47 - 2015-06-16 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-14 11:52 - 2015-06-14 11:52 - 00000000 ____D C:\Users\songe_000\AppData\Local\GWX
2015-06-14 11:09 - 2015-06-14 11:09 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 17:18 - 2015-06-10 17:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:18 - 2015-04-08 16:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 19:05 - 2015-06-09 19:05 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:04 - 2015-06-09 19:04 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 19:04 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 19:04 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 18:43 - 2015-06-09 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-09 18:43 - 2015-06-09 18:43 - 00002071 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-04 19:10 - 2015-06-04 19:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\songe_000\Downloads\flashplayer17au_ha_install.exe
2015-06-04 00:24 - 2015-06-05 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 15:20 - 2015-06-01 15:20 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\GameInvest
2015-06-01 15:16 - 2015-06-01 15:16 - 00002114 _____ C:\Users\Public\Desktop\Play Shop-N-Spree Family Fortune.lnk
2015-06-01 15:16 - 2015-06-01 15:16 - 00001284 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-06-01 15:15 - 2015-06-01 15:16 - 00000000 ____D C:\Program Files (x86)\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:13 - 2015-06-01 15:13 - 00002018 _____ C:\Users\Public\Desktop\Play Antique Road Trip USA.lnk
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Program Files (x86)\Antique Road Trip USA
2015-05-31 16:22 - 2015-05-31 16:22 - 00002123 _____ C:\Users\Public\Desktop\Play Jojo's Fashion Show - World Tour.lnk
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Program Files (x86)\Jojo's Fashion Show - World Tour
2015-05-31 16:20 - 2015-05-31 16:20 - 00237568 _____ (Big Fish Games) C:\Users\songe_000\Downloads\bigfishgames_p236180967_s1_l1.exe
2015-05-31 16:18 - 2015-05-31 16:18 - 00001988 _____ C:\Users\Public\Desktop\Play Hospital Hustle.lnk
2015-05-31 16:17 - 2015-06-22 01:30 - 00000000 ____D C:\Program Files (x86)\Hospital Hustle
2015-05-31 16:17 - 2015-05-31 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hospital Hustle
2015-05-25 13:37 - 2015-05-25 13:37 - 00000887 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2015-05-25 13:27 - 2015-05-25 13:33 - 718458996 _____ C:\Users\songe_000\Downloads\ableton_live_lite_9.1.8_32.zip
2015-05-25 13:23 - 2015-05-25 13:25 - 00000000 ____D C:\Users\songe_000\Documents\Ableton
2015-05-25 13:19 - 2015-05-25 13:53 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Ableton
2015-05-25 13:13 - 2015-05-25 13:38 - 00000000 ____D C:\ProgramData\Ableton
2015-05-25 13:13 - 2015-05-25 13:13 - 00000901 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Trial.lnk
2015-05-25 12:52 - 2015-05-25 13:03 - 718450804 _____ C:\Users\songe_000\Downloads\ableton_live_trial_9.1.8_32 (1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 01:02 - 2014-10-22 22:11 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 01:01 - 2014-10-25 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-23 01:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-23 00:56 - 2014-10-22 21:47 - 01197267 _____ C:\Windows\WindowsUpdate.log
2015-06-22 19:15 - 2014-10-22 22:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-634217685-3676121620-3412417090-1001
2015-06-22 19:10 - 2014-10-22 22:11 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 17:34 - 2015-02-02 22:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 17:34 - 2015-02-02 22:20 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2014-11-03 00:22 - 00004980 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc
2015-06-22 17:33 - 2014-10-22 22:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 10:22 - 2014-10-22 22:01 - 00000000 ___DO C:\Users\songe_000\OneDrive
2015-06-22 01:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-21 21:14 - 2014-10-22 22:09 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FC5DB9F-BE6B-48AE-BFCD-CB104919ACD0}
2015-06-21 21:13 - 2013-08-22 08:46 - 00058269 _____ C:\Windows\setupact.log
2015-06-18 00:12 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 00:11 - 2013-08-22 07:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-17 22:41 - 2014-12-15 01:11 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 22:41 - 2014-10-31 20:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-16 13:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-06-16 12:54 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-16 12:48 - 2014-03-18 04:03 - 01167098 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 11:47 - 2015-05-07 15:01 - 00002056 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-16 11:46 - 2014-10-25 17:52 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-14 11:54 - 2014-11-09 14:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-14 11:26 - 2014-03-18 03:54 - 00390272 _____ C:\Windows\PFRO.log
2015-06-14 11:25 - 2014-11-10 21:44 - 00060942 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-06-14 11:20 - 2014-10-22 23:09 - 00001963 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-06-13 23:49 - 2014-07-31 04:24 - 00000000 ____D C:\ProgramData\Temp
2015-06-13 23:10 - 2014-05-16 07:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-13 23:08 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-13 16:54 - 2013-08-22 08:44 - 00497840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-13 16:50 - 2014-10-25 19:59 - 00000000 ____D C:\Windows\system32\MRT
2015-06-13 16:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-13 16:45 - 2014-10-25 19:59 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 16:42 - 2014-10-22 21:57 - 00000000 ____D C:\Users\songe_000
2015-06-13 16:41 - 2014-11-04 01:36 - 01345536 ___SH C:\Users\songe_000\Downloads\Thumbs.db
2015-06-10 17:18 - 2014-03-18 03:59 - 02473472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-06-09 19:05 - 2015-04-21 12:28 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:05 - 2015-04-21 12:28 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 18:51 - 2014-10-27 18:07 - 00000000 ____D C:\Users\songe_000\AppData\Local\Adobe
2015-06-09 18:44 - 2014-12-31 00:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-05 18:22 - 2014-12-30 22:53 - 00000000 ____D C:\BigFishCache
2015-06-05 07:36 - 2014-04-16 22:13 - 00820928 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00126696 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00035056 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00020672 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-06-05 07:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-06-05 07:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-06-05 07:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-06-05 00:59 - 2014-10-23 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 18:54 - 2014-10-25 16:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 15:16 - 2014-12-30 22:58 - 00000000 ____D C:\ProgramData\Big Fish
2015-06-01 15:15 - 2014-05-16 07:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2015-02-12 15:54 - 2015-02-12 15:54 - 0000000 _____ () C:\Users\songe_000\AppData\Local\{57E7CF6A-D32F-4B89-AC9B-E9DF5CA836F1}
2015-02-09 23:34 - 2015-02-09 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\songe_000\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-14 11:13

==================== End of log ============================

mom26gr8kids · Jun 23, 2015

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by songe_000 at 2015-06-23 01:05:02
Running from C:\Users\songe_000\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-634217685-3676121620-3412417090-500 - Administrator - Disabled)
Guest (S-1-5-21-634217685-3676121620-3412417090-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-634217685-3676121620-3412417090-1003 - Limited - Enabled)
songe_000 (S-1-5-21-634217685-3676121620-3412417090-1001 - Administrator - Enabled) => C:\Users\songe_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Trial (HKLM-x32\...\{300E84D8-F6D1-4B58-906F-7E41F34E6D42}) (Version: 9.0.0.0 - Ableton)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Antique Road Trip USA (HKLM-x32\...\BFG-Antique Road Trip USA) (Version: - )
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2: Town of the Year (HKLM-x32\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Doro 1.94 (HKLM-x32\...\Doro_is1) (Version: - CompSoft)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hospital Hustle (HKLM-x32\...\BFG-Hospital Hustle) (Version: - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jojo's Fashion Show: World Tour (HKLM-x32\...\BFG-Jojo's Fashion Show - World Tour) (Version: - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
Shop-N-Spree: Family Fortune (HKLM-x32\...\BFG-Shop-N-Spree Family Fortune) (Version: - )
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
ToneSync for Windows (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
ToneSync for Windows (HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #10 (HKLM-x32\...\ST6UNST #10) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #11 (HKLM-x32\...\ST6UNST #11) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #5 (HKLM-x32\...\ST6UNST #5) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #6 (HKLM-x32\...\ST6UNST #6) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #7 (HKLM-x32\...\ST6UNST #7) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #8 (HKLM-x32\...\ST6UNST #8) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #9 (HKLM-x32\...\ST6UNST #9) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) (HKLM-x32\...\ST6UNST #2) (Version: - )
TranscriptPro for Umbrella Schools (HKLM-x32\...\ST6UNST #1) (Version: - )
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\songe_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01911BF5-33CF-45B9-A05D-55946BCD2451} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {031368AD-69FA-42F5-9836-00FC1C7A6873} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {0796AB1B-1661-4153-9FF9-6C7C833ABC0C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {08FB1CFF-406B-4377-9C10-0364DEFA1615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {0EE31A40-E7F5-4430-9CF1-4F70BF3FFC88} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {16E0EE90-DC55-4921-99FD-69262DB1C64A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {186732CB-F708-40D3-B12D-8B39D10EE39C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {1BA8203E-D888-4C65-87EC-ECDC370FE4C7} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {1EB82D47-0AC2-4FD5-967A-4BE25F02AE3C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-13] (Microsoft Corporation)
Task: {1FD632AE-52AF-4024-B8A6-3BF3BC89FD46} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {267662B5-1367-4E02-9FC6-99CD0B27701E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {353DF28A-C368-4972-9EED-740558260980} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {475470D8-E6D8-4501-9B94-AD2F3077BA98} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-11] (COMODO)
Task: {4A01F77F-0E1D-4237-9F1B-23D90F5373D0} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-17] (Acer)
Task: {51CFE98D-0C17-472B-AC9B-4C4D031F3CA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {56F5CB9E-9FFD-4AC7-9CC5-52A809E8A239} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {575997F7-92DC-4DF0-B93A-8B443BA4BA4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5C73D677-93C1-4193-AEC4-C4A920B0BB9B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-11] (COMODO)
Task: {65CB0CBC-62D9-46E8-AC63-0E1828D6EE45} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {7DB3C51D-D6F0-4E26-8ECF-96AA4CCC4620} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {7F037994-8DA5-455E-B928-A3C2D02560B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-20] (Microsoft Corporation)
Task: {82327D8E-CE75-415E-82FC-6E8D6690898E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
Task: {8ECF10B2-4E8B-4888-A6EA-6DA68763F258} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {9876CF94-3A85-4133-AD1A-8B3CF2130063} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {9ACD19A9-CF3D-4E11-81E4-E48802C58B15} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-27] (Microsoft Corporation)
Task: {9C8C88D3-8103-4470-B502-0B5D26C749F4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {B616FA72-062A-431E-BE29-E42A21047C6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BB2394A7-6906-4194-ABD5-B1317B094E59} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {C1CFA249-4E02-41A9-8FA5-F7389F095C90} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-11] (COMODO)
Task: {C2BA6F5F-9916-4677-A62B-57CADF6CEC06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-11] (COMODO)
Task: {C3BD8C73-6194-4157-81CB-2EAA8B23150C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-26] (Microsoft Corporation)
Task: {C3C875F9-4BE0-42F0-9D4F-A4D736C6F482} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-634217685-3676121620-3412417090-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C7C30F43-94AF-4101-BA90-E6E7A4A132F4} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {CBEBC4F2-D19E-46BF-8E2A-2A4163865F73} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {CEFFC269-42D3-4B2B-BA92-7E31F4B49C16} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-26] (Microsoft Corporation)
Task: {D725518E-8608-4227-B62F-3AC93BF786C0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {EBD23ED0-365A-49D8-8A1B-9BEE7FF374AF} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-26 23:53 - 2015-01-05 20:57 - 00595456 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-03 00:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-31 04:27 - 2012-04-24 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-05-26 13:13 - 2015-05-26 13:13 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\df3d3068411d05aab5c5c952a91cd3ab\PCGAppControlPluginLoader.ni.exe
2015-03-17 12:46 - 2015-01-27 09:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-31 04:34 - 2014-01-03 15:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-02-25 23:14 - 2014-02-25 23:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 23:17 - 2014-02-25 23:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-05-16 08:06 - 2014-03-07 10:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2015-05-06 16:14 - 2015-05-12 20:42 - 00092928 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-05-06 16:14 - 2015-05-12 20:42 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2013-12-18 17:02 - 2013-12-18 17:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 17:02 - 2013-12-18 17:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-27 22:03 - 2014-10-27 22:03 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2015-06-22 01:57 - 2015-06-22 01:58 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-06-22 01:58 - 2015-06-22 01:58 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-06-22 01:52 - 2015-06-22 01:52 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-27 18:38 - 2014-10-27 18:38 - 03498496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PCGPreCompiled\cc1872e1e292d0a2d45232839cb0561f\PCGPreCompiled.ni.dll
2014-07-31 04:06 - 2013-12-09 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-12 20:40 - 2015-05-12 20:40 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-05-06 10:06 - 2015-05-06 10:06 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-05-06 16:15 - 2015-05-06 16:15 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

mom26gr8kids · Jun 23, 2015

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Setup1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\ST6UNST.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID

mom26gr8kids · Jun 23, 2015

AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\serscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:53DF4438
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB
AlternateDataStreams: C:\ProgramData\Temp:B1FBA7E1
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271
AlternateDataStreams: C:\Users\songe_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\songe_000\Downloads\27BEA410:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\ableton_live_trial_9.1.8_32 (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.111.exe:$CmdTcID
AlternateDataStreams: C:\Users\songe_000\Downloads\adwcleaner_4.111.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\bigfishgames_p236180967_s1_l1.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\BloodbornePathogenStandard.ppt:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\CYT Shrek Flocking (1).xlsx:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\CYT Shrek Flocking.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Field+Day+Registration+Form+-++2015.doc:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\flashplayer17au_ha_install.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\songe_000\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Hamdouken.jpg:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\March 6 & 7th Rehearsal Schedule.pdf:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\props for Little Women.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Raw_Porkchop.png:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Sophos Virus Removal Tool.exe:$CmdTcID
AlternateDataStreams: C:\Users\songe_000\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Statement1_from_Colorado_ACTS1932.pdf:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\TFC.exe:$CmdTcID
AlternateDataStreams: C:\Users\songe_000\Downloads\TFC.exe:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\The Quarterly Snowfall February 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\songe_000\Downloads\Updated Rehearsal 3.13 -3.21.pdf:$CmdZnID

mom26gr8kids · Jun 23, 2015

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\songe_000\Pictures\maldives-background-1366x768-13141221.jpg
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\songe_000\Pictures\maldives-background-1366x768-13141221.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6205C4D2-344D-4018-91EC-FAF3F248C18A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A444437B-4F85-4F41-82F0-BC52DFE26483}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{C4246184-B078-4136-AEC0-71242368BFE7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{AF759300-2CFA-4E92-AD98-B0387D63750E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{83EAA9C5-13AE-4379-8A7A-1A451DE149F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0CDEF45C-EBCE-40DD-A906-4D8A19357239}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{27BC92BA-C0DF-4F0A-B402-803DE4B8C650}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{A86C510D-1FBE-4A07-B7D3-6688972260BF}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F06DBE26-DCDC-43DB-923B-84922C3D7501}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0F557B47-74C5-41DD-A6DF-EC7019C28C0A}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{622F8DA1-E917-4525-82F4-95CE89573A91}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{8583C492-5FAC-4950-B27D-85673B8A59F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C0A50D40-4FBC-4225-A75A-0F9FD9A3A385}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B845775-762B-40A0-BB1D-F61FDF22BB8A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{34912F3A-F2D0-4438-9420-CC762555A183}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CEFCBC5D-294D-48FD-B250-9584842DE192}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{AB0F8975-BA91-45AA-8389-E538AF6033F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{79E8EE5B-0B90-4ED6-B332-9F3DFF41F7AF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E0F07D32-362A-42ED-97E1-2A1D3865FFDD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{057DC14D-EFDB-4A07-A145-AA644A742B2D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{3DD3649E-E7D5-4AED-9E4A-6833D37AFBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{53C87CE3-47A8-4F93-B0BD-520F1A21B2B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4BF74386-68AA-4104-ABA6-8F7D80142BB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0861019B-875B-4A10-9D3B-213164B67BA9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C243A41F-FBA1-4674-84FE-ECFDD2CBA840}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{81AD1F53-D770-4C1D-BA7A-4F2DCBA344FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A8CC1775-D679-4C99-85EA-324560AA6292}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CBE73F58-AB6C-4FF7-A5AA-CB1EE0114910}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B2CB0BF9-8ABF-4098-896C-D1D77F1FB73A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{8B489C99-EFED-4EA5-A3E4-669318A95753}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D47B7414-60D1-4252-931D-6DE0E3B83698}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CA212984-C696-49A8-AE50-B087954C39EE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A8573D83-3F62-4B63-8F72-25BC95DE1FE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{69446298-6357-443B-8251-DCABB696B4AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{1D67F0DF-34D4-447D-9440-263584BA3932}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{D9555367-7BFA-4AA6-982F-8B42357225FD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{CBCD7F61-1B35-46F6-97EA-815F9F82BA58}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{83B83E5C-AAB5-4A6C-97F9-5164F9ED193C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8AAED861-7B16-459D-8ED6-13A33C8600CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{1F685178-EA4D-4AA3-BBF8-C4C8E20932B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88E207CF-08D8-4A64-8C9A-0D51CF4F3333}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6A1C400-85F1-4DC5-A059-AE2F3DF325DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1DD69A2-519A-4BB1-9F12-F578B2F4AA42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B16D34A-BDE4-4761-B960-83F3A988E93E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{087C7601-8720-45BD-8447-AD5254C91DAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F64A059C-30FF-41AD-A425-189CE24C68F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{487A07D8-3374-4DFD-AC5B-753AF1596829}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{292AC2E5-5F18-4EAD-AC73-EC05D8D2695C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0797C174-7686-488C-A944-2D4C77F4FC79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{862EF299-342E-4255-98EC-89B02044CF19}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{DAB56AD2-B2EA-4BFB-8CCB-217F67022528}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AAC31940-E5C7-468A-9E3F-65F4F9845731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C03B7854-7BAD-486C-A091-8C8C8997D418}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4E897D40-E6AC-4B6E-BA94-1DAE00C4E192}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B049E71A-59E5-42B7-AD7D-2F1F556BD488}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6ED28BD2-A969-4B35-8E12-BB80B9605C17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F633001-09A5-4859-8FA0-D6D5803D4DA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A5F43AA4-DD7B-429A-9C28-5A4193D66627}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{42D6CA32-D9D2-41D9-B7CE-4F2FC9D9A83C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{318CECFA-D32D-48AB-8A81-CE985D8CE539}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2BB3DBE6-91AB-46E8-AF0C-BF4A7B0CA04B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{5B522B84-DF1F-4CE2-B113-8C1F69F32FE5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D5F409BF-8A9F-47D0-802D-116B76665B69}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D9ADAFBA-88C9-4225-BE10-12F894082EFA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1ABA8D1C-3966-42E8-9FD7-438F94A46FA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D3C689FC-2F31-43D7-BC1D-23548AC10842}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{646F6972-AA14-4723-8192-E52D82C4F992}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1343D175-4BF6-4E90-90AB-E56BA1F2311C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{99C2F080-43BB-4DF9-81E5-219381284ACE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1B3683A4-B449-4D6C-9252-72E7DA494F9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BAF9A487-642E-4D99-A217-EF9A8052C634}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1624C5C2-8284-447E-8853-6712189171CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EC87B11F-1667-4B5F-BA70-4048A7E23BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{814D7CDE-92D7-45B9-8016-26E503FEB4F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{24DD4180-2FF4-4489-BECC-A0B75990A875}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9AA4F94A-35B8-46DA-8F3C-D4D3CA2B97E6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3ED60866-5EE2-4382-A788-2648A03216E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2AC5E4CE-DF7B-48F4-AB50-B0E882C3BD2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{01E8A7C1-B69E-4D61-B528-95F1933452BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{5C24F2A6-8FB8-4736-A723-D9091A00F642}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F3EBBBFF-1560-466C-991B-B6B05B6CDD37}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{079D67E9-0640-41CB-A705-FE01DF568D17}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{43A9D858-8EB2-4D2C-B546-D9A8C65688BC}] => (Allow) C:\Users\songe_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9C81E31D-1FB0-4BB3-9824-BD5F22CC185D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{F056919F-1BA2-40C4-A168-9935E4BB2796}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{1B6E200F-3865-4F73-BBD8-DEC53F29D2E3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{98B2DFB3-C03F-4223-BE51-B86487471B09}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{138FFF1D-F20C-4F6A-86D9-1307290C51AD}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DFCEACDA-092A-4A55-9942-549F974C3D65}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{31741EF3-A886-45A4-B92A-4CF5E85C1670}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{678003C3-8AF4-4AB3-B4FC-93EBC73AE2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C8098A4A-FD4B-4EA1-85EA-A2F49F0CA64A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B31AB466-2234-4560-B053-C049F02D302C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F8993880-EC36-42EF-9B25-80ADAD21190D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F4C2A124-642A-4F35-8FBF-A47FC3A87F11}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7507D646-3A42-48AC-9AFF-82492AAD5A86}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0C13D7C8-AF0F-4385-AA5D-BD2CA1E2FA91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D704FC1F-E959-4AA0-8E68-4026A5E9CBC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4A00C396-E7AA-4FAD-A457-08B98729E84F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{70ED23CC-346C-4872-AEF6-379805B432EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB86E766-0963-44A5-8C40-26722B898A2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2519A1DF-B16D-4C73-BC42-254711584A0E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B59ECFBB-80F4-42E6-B9DF-E44F03F2A553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B8011E13-D5D2-4555-8605-4B1478491DB1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{40C74F0B-5914-4B66-B921-060B7B04F9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4EF4DADA-E14F-4EE5-905B-AAD1F2E946BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0383FCA1-B573-4107-81E6-C5289D3B30B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C8B6E443-CE15-4E1B-A9BB-FBE5A40CA136}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FFC80977-D188-4634-9A80-E942AFA506BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5689A824-1CDF-4C15-A3DD-E844711E7A04}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{D58E4BCB-4548-4680-BD8B-511FC992C02E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{E86F153E-1082-4DF0-A826-22F276BA7A61}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{0A490A81-03F1-429D-BFAE-F890253976EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F90A2635-C6AE-4489-86E2-A6CEEC3EB240}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{83F4D3FF-0047-4F0E-95F6-7F059EBF6C23}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A21E2346-4210-4911-A270-F994A7970F37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{202E60DA-C480-48FA-8BEE-9D749454ADFA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{42EFD9D8-A1F5-4E06-BF93-EDD086F877BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B2D43925-0DB1-4E26-BA48-4FA49613FEC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00812894-7509-42B8-80BA-90B1A5436DB4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{50C116BE-F057-435A-AB21-2AAAA556FD90}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502BD199-955F-40B5-B834-8751A00D075E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A72FBB1-2786-417C-B83E-37F759C34E73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{970CE1B8-1AD2-461B-AF8E-C33665CBEEE5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8F81D309-ED55-470A-9D8C-465E9F3DD7C1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8C9111E4-07A7-4DAF-9098-BE8D8531E712}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7C18D753-D319-40DB-88DF-FC30211EFE99}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52B38A9A-D8E1-46FD-A5C1-2DED45F967ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0A5D90D3-4F76-481B-81BE-3A291F5B0B4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1FC0E619-31F8-428F-AD1A-930CC31C717F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5717E7B9-B007-4D32-8AD8-1E2E19BFD452}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F41FA4-6B70-4D01-9E36-7C35D035D955}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B69D2AA8-482F-4F43-90BF-298A5C6FB808}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6B1CE5F-0453-4F16-B4B7-BC8689D26F72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D87CA709-90E4-48BF-9F19-B220C41E2014}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B653A0BE-8BE3-4045-A586-0D322D749C06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0046F486-9951-45ED-AEB5-922FDA7EBC97}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BA4D898-8827-4D69-A194-2D34845A922D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F0A48ABC-ABC8-4A8C-99A3-72E673F17979}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ABC073FC-B542-4D13-B674-C3BD30616FEF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{834784A6-B596-4244-A361-92BF06F7F38E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{60027485-8FB9-453D-ADD5-50165E3FB923}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{11BAD5E6-E6DD-462B-83E9-07787B02D14D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{79E280B7-CC71-4947-B446-A56CF06FF8B6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{22BF4FE2-81AB-44F7-83B1-A4298744F4DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A9C7119E-E9CF-46AA-8698-F4DEF435BE11}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AD96EC36-0882-4125-8E38-86BA094E515D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{893EC21B-B9C3-43B4-9F6F-BB9AC9D30E17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C1082CBF-EEED-42D7-B1BF-AC353933445F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A4C59F0-9084-4B6E-BD77-C7ED087523B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8F6097D4-C13B-42B4-8400-A5B5139F9F3C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

mom26gr8kids · Jun 23, 2015

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 00:54:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MOMSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147220995 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2015 00:54:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MOMSPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147220995 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8297

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8297

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 10:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6875

Error: (06/22/2015 10:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6875

Error: (06/22/2015 10:59:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 10:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5297

Error: (06/22/2015 10:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5297

System errors:
=============
Error: (06/18/2015 00:17:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service hung on starting.

Error: (06/18/2015 00:13:20 AM) (Source: DCOM) (EventID: 10016) (User: MOMSPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Momspcsonge_000S-1-5-21-634217685-3676121620-3412417090-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/18/2015 00:13:20 AM) (Source: DCOM) (EventID: 10016) (User: MOMSPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Momspcsonge_000S-1-5-21-634217685-3676121620-3412417090-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/18/2015 00:13:19 AM) (Source: DCOM) (EventID: 10016) (User: MOMSPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Momspcsonge_000S-1-5-21-634217685-3676121620-3412417090-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/17/2015 10:43:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSupportSolutionsFrameworkService service.

Error: (06/17/2015 10:43:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.

Error: (06/17/2015 10:43:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (06/17/2015 10:23:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/13/2015 11:07:47 PM) (Source: DCOM) (EventID: 10010) (User: MOMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2015 11:07:47 PM) (Source: DCOM) (EventID: 10010) (User: MOMSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Microsoft Office:
=========================
Error: (06/23/2015 00:54:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MOMSPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147220995

Error: (06/23/2015 00:54:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MOMSPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147220995

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8297

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8297

Error: (06/22/2015 10:59:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 10:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6875

Error: (06/22/2015 10:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6875

Error: (06/22/2015 10:59:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 10:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5297

Error: (06/22/2015 10:59:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5297

CodeIntegrity Errors:
===================================
Date: 2015-06-22 21:28:33.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-22 18:07:59.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-22 17:27:11.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-22 10:19:33.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 00:27:18.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-17 22:52:22.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-17 22:19:40.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-17 13:09:17.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-16 13:57:17.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-16 10:19:17.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 36%
Total physical RAM: 4019.27 MB
Available physical RAM: 2571.05 MB
Total Pagefile: 6739.52 MB
Available Pagefile: 3325.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.4 GB) (Free:304.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CEE1CD6E)

Partition: GPT Partition Type.

==================== End of log ============================

mom26gr8kids · Jun 23, 2015

My Avast scan found nothing and computer is running just fine. Thanks for your help.

Broni · Jun 23, 2015

It's most likely false positive.

Upload both file indicated by Superantispyware here: https://www.virustotal.com/ for security check.

mom26gr8kids · Jun 24, 2015

It does appear to be a false positive, thanks for your help!

Broni · Jun 24, 2015

You're very welcome

Solved Trojan found

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 56,041 +516

Similar threads