Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:18-01-2016 Executado por Luiz (2016-01-24 04:49:18) Executando a partir de C:\Users\Luiz\Downloads Windows 7 Professional Service Pack 1 (X64) (2016-01-21 23:19:59) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-104588939-3940390154-1385043483-500 - Administrator - Disabled) Convidado (S-1-5-21-104588939-3940390154-1385043483-501 - Limited - Disabled) Luiz (S-1-5-21-104588939-3940390154-1385043483-1000 - Administrator - Enabled) => C:\Users\Luiz ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Comodo Defense+ (Enabled - Out of date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-104588939-3940390154-1385043483-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.) COMODO Firewall (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit) EagleGet version 2.0.4.7 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.7 - EagleGet) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GPU Caps Viewer v1.6.2 (HKLM-x32\...\GPU Caps Viewer_is1) (Version: - oZone3D.Net) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.7 - IObit) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) K-Lite Mega Codec Pack 11.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - ) Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.6366.2056 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-104588939-3940390154-1385043483-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - ) VSO Media Player 1.5.3.511 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.5.3.511 - VSO Software) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-104588939-3940390154-1385043483-1000_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {017AA986-E2E8-4D44-B2BF-52B32670EC2B} - System32\Tasks\Uninstaller_SkipUac_Luiz => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-10-20] (IObit) Task: {25A88A70-D179-4024-B0EF-0151E72955B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {380EFE56-8BC5-4611-A6A6-EA4ED7CD668E} - System32\Tasks\WinThruster => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO Task: {435CF9A6-F068-4CF2-9E3B-C10273570702} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {4476F7B6-3BCA-484F-907B-3857940190BB} - System32\Tasks\Opera scheduled Autoupdate 1453426237 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software) Task: {4E810BC2-B581-41D1-BC61-4790E923199D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.) Task: {53DAE6A7-E085-48F3-96D7-EAB535C57E4A} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO Task: {5480AB36-8C4D-4F85-9510-7B2B8ACB1668} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-22] (Adobe Systems Incorporated) Task: {55D34F4C-6EF6-495D-BDF1-DE8DA3EB2C47} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-22] (AVAST Software) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {833B82C2-9C87-45FC-AA19-19CA4ECD606B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-24] (Microsoft Corporation) Task: {86A961A4-1A03-446A-ACFA-A2724BE1E43E} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2015-12-03] (IObit) Task: {97B6837D-263D-41B3-8D17-3B90070A713E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-24] (Microsoft Corporation) Task: {9950A106-1EBE-42A3-B014-96E3799A4B13} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {A3890744-758D-4005-B436-24E133EE67A2} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-30] (IObit) Task: {A6D02A66-C696-4AF4-B702-11B8E8E1CD65} - System32\Tasks\Driver Booster SkipUAC (Luiz) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-12-22] (IObit) Task: {ACD8CA35-F55C-4263-8322-70E0C91872DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-22] (AVAST Software) Task: {B2CADEB5-32D2-48D6-8C21-5BBCCDC52885} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.) Task: {B3A666DA-EFCE-449B-94EA-3CC53B4CB7F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-24] (Microsoft Corporation) Task: {B98F47E2-0C19-4DF5-B2C8-5BFB2D47CDCB} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {BD35CD81-B3CB-48DE-A034-2EDCD58ADD4C} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO Task: {C6617EF2-0404-4562-99A9-D7C5C7732EC1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] () Task: {D8861F4E-A045-4E31-9984-3973EE297F58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-24] (Microsoft Corporation) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {F58EB334-C387-4BBA-8A08-EFB09C21E18A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-22] (Adobe Systems Incorporated) Task: {FFF30894-CFBB-417A-B957-55D61D3CE155} - System32\Tasks\ASC9_SkipUac_Luiz => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-30] (IObit) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2016-01-23 21:31 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-01-22 00:55 - 2016-01-07 11:04 - 00238080 _____ () C:\Program Files (x86)\EagleGet\EGMonitor.exe 2016-01-22 00:38 - 2016-01-22 00:38 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-01-22 00:38 - 2016-01-22 00:38 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-01-23 22:45 - 2016-01-23 22:45 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012301\algo.dll 2016-01-22 00:38 - 2016-01-22 00:38 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-01-22 00:55 - 2016-01-07 11:03 - 01026048 _____ () C:\Program Files (x86)\EagleGet\util.dll 2016-01-22 00:55 - 2014-07-17 15:13 - 00397312 _____ () C:\Program Files (x86)\EagleGet\sqlite3.dll 2016-01-22 00:50 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2016-01-22 00:50 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2016-01-22 00:50 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2016-01-22 00:50 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2016-01-22 00:50 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2016-01-22 00:38 - 2016-01-22 00:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-01-22 00:47 - 2015-09-21 10:49 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2016-01-22 00:47 - 2015-09-21 10:49 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-01-22 00:47 - 2015-09-21 10:49 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2016-01-21 23:30 - 2016-01-18 05:19 - 61568120 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\opera.dll 2016-01-21 23:30 - 2016-01-18 05:19 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libglesv2.dll 2016-01-21 23:30 - 2016-01-18 05:19 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\BWUnpairElevated.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\HotStartUserAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IcCoinstall.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PushPrinterConnections.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shadow.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VmbusCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmbusres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmicres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmicsvc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vmstorfltres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\defaultlocationcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dnscmmc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpnaddr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpx.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DShowRdpFilter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DXPTaskRingtone.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fmcodec.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imgutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBLR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBULG.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDCZ1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDGEO.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDGKL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDGR1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINBEN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINHIN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINKAN.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINMAR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINORI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINTAM.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDINTEL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kbdlk41a.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDLT1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDMAORI.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDMON.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDNEPR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDPO.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDSF.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDSG.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTAJIK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTUF.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTUQ.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTURME.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDUGHR1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDUS.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\licmgr10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc40u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscoree.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeedsbs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeedssync.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstime.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\NAPCRYPT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\NAPHLPR.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netfxperf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\networkmap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ocsetup.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\OnLineIDCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PerfCenterCPL.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pifmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pmcsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pnidui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ppcsnap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PresentationHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PresentationHostProxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PushPrinterConnections.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qcap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpd3d.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdprefdrvapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\slwga.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sppcomapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sppinst.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwizres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sqlcese30.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\taskmgr.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TRAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vdsbas.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wcncsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wiavideo.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wimserv.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wpdwcn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\AGP440.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\aliide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\amdide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\atapi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cmdide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\errdev.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\HECIx64.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\HpSAMD.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\intelide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ipfltdrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\isapnp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msisadrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mssmbios.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\NV_AGP.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\pciide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\pciidex.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\raspptp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpdr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storvsc.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ULIAGPKX.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vdrvroot.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\viaide.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\VMBusHID.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vms3cap.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\wmiacpi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID AlternateDataStreams: C:\Users\Luiz\Desktop\Detection.exe:$CmdTcID AlternateDataStreams: C:\Users\Luiz\Downloads\api-ms-win-crt-runtime-l1-1-0.zip:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\Dead.Space.3-RELOADED-[rarbg.com].torrent:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Luiz\Downloads\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\Lista de Rastreadores(2).txt:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\pt_office_professional_plus_2016_x86_x64_dvd_6966451.iso:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\unificada_lista_rastreador_torrent_tracker 1700 BY DRZ (1).txt:$CmdZnID AlternateDataStreams: C:\Users\Luiz\Downloads\__64-api-ms-win-crt-runtime-l1-1-0.dll10.0.10046.0.zip:$CmdZnID ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-14 00:34 - 2016-01-22 00:24 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-104588939-3940390154-1385043483-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.10.4.1 - 200.175.89.139 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{F845EAB5-CD4D-4B05-8B78-62E7C5AC25E6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{00A74481-073A-486E-B2D9-668C4D92C0F2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{682FF033-0391-4F6D-BDEB-AAA4288609D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{5709C3C2-358F-46B8-A389-871D8E0FAE0B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{E95566DF-990C-4664-BD40-4CB7FE3EE7CA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{65F27802-33C6-47B9-B660-A323850914F4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{B4F0B3C0-4A9C-49FC-A742-61F998E62668}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{33EDA999-C85D-4069-B730-B3810DA1EDDB}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{987F4BEC-1BF9-470A-876C-64E10E051746}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E1B92328-820A-4ABD-B90D-0765DB5AA154}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{58A2EB18-4195-474E-BCC7-614672C614B7}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{013867E4-81CB-4C95-A946-1C6522A0DD38}] => (Allow) C:\Users\Luiz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2508C303-1421-4E58-A50E-48FAD60C985F}] => (Allow) C:\Program Files (x86)\Disney Interactive Studios\Split Second\SplitSecond.exe FirewallRules: [{4D3BA9BC-B833-4062-B6FD-B8EF2296B459}] => (Allow) C:\Program Files (x86)\Disney Interactive Studios\Split Second\SplitSecond.exe FirewallRules: [{E33A4219-14AB-46CE-848B-61D2B2A42CE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8CF90FC8-C8B6-4570-9330-EA1193902E90}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{D7482737-3ABF-488B-B3E5-300D64B2AF4C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{6FCF4E26-CF7A-48D4-B946-6872FAF22EA2}] => (Allow) C:\Users\Luiz\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{BA215A32-EC84-4D3F-8973-4DD38073B480}] => (Allow) LPort=1688 FirewallRules: [{8BEC2D79-3D09-4B13-AEE8-E8458686C049}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{CC70441B-BAE9-4E39-BD19-119E1E6A757B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F22A0715-C47A-4DF1-A1A3-408D88C1FC92}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe ==================== Pontos de Restauração ========================= 24-01-2016 04:03:46 Windows 7 Service Pack 1 24-01-2016 04:20:31 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (01/24/2016 04:19:22 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (4968) WindowsMail0: O backup parou porque ele foi interrompido pelo cliente ou houve falha na conexão com o cliente. Error: (01/24/2016 04:19:19 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (4484) WindowsMail0: O backup parou porque ele foi interrompido pelo cliente ou houve falha na conexão com o cliente. Error: (01/24/2016 04:13:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: mbamservice.exe, versão: 3.2.19.0, carimbo de hora: 0x55e84649 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x72c36cc4 Identificação do processo com falha: 0x7e8 Hora de início do aplicativo com falha: 0xmbamservice.exe0 Caminho do aplicativo com falha: mbamservice.exe1 FCaminho do módulo de falhas: mbamservice.exe2 Identificação do Relatório: mbamservice.exe3 Error: (01/24/2016 04:13:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: mbamscheduler.exe, versão: 3.1.6.0, carimbo de hora: 0x55e84890 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x72c36cc4 Identificação do processo com falha: 0x76c Hora de início do aplicativo com falha: 0xmbamscheduler.exe0 Caminho do aplicativo com falha: mbamscheduler.exe1 FCaminho do módulo de falhas: mbamscheduler.exe2 Identificação do Relatório: mbamscheduler.exe3 Error: (01/24/2016 04:13:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: armsvc.exe, versão: 1.824.16.6751, carimbo de hora: 0x566e7201 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x72c36cc4 Identificação do processo com falha: 0x6c4 Hora de início do aplicativo com falha: 0xarmsvc.exe0 Caminho do aplicativo com falha: armsvc.exe1 FCaminho do módulo de falhas: armsvc.exe2 Identificação do Relatório: armsvc.exe3 Error: (01/24/2016 04:13:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: mscorsvw.exe, versão: 4.0.30319.1, carimbo de hora: 0x4ba1da21 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x72c36cc4 Identificação do processo com falha: 0x7e0 Hora de início do aplicativo com falha: 0xmscorsvw.exe0 Caminho do aplicativo com falha: mscorsvw.exe1 FCaminho do módulo de falhas: mscorsvw.exe2 Identificação do Relatório: mscorsvw.exe3 Error: (01/24/2016 04:13:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: ASCService.exe, versão: 9.0.2.32, carimbo de hora: 0x56396946 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x72c36cc4 Identificação do processo com falha: 0x3b4 Hora de início do aplicativo com falha: 0xASCService.exe0 Caminho do aplicativo com falha: ASCService.exe1 FCaminho do módulo de falhas: ASCService.exe2 Identificação do Relatório: ASCService.exe3 Error: (01/24/2016 04:03:49 AM) (Source: VSS) (EventID: 12305) (User: ) Description: Erro do serviço de cópias de sombra de volume: volume/disco não conectado ou não encontrado. Contexto do erro:CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10,0xc0000000,0x00000003,...). Operação: Processando PostFinalCommitSnapshots Contexto: Contexto de Execução: System Provider Error: (01/24/2016 03:35:07 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F069 Partial Pkey=CPQVG ACID=? Detailed Error[?] Error: (01/24/2016 03:35:07 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: ) Description: Installation of the Proof of Purchase failed. 0xC004F069 Partial Pkey=CPQVG ACID=? Detailed Error[?] Erros de Sistema: ============= Error: (01/24/2016 04:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço COMODO Chromodo Update Service devido ao seguinte erro: %%2 Error: (01/24/2016 04:14:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Avast Antivirus devido ao seguinte erro: %%109 Error: (01/24/2016 04:13:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço MBAMScheduler foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/24/2016 04:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/24/2016 04:13:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Avast Antivirus foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 5000 milissegundos: Reiniciar o serviço. Error: (01/24/2016 04:13:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Advanced SystemCare Service 9 foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/24/2016 04:13:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft .NET Framework NGEN v4.0.30319_X86 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (01/24/2016 03:34:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço ClickToRunSvc. Error: (01/24/2016 03:31:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Instalador de Módulos do Windows terminou com o erro: %%16405 Error: (01/24/2016 03:30:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço COMODO Chromodo Update Service devido ao seguinte erro: %%2 ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentagem de memória em uso: 55% RAM física total: 8034.7 MB RAM física disponível: 3573.79 MB Virtual Total: 16067.59 MB Virtual disponível: 10638.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:390.62 GB) (Free:340.01 GB) NTFS Drive d: () (Fixed) (Total:195.21 GB) (Free:8.62 GB) NTFS Drive e: () (Fixed) (Total:345.57 GB) (Free:134.39 GB) NTFS Drive k: (LCVF) (Fixed) (Total:931.51 GB) (Free:798.54 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C70DC70D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: EC8011E8) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================