Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by ocznik1986 at 2015-03-19 23:58:41 Running from C:\Users\ocznik1986\Desktop\FRST Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden AdFender (HKLM-x32\...\AdFender) (Version: 1.83 - AdFender, Inc.) Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.141 - Adobe Systems Incorporated) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) BitTorrent (HKU\S-1-5-21-2702095170-3591425996-2869741432-1002\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.) CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.2 - Corel Corporation) Hidden DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden do-search uninstall (HKLM-x32\...\do-search uninstall) (Version: - do-search) F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) GameDesire-Pool & Snooker (HKLM-x32\...\GameDesire-Pool & Snooker) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: - ) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 0.97 - Napisy24.pl) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pakiet sterowników systemu Windows - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Podatnik.info PIT pro 2014 wersja 2.1.7.22887 (HKLM-x32\...\{B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1) (Version: 2.1.7.22887 - Podatnik.info Sp. z o.o.) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Primary Result (HKLM\...\Primary Result) (Version: 2015.03.13.180401 - Primary Result) <==== ATTENTION Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Software Management Module (HKU\S-1-5-21-2702095170-3591425996-2869741432-1002\...\Software Management Module) (Version: 0.1.14.0 - Maxiget Ltd.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden Unity Web Player (HKU\S-1-5-21-2702095170-3591425996-2869741432-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-02-2015 18:28:50 Removed Microsoft Visual Studio Tools for Applications 2.0 - ENU 05-03-2015 12:30:09 avast! antivirus system restore point 06-03-2015 12:41:37 Installing COMODO Internet Security Premium 06-03-2015 22:47:53 Removed GeekBuddy. 07-03-2015 18:56:19 Removed GeekBuddy. 07-03-2015 22:18:43 Removed Corel Graphics - Windows Shell Extension. 07-03-2015 22:19:50 Removed Corel Graphics - Windows Shell Extension 32 Bit. 08-03-2015 11:44:28 Removed Ghostscript GPL 8.64 (Msi Setup). 08-03-2015 11:46:01 Removed Skype Click to Call 08-03-2015 11:47:45 Removed Windows Media Player Firefox Plugin 13-03-2015 11:24:51 Windows Update 19-03-2015 22:34:33 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {056962C8-986A-4042-B96F-7547229E54D9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO) Task: {0AE13416-0C05-4EE0-9ACF-30953B717246} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {1612471F-6024-4B5C-BB93-50E433607092} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated) Task: {37303A42-721E-4F1D-9588-07626E00B8F4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO) Task: {388B504F-72CA-45A6-A8E4-2C6E456D0D00} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lukas_S-ocznik1986 Lukas_S => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-03-13] (Microsoft Corporation) Task: {3D3CD6B9-4AD1-4AB1-82DE-808090D8C615} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {50F54A97-88B5-4363-B294-B94AE01F98A2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {6D0C6D48-A3AF-4800-A3E9-50CBA37E6DBE} - System32\Tasks\MaxigetMasterUpdate => C:\Users\ocznik1986\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe Task: {AE91589B-3295-4A33-858C-141B80A1F82A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {AF0EE8CB-9684-4EED-86F8-1DBBDE806CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.) Task: {C887FBB8-9AB8-443E-A881-B4B2C8A8851A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D4DFE162-A0FA-44B5-9C53-C1B1E0BFE041} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO) Task: {D5929D87-B8E4-4263-8B11-3688F729B6E8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO) Task: {DF64A843-055F-4680-92E3-14674C1DA913} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-13] (Microsoft Corporation) Task: {DFF4F0B9-3B22-40C3-83C7-3477715C2756} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.) Task: {E6E04484-4399-4A42-809E-1C429AC7F34F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30] (COMODO) Task: {EB97FE14-9535-4BA2-82BF-7DF3363EED46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-14] (Google Inc.) Task: {F1459563-634D-462D-BB8E-E86E3E5315D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-16] (Piriform Ltd) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-30 17:38 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll 2014-11-30 17:38 - 2015-03-07 17:54 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll 2014-10-05 14:44 - 2013-12-03 07:09 - 00240720 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2014-06-14 08:06 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-03-13 19:04 - 2015-03-19 22:40 - 00403192 _____ () C:\Program Files (x86)\Primary Result\bin\utilPrimaryResult.exe 2014-06-14 08:09 - 2014-06-14 08:09 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 2014-06-14 08:09 - 2014-06-14 08:09 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll 2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-03-17 06:35 - 2015-03-19 08:28 - 00353528 _____ () C:\Program Files (x86)\Primary Result\bin\PrimaryResult.PurBrowse64.exe 2015-03-13 21:50 - 2015-03-19 16:27 - 00123128 ____N () C:\Program Files (x86)\Primary Result\bin\PrimaryResult.BrowserAdapter64.exe 2015-03-13 21:45 - 2015-03-19 22:41 - 00403192 _____ () C:\Program Files (x86)\Primary Result\updatePrimaryResult.exe 2015-03-18 22:25 - 2015-03-19 16:27 - 00196856 ____N () C:\Program Files (x86)\Primary Result\bin\1601c372fdd44d0781cb64.dll 2015-02-03 21:32 - 2015-01-27 04:27 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-02-03 21:32 - 2015-01-27 04:27 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-02-03 21:32 - 2015-01-27 04:27 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll 2015-02-03 21:32 - 2015-01-27 04:27 - 26725704 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll 2014-06-14 07:29 - 2013-08-19 19:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\calc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fsquirt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\{1601c372-fdd4-4d07-81cb-8d80cd533a89}Gw64.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\{7edae523-2f47-48a4-be5c-2db16c2cad61}Gw64.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\{af159d03-4801-4284-bdcb-4497403da962}Gw64.sys:$CmdTcID AlternateDataStreams: C:\Users\ocznik1986\Downloads\Inkscape(12218)-dp.exe:$CmdTcID AlternateDataStreams: C:\Users\ocznik1986\Downloads\Inkscape(12218)-dp.exe:$CmdZnID AlternateDataStreams: C:\Users\ocznik1986\Downloads\spybotsd162.exe:$CmdTcID AlternateDataStreams: C:\Users\ocznik1986\Downloads\spybotsd162.exe:$CmdZnID AlternateDataStreams: C:\Users\ocznik1986\Downloads\umowa_uzyczenia_lokalu_mieszkalnego.rtf:$CmdZnID AlternateDataStreams: C:\Users\ocznik1986\Downloads\Waglewski _Fisz _Emade_-_Matka _Syn _Bog_ 2013 _[FLAC][Torrenty.org].torrent:$CmdZnID AlternateDataStreams: C:\Users\ocznik1986\Downloads\Waglewski _Fisz _Emade_-_Meska_Muzyka_ 2008 _[mp3 320kb s][Torrenty.org].torrent:$CmdZnID AlternateDataStreams: C:\Users\ocznik1986\Downloads\[tik2 akate pl]_Fisz_Emade_Jako_Tworzywo_Sztuczne_-_F3_ 2002 _[FLAC][Torrenty.org].torrent:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2702095170-3591425996-2869741432-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ocznik1986\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta z Przeglądarki fotografii systemu Windows.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "wdsmgr" HKLM\...\StartupApproved\Run32: => "Nvtmru" HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut" HKU\S-1-5-21-2702095170-3591425996-2869741432-1002\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Accounts: ============================= Administrator (S-1-5-21-2702095170-3591425996-2869741432-500 - Administrator - Disabled) Gość (S-1-5-21-2702095170-3591425996-2869741432-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2702095170-3591425996-2869741432-1004 - Limited - Enabled) ocznik1986 (S-1-5-21-2702095170-3591425996-2869741432-1002 - Administrator - Enabled) => C:\Users\ocznik1986 UpdatusUser (S-1-5-21-2702095170-3591425996-2869741432-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/19/2015 10:12:22 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "assemblyIdentity1". Błąd w pliku manifestu lub w pliku zasad "assemblyIdentity2" w wierszu assemblyIdentity3. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error: (03/19/2015 02:42:14 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "assemblyIdentity1". Błąd w pliku manifestu lub w pliku zasad "assemblyIdentity2" w wierszu assemblyIdentity3. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error: (03/19/2015 02:27:59 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "assemblyIdentity1". Błąd w pliku manifestu lub w pliku zasad "assemblyIdentity2" w wierszu assemblyIdentity3. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error: (03/19/2015 01:03:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/18/2015 00:10:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Nie można zainicjować indeksu. Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Nie można zainicjować aplikacji. Kontekst: aplikacja Windows Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Nie można zainicjować obiektu programu zbierającego. Kontekst: aplikacja Windows, wykaz SystemIndex Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Nie można zainicjować wtyczki w . Kontekst: aplikacja Windows, wykaz SystemIndex Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: Nie można zainicjować menedżera wtyczek . Kontekst: aplikacja Windows Szczegóły: (HRESULT : 0x8e5e0210) (0x8e5e0210) System errors: ============= Error: (03/19/2015 10:20:26 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (03/19/2015 10:20:26 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (03/19/2015 10:12:41 PM) (Source: DCOM) (EventID: 10010) (User: Lukas_S) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/19/2015 10:12:11 PM) (Source: DCOM) (EventID: 10010) (User: Lukas_S) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/19/2015 02:43:15 PM) (Source: DCOM) (EventID: 10010) (User: Lukas_S) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/19/2015 02:42:44 PM) (Source: DCOM) (EventID: 10010) (User: Lukas_S) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/19/2015 02:06:01 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (03/19/2015 02:06:01 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (03/19/2015 01:08:17 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (03/19/2015 01:08:17 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Microsoft Office Sessions: ========================= Error: (03/19/2015 10:12:22 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (03/19/2015 02:42:14 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (03/19/2015 02:27:59 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (03/19/2015 01:03:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/18/2015 00:10:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontekst: aplikacja Windows Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontekst: aplikacja Windows, wykaz SystemIndex Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontekst: aplikacja Windows, wykaz SystemIndex Szczegóły: Nie można odnaleźć określonego obiektu. Określ nazwę istniejącego obiektu. (HRESULT : 0x80040d06) (0x80040d06) Search.TripoliIndexer Error: (03/17/2015 11:05:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: Kontekst: aplikacja Windows Szczegóły: (HRESULT : 0x8e5e0210) (0x8e5e0210) Search.TripoliIndexer CodeIntegrity Errors: =================================== Date: 2015-03-19 23:57:39.156 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 23:47:04.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 22:52:25.347 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 22:47:20.692 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 22:37:55.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 22:21:08.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 21:39:22.782 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 14:06:35.338 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 13:15:57.938 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-19 11:28:33.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Percentage of memory in use: 61% Total physical RAM: 4008.27 MB Available physical RAM: 1538.95 MB Total Pagefile: 5526.98 MB Available Pagefile: 1620.14 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:480.06 GB) (Free:386 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.92 GB) NTFS Drive f: (C/2) (Fixed) (Total:410.58 GB) (Free:398.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 48B5A2B9) Partition: GPT Partition Type. ==================== End Of Log ============================