Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01 Ran by Ania (2015-08-09 10:20:40) Running from D:\Pobieranie Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2195184045-3265951034-2981680463-500 - Administrator - Disabled) Ania (S-1-5-21-2195184045-3265951034-2981680463-1000 - Administrator - Enabled) => C:\Users\Ania Gość (S-1-5-21-2195184045-3265951034-2981680463-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM-x32\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Mozilla Firefox 39.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 pl)) (Version: 39.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) REALTEK Wireless LAN Software (HKLM-x32\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.) Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 08-08-2015 16:33:06 Usunięte Realtek Ethernet Controller Driver 08-08-2015 16:41:11 Windows Update 08-08-2015 16:44:30 Windows Update 08-08-2015 17:27:08 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {494D4D96-2FA8-4EDB-A32C-523019D67B56} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {50EEE674-FC64-4F48-9A5B-704EDE703F5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.) Task: {7CAC4075-C91E-4482-828F-9C7AE8005CAE} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {82022B09-9290-49E5-B446-662808F484B7} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {89EF964E-0A26-4861-9F7C-659CD3CCFA5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.) Task: {90B86F32-59FE-4170-9456-ADB9665F1C03} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) Task: {A00E6391-D4EE-4A4A-A132-6BEFA0BCAD4D} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {A4FC35A1-91E5-4063-B932-F3C9A26CAD52} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.) Task: {A5EF2F61-F487-4D65-A5A3-7711EC94324E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO) Task: {CC79CFF1-4940-473D-99AF-8EB36C3742DB} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.) Task: {D6FF3CAF-6C24-45E3-8638-734AA584FE53} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-03-06 04:13 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe 2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2010-03-06 04:23 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2015-08-08 14:28 - 2015-08-08 14:28 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll 2012-10-01 16:43 - 2011-05-20 03:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID AlternateDataStreams: C:\windows\splwow64.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\aaclient.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\adprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\advapi32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\credui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10core.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10_1.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\d3d11.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\davclnt.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dhcpcore6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dhcpcsvc6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\diagtrack.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\diskperf.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dpnet.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dxgi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\esent.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\fsquirt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\fsutil.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\IEUDINIT.EXE:$CmdTcID AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\iphlpsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\jnwmon.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\logman.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msdrm.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msieftp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msimsg.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msscntrs.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\mssph.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mssrch.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mssvp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\netcorehc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\netevent.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\ntshrui.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nv3dappshextr.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvapi64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvcompiler.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvcpluir.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvcuda.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvcuvenc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvcuvid.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvd3dumx.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvdispco6432702.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvdispgenco6432702.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\NvFBC64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\NvIFR64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvoglv64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvopencl.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\nvvsvc.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\nvwgf2umx.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\objsel.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\odbccp32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\odbccr32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\odbccu32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\odbctrac.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\oleacc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\OpenCL.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\osk.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\OxpsConverter.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rdrmemptylst.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\relog.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\sbe.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\SearchFilterHost.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\sechost.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\secproc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\services.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\tdh.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\timedate.cpl:$CmdTcID AlternateDataStreams: C:\windows\system32\tquery.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\typeperf.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\UIAnimation.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\UtcResources.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\Wdfres.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\webio.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WindowsCodecsExt.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wmi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WUDFCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\windows\system32\WUDFPlatform.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WUDFSvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\WUDFx.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wwanprotdim.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\wwansvc.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\xmllite.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\adprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\advapi32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\comctl32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\credui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cryptbase.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d2d1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10core.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10level9.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10_1.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d10_1core.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\d3d11.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\davclnt.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dfshim.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dhcpcore6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\diskperf.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dpnet.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dxgi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\esent.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\fsutil.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\icardagt.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\icardres.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\InkEd.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\logman.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mfc42.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mpg2splt.ax:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mscorier.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mscories.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msdrm.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msieftp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msimsg.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msscntrs.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mssph.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mssrch.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mssvp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\netcorehc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\netevent.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntshrui.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvcompiler.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvcuda.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvcuvenc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvcuvid.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvd3dum.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvencodemft.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\NvFBC.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\NvIFR.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvoglv32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvopencl.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\nvwgf2um.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\objsel.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\odbccp32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\odbccr32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\odbccu32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\odbcjt32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\odbctrac.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ole32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\oleacc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\OpenCL.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\osk.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\pku2u.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\relog.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\sbe.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\SearchFilterHost.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\sechost.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\secproc.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tdh.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\timedate.cpl:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tquery.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\typeperf.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\UIAnimation.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\usp10.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wdi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\webio.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wmi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\xmllite.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID AlternateDataStreams: C:\windows\SysWOW64\XpsPrint.dll:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\amdsata.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\amdxata.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\ataport.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\athrx.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\bthenum.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\bthport.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\BTHUSB.SYS:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\dxgmms1.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\fs_rec.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\hidclass.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\hidparse.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\iaStorV.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\ndis.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\netio.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\nvlddmkm.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\nvraid.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\nvstor.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\RNDISMP.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tcpipreg.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usb8023.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbccgp.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbcir.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbd.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbehci.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbhub.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbport.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\USBSTOR.SYS:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\usbvideo.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\Wdf01000.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\WdfLdr.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\WUDFPf.sys:$CmdTcID AlternateDataStreams: C:\windows\system32\Drivers\WUDFRd.sys:$CmdTcID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ania\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 156.154.70.25 - 156.154.71.25 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E3377ABB-44D7-4045-B781-F753383E9447}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6A1B2D25-15F5-48F9-8A90-A6D3F4A01D24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1905886C-F06D-4AAE-8778-0B20F35A0811}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Faulty Device Manager Devices ============= Name: Kontroler Ethernet Description: Kontroler Ethernet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/08/2015 02:03:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Rezip.exe, wersja: 500.2001.208.2009, sygnatura czasowa: 0x49afaf79 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x7523728c Identyfikator procesu powodującego błąd: 0x638 Godzina uruchomienia aplikacji powodującej błąd: 0xRezip.exe0 Ścieżka aplikacji powodującej błąd: Rezip.exe1 Ścieżka modułu powodującego błąd: Rezip.exe2 Identyfikator raportu: Rezip.exe3 Error: (08/08/2015 12:09:32 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (08/08/2015 11:21:25 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (08/08/2015 10:46:51 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Nie można zainicjować monitorowania wydajności dla obiektu programu zbierającego, ponieważ liczniki nie są załadowane lub nie można otworzyć obiektu pamięci współużytkowanej. Wpływa to tylko na dostępność liczników monitora wydajności. Uruchom ponownie komputer. Kontekst: aplikacja , wykaz SystemIndex Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (08/08/2015 09:36:28 AM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis System errors: ============= Error: (08/08/2015 06:28:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Usługa Instalator modułów systemu Windows nie została poprawnie zamknięta po odebraniu kodu sterującego przed zamknięciem. Error: (08/08/2015 03:29:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070652: Aktualizacja zabezpieczeń produktu Microsoft Office Compatibility Pack Service Pack 3 (KB2863812). Error: (08/08/2015 03:29:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070652: Aktualizacja produktu Microsoft Office 2007 suites (KB2965286). Error: (08/08/2015 03:29:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070652: Aktualizacja produktu Microsoft Office 2007 suites (KB2767849). Error: (08/08/2015 03:19:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Windows Search z powodu następującego błędu: %%1053 Error: (08/08/2015 03:19:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Windows Search. Error: (08/08/2015 02:46:55 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: ZARZĄDZANIE NT) Description: Inicjacja klienta CBS nie powiodła się. Ostatni błąd: 0x80080005 Error: (08/08/2015 02:46:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (08/08/2015 02:28:45 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (08/08/2015 02:17:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80242016: Aktualizacja listy widoku zgodności programu Internet Explorer 8 dla systemu Windows 7 x64 (KB2598845). Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 40% Total physical RAM: 3956.55 MB Available physical RAM: 2362.74 MB Total Virtual: 7911.31 MB Available Virtual: 5903.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:62.26 GB) (Free:29.21 GB) NTFS Drive d: () (Fixed) (Total:220.73 GB) (Free:220.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: CC5F9E61) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=62.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=220.7 GB) - (Type=07 NTFS) ==================== End of log ============================