cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 31/12/2015 19:57:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\S$4NT05\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,46 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 43,44% Memory free
6,92 Gb Paging File | 4,46 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 394,66 Gb Free Space | 84,75% Space Free | Partition Type: NTFS

Computer Name: S4NT05-PC | User Name: S$4NT05 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/12/31 19:55:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\S$4NT05\Downloads\OTL.exe
PRC - [2015/12/31 18:01:05 | 000,827,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2015/12/02 22:06:42 | 005,893,920 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2015/12/02 22:06:42 | 000,882,464 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2015/10/27 20:31:19 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/10/27 20:31:19 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/10/27 20:31:19 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/03/24 01:34:20 | 000,296,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/08/16 14:06:07 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/06/04 23:48:56 | 000,319,080 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:[b]64bit:[/b] - [2015/05/25 16:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/12/31 18:01:05 | 000,827,680 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService9)
SRV - [2015/12/02 22:07:24 | 002,934,048 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/12/02 22:06:42 | 000,882,464 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2015/10/30 16:34:50 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/27 20:31:19 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/10/27 20:31:19 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/10/27 18:56:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/10/05 16:57:29 | 005,542,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Arquivos de Programas\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2015/09/09 20:13:01 | 001,998,520 | ---- | M] (Comodo) [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe -- (ChromodoUpdater)
SRV - [2015/09/08 00:41:45 | 001,268,568 | ---- | M] (Disc Soft Ltd) [Disabled | Stopped] -- C:\Arquivos de Programas\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV - [2015/08/29 16:57:44 | 002,265,792 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Arquivos de Programas\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2015/08/09 05:04:33 | 000,022,528 | ---- | M] () [Disabled | Stopped] -- C:\Windows\KMS-R@1n.exe -- (KMS-R@1n)
SRV - [2015/06/28 04:36:50 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2015/06/24 14:03:12 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2015/06/23 23:15:57 | 000,822,232 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel(R)
SRV - [2015/06/23 23:15:56 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\TXE Components\TCS\HeciServer.exe -- (Intel(R)
SRV - [2015/06/04 23:48:54 | 000,280,680 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/12/31 19:56:12 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2015/12/31 18:51:07 | 001,026,304 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2015/12/31 18:01:31 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:[b]64bit:[/b] - [2015/12/02 22:27:03 | 000,032,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2015/11/18 15:14:25 | 000,021,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:[b]64bit:[/b] - [2015/10/27 20:31:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/10/27 20:31:18 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2015/09/14 12:22:31 | 000,814,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2015/09/08 00:41:53 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:[b]64bit:[/b] - [2015/07/05 10:59:02 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2015/07/05 10:59:01 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2015/07/01 00:01:31 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2015/06/30 23:51:05 | 000,108,800 | ---- | M] ootloooo(DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2015/06/28 13:43:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2015/06/28 13:43:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2015/06/28 02:28:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2015/06/25 16:49:53 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2015/06/23 23:15:43 | 000,088,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:[b]64bit:[/b] - [2015/06/23 14:26:28 | 000,010,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:[b]64bit:[/b] - [2015/06/23 14:18:09 | 000,022,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2015/05/25 04:20:58 | 003,788,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2015/03/23 10:34:20 | 000,390,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2014/09/09 06:13:28 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/12/02 22:06:44 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys -- (RegFilter)
DRV - [2015/12/02 22:06:44 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2015/12/02 22:06:44 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2015/09/09 21:32:19 | 000,037,024 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8101.sys -- (hid8101)
DRV - [2015/09/09 21:32:19 | 000,034,963 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid7906.sys -- (hid7906)
DRV - [2015/09/09 21:32:19 | 000,034,587 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\hid8103.sys -- (hid8103)
DRV - [2015/06/26 10:23:33 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com.br/
IE - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=U313DF&PC=U313&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg\2.0.17_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\S$4NT05\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/08/09 04:10:00 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de Programas\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 9] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-21-2853979027-3593707979-2996998019-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:[b]64bit:[/b] - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07459BC8-EBD2-4BBF-B7EC-D2E5E758C0D7}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2492d9fb-559a-11e5-935e-448a5b68ce59}\Shell - "" = AutoRun
O33 - MountPoints2\{2492d9fb-559a-11e5-935e-448a5b68ce59}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/12/31 19:45:31 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2015/12/31 18:50:06 | 001,026,304 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2015/12/31 18:50:06 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2015/12/31 18:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
[2015/12/31 18:01:42 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysWow64\IObitSmartDefragExtension.dll20151231180145.dll
[2015/12/31 18:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
[2015/12/27 16:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2015/12/26 15:06:18 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Documents\kaique
[2015/12/05 12:46:53 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Documents\manual xr 200, cbx 200
[2015/12/05 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Documents\MANUAL MECANICA HONDA NX4 FALCON
[2015/12/05 12:35:53 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Documents\ManualServico.XLX350R.1984
[2015/12/04 22:25:51 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\AppData\Local\CEF
[2015/12/04 22:24:56 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Desktop\Blueprints
[2015/12/02 22:25:53 | 000,032,936 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2015/12/02 22:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2015/12/02 22:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
[2015/12/02 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2015/12/02 10:10:41 | 000,000,000 | ---D | C] -- C:\Users\S$4NT05\Desktop\Fotos cel
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/12/31 20:04:32 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2015/12/31 19:56:12 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/31 19:50:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/31 19:50:59 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/31 19:45:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2015/12/31 19:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/31 19:44:43 | 2786,267,136 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/31 19:43:24 | 000,000,000 | -H-- | M] () -- C:\asc_rdflag
[2015/12/31 18:52:57 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 3.lnk
[2015/12/31 18:51:07 | 001,026,304 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2015/12/31 18:51:07 | 000,116,304 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2015/12/31 18:51:07 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2015/12/31 18:17:22 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
[2015/12/31 18:01:36 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 4.lnk
[2015/12/31 18:01:31 | 000,034,080 | ---- | M] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2015/12/31 18:01:31 | 000,021,184 | ---- | M] (IObit) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2015/12/31 18:01:27 | 000,128,288 | ---- | M] (IObit) -- C:\Windows\SysWow64\IObitSmartDefragExtension.dll20151231180145.dll
[2015/12/31 18:01:27 | 000,128,288 | ---- | M] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2015/12/31 18:01:12 | 000,027,424 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2015/12/27 16:17:25 | 001,083,932 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2015/12/27 13:01:24 | 000,412,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/13 15:00:17 | 000,001,106 | ---- | M] () -- C:\Users\S$4NT05\Desktop\Documentos - Atalho.lnk
[2015/12/02 22:27:03 | 000,032,936 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2015/12/02 22:10:29 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2015/12/02 22:06:46 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/12/31 19:43:24 | 000,000,000 | -H-- | C] () -- C:\asc_rdflag
[2015/12/31 18:01:14 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
[2015/12/27 13:01:13 | 000,412,632 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/13 15:00:17 | 000,001,106 | ---- | C] () -- C:\Users\S$4NT05\Desktop\Documentos - Atalho.lnk
[2015/12/02 22:10:29 | 000,001,294 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[2015/12/02 22:09:13 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster 3.lnk
[2015/12/02 22:06:46 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2015/10/29 15:29:39 | 000,877,296 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2015/10/29 15:29:39 | 000,244,307 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2015/10/29 15:29:38 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2015/09/11 00:55:20 | 000,002,588 | ---- | C] () -- C:\Users\S$4NT05\AppData\Local\recently-used.xbel
[2015/08/09 05:04:33 | 000,022,528 | ---- | C] () -- C:\Windows\KMS-R@1n.exe
[2015/08/09 04:56:39 | 010,317,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/07/23 19:24:38 | 000,000,209 | -H-- | C] () -- C:\Users\S$4NT05\.swfinfo
[2015/06/26 10:48:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/06/23 14:01:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/06/23 14:01:24 | 000,030,847 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2015/05/25 04:16:14 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2015/05/25 04:16:14 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/08/24 00:49:01 | 000,000,002 | ---- | M] () -- C:\Users\S$4NT05\AppData\Roaming\Comodo\CCE\database\submit.n
[2015/06/28 01:56:32 | 000,000,002 | ---- | M] () -- C:\Users\S$4NT05\AppData\Roaming\Comodo\KillSwitch\database\submit.n
[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/16 14:09:29 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/16 14:09:30 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/06/25 16:35:14 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2015/09/09 17:07:09 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\DAEMON Tools Lite
[2015/12/31 18:00:31 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\IObit
[2015/12/31 06:37:18 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\Kodi
[2015/09/09 21:09:52 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\Loonies
[2015/08/01 15:06:19 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\PhotoScape
[2015/12/31 06:40:14 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\ProductData
[2015/09/29 10:42:34 | 000,000,000 | ---D | M] -- C:\Users\S$4NT05\AppData\Roaming\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Windows\twain_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\zipfldr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvidvfw.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvidcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvid.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xpsservices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XpsRasterService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xmllite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wusa.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wtsapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WSTPager.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wsnmp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wshom.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wshirda.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wshbth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wsdchngr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WSDApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wscript.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wscapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ws2_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wpdwcn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WPDSp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WPDShServiceObj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wpdshext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVCORE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpsrcwp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpshell.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpmde.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmploc.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMPhoto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMPEncEn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpeffects.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpdxm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMNetMgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmdrmnet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmdrmdev.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Wldap32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wlanui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wlanpref.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wlanmsm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wlangpui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wkscli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\winspool.drv:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WinSCard.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WinSATAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\winmm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\winhttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\win32spl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wimserv.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wimgapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wiavideo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wiadefui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WerFaultSecure.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\webservices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\webio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wdscore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wdmaud.drv:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wdc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wcncsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wbemcomn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wavemsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\w32tm.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vssapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vpnikeapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vfwwdm32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vdsbas.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vbisurf.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\VBICodec.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Vault.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\VAN.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\uxlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\utildll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\usp10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\userinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\userenv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\usercpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\UserAccountControlSettings.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\user32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\upnp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\untfs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\unlodctr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\unimdmat.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\unimdm.tsp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\UIRibbonRes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\UIRibbon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ubpm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tzutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\twext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\TSWorkspace.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tsmf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tsbyuv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\TRAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tquery.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tlscsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\timedate.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\thumbcache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\themeui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\themecpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\termmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tcpmonui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tcpipcfg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\taskschd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\taskmgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\taskeng.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\taskcomp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tapisrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\takeown.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\t2embed.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\systemcpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\syssetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sysmon.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sysdm.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\syncui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\synceng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SyncCenter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sxs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sud.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\StructuredQuery.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\stobject.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ssText3d.scr:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sscore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\srvcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SRCOM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\srchadmin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sqlsrv32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sqlcese30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spwmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spwizres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spwizeng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sppinst.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sppcomapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sppc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spopk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\spbcd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SndVolSSO.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SndVol.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SmartcardCredentialProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\slwga.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sisbkup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shwebsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shunimpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shsvcs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shsetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shlwapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shimgvw.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shimeng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shgina.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shdocvw.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shacct.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\setupugc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\setupcln.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\setupapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sethc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SessEnv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SensorsCpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SECOMN32.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SearchProtocolHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SearchIndexer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SearchFolder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SearchFilterHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sdbinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scrrun.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scrptadm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\schtasks.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\schedcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scesrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scecli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scansetting.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sbe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\samcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\runonce.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rtutils.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RpcRtRemote.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rpchttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Robocopy.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RltkAPO.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\riched32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\riched20.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Ribbons.scr:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\resutils.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\remotepg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\regapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ReAgentc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ReAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdvgumd32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdprefdrvapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpendp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpencom.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpd3d.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rastls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rastapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rasppp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\raschap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RacEngn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\QUTIL.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Query.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qt-dx331.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\QSVRMGMT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\QSHVHOST.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qdv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\QCLIPROV.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qcap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qasf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\QAGENT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PushPrinterConnections.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\puiobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\psisrndr.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\psisdecd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\provsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\proquota.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\propsys.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prntvpt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prnfldr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prncache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\printui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prevhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PresentationHostProxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PresentationHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ppcsnap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\powercpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\powercfg.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PortableDeviceSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PortableDeviceStatus.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PortableDeviceApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\poqexec.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pnidui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pmcsnap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pla.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pku2u.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PkgMgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pifmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\photowiz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PhotoScreensaver.scr:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\perfts.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\perfmon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PerfCenterCPL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pdhui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pdh.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\packager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\osk.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OpcServices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OobeFldr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OnLineIDCpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\onexui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\onex.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\olethk32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\olepro32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\oleaut32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\oleacc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ole32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbctrac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbcjt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbccu32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbccr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbccp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbcconf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\odbc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ocsetup.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ocsetapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ntshrui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ntprint.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ntlanman.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nslookup.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nshwfp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nshipsec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nlsbres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nlaapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\networkmap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\networkexplorer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netutils.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netshell.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netplwiz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netlogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netjoin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netiougc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netiohlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netid.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netfxperf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netevent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netdiagfx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netcorehc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netcfgx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netcenter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netbtugc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\net1.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ncsi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ncryptui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nci.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\NaturalLanguage6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\NAPHLPR.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\napdsnap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\NAPCRYPT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Mystify.scr:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mydocs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MuiUnattend.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\muifontsetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mtxclu.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msyuv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mswsock.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSVidCtl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msvidc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msvfw32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msvcrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msutb.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mstsc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mstask.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mssvp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mssrch.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mssphtb.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mssph.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msscntrs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msrle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msorcl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSNP.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msinfo32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msimsg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msihnd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msiexec.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msieftp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msftedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msdxm.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSDvbNP.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msdmo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msctf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mscories.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mscorier.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mscoree.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mscms.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msasn1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSAC3ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mprddm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mprapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mpg2splt.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Mpeg2Data.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mobsync.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mmsys.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MMDevAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mmcndmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mimefilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\migisol.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfc42u.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfc42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfc40u.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfc40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MediaMetadataHandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mciqtz32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mciavi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mcbuilder.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mapistub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\main.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\lzhfldr2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\luainstall.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\lsmproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\logoncli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\logagent.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\localsec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ksxbar.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Kswdmcap.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\kstvtune.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ksproxy.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDYAK.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDUS.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDUGHR1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTURME.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTUQ.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTUF.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTAT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTAJIK.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDSG.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDSF.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDRU1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDRU.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDPO.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDNEPR.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDMON.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDMAORI.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDLT1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\kbdlk41a.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINTEL.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINTAM.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINORI.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINMAR.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINKAN.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINHIN.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDINBEN.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDGR1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDGKL.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDGEO.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDCZ1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDBULG.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDBLR.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDBASH.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iyuv_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iTVData.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\itircl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\isoburn.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iscsium.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iscsicli.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ipsmsnap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iprtrmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\IPHLPAPI.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iologmsg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\IObitSmartDefragExtension.dll20151231180145.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\intl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\input.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\InkEd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\inetmib1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\inetcomm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\imm32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\imkr80.ime:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\IMJP10K.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\IMJP10.IME:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\imapi2fs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\imapi2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\imagehlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ifsutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iccvid.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iasrecst.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iasrad.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iasacct.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\httpapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\hgcpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\hbaapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gpprefcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gdi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\g711codc.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ftp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fsutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\framedynos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\framedyn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fphc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fontext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fms.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fmcodec.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FirewallControlPanel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\findstr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fdeploy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fde.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Faultrep.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ExplorerFrame.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\eudcedit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\esent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\EncDec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\elsTrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\EhStorAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\efscore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\eapphost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\eappgnui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\eapp3hst.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DxpTaskSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DXPTaskRingtone.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxmasf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxdiagn.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dsuiext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dskquoui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DShowRdpFilter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dsauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drvstore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drvinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drivers\hid8103.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drivers\hid8101.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drivers\hid7906.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpnet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpnaddr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpl100.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dot3ui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dot3msm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dot3cfg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dot3api.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dnscmmc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dnscacheugc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dnsapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DivXsm.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\divxdec.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\divx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Display.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\diskraid.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\diskpart.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dhcpcsvc6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dhcpcore6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dhcpcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dfshim.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dfrgui.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devrtl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DevicePairingFolder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DeviceCenter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\desk.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\defaultlocationcpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dbghelp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dbgeng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_31.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_29.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_28.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_26.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_25.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_24.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d11.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cscript.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cscobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cscdll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cscapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cryptdlg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\credui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\CPFilters.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\coreavcdecoder.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\comdlg32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\comctl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cmstp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cmd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\clusapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\clfsw32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cewmdm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\certutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\CertPolEng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\certmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\CertEnroll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\certenc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cdosys.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cca.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\calc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cabview.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cabinet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\C_ISCII.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bugtrap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Bubbles.scr:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bthprops.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\browseui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\browcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bitsperf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bitsadmin.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\batmeter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\basecsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\AzSqlExt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\azroleui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\azroles.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avifil32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\autoplay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\autofmt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\autoconv.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\autochk.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\authui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\AuthFWSnapin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\audiodev.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\asycfilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\appwiz.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\appmgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\apphelp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amstream.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\adsldp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\AdmTmpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\actxprxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\activeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ActionCenterCPL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ActionCenter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\acppage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\accessibilitycpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ac3filter.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ac3filter.acm:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\splwow64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\KMS-R@1n.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\bfsvc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\S$4NT05\Desktop\Profile Criator.zip:$CmdZnID

< End of report >

Publicité


Signaler le contenu de ce document

Publicité