Solved Virus appeared when my relative use my computer

Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by user (2016-04-28 11:05:10) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
S2 KOS_Service; C:\Kings\KOS\KOSSvc.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JRSKD24; \??\C:\windows\system32\JRSKD24.SYS [X]
S3 ProMDefense; \??\C:\Windows\SysWOW64\drivers\ProMDefense.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
2015-11-05 15:28 - 2016-02-03 16:42 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-08 18:13 - 2016-02-08 18:13 - 0001298 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-10-22 15:40 - 2015-10-22 15:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID [43]
AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\ImageSAFERSvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10034.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10035.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\uninstallkdf8.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\AcpiServiceVnA64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAC64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\audioLibVc.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\btscan.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgent.dat:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\CKAgent.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.dat:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CX64APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPA64F3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPD64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPD64AF3.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64AF3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64AF3.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOProp.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv201.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv211.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPONS64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLFXAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLimiterDLL64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSU2PGFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PLFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PREC64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FMAPO64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FsExService64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\HiFiDAX2API.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\icaapi.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ICEsoundAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ImageSAFERMessage.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERRecovery.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X86.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\IntelSSTAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\IntelSstCApoPropPage.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\KAAPORT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO20.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO30.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO6064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO7064.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioEQ64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO4064.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MISS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\NAHIMICAPOlfx.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NahimicAPONSControl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NAHIMICV2apo.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvapi64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvaudcap64v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuda.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuvid.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvd3dumx.dll:$CmdTcID [43]
 
AlternateDataStreams: C:\windows\system32\nvdispco6435850.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\nvdispco6435891.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvdispco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435850.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435891.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispgenco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvEncodeAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvFBC64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdagenco6420103.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdap64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NvIFR64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvIFROpenGL.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvinitx.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvoglshim64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvoglv64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvumdshimx.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvvsvc.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\nvwgf2umx.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\OpenCL.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\R4EEA64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEL64A.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\R4EEP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RCoInstII64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RltkAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RP3DAA64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RP3DHT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTCOM64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtDataProc64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEL64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTEEP64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkApi64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtkCfg64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkCoLDR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtlCPAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RtPgEx64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTSnMg64.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SECOMN64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEHDRA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SFAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFNHK64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFSS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\sl3apo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slcnt64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slprp64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\sltech64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRRPTR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRSWOW64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tadefxapo.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tadefxapo264.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tepeqapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tosade.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\tosasfapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\toseaeapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tossaeapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tossaemaxapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WavesGUILib64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01009.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\YamahaAE.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\YamahaAE2.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\CKAgent.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.dat:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\CKSetup32.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\FsExService64.Exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERMessage.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERRecovery.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\INICRYPTOSDK.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\kck86.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kck86s.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kcu86.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\muzapp.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfx.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxa.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxcv.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxe64.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxes.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxexp.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxext.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxjv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmi.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxne.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxpa.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrsen.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrskr.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsdk.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxtr.exe:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxup.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxupd.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxust.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\npkfxx.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvapi.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvaudcap32v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvcompiler.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuda.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuvid.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvd3dum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\NvFBC.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\NvIFR.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvinit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvISWOW64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglshim32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglv32.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvPhotoshopUtil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvStreaming.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\nvumdshim.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvwgf2um.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\OpenCL.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\RltkAPO.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SCSKLoader.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SECOMN32.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SFCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\TDepend.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TDepend64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg64.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\TUCtlMng.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TUCTLSystem.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\uninst_MAWS_MMASJ.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [42]
 
AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wmploc.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\XPayExtension.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hcs.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hub.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\nvhda64v.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\nvvad64v.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\terminpt.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [44]
AlternateDataStreams: C:\Program Files\Common Files\System:BSf4lYkfRPryHxt26PTRG4lAJelg [2082]
AlternateDataStreams: C:\ProgramData\Microsoft:0I6ihMVHWEJMwBokIcCb [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:13eAKNOiTRuxOdaLHa4PNTgq [2402]
AlternateDataStreams: C:\ProgramData\Microsoft:7Ui8pQoAlWDkJY1tGX [2052]
AlternateDataStreams: C:\Users\user\Desktop\adwcleaner_5.113.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Desktop\adwcleaner_5.113.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\ComboFix.exe:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Desktop\ComboFix.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\JRT.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\RogueKiller.exe:$CmdTcID [46]
AlternateDataStreams: C:\Users\user\Desktop\RogueKiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe.vqhlv62.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe.7slorg6.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [46]
AlternateDataStreams: C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.53.0.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:8GAbOwzMl9ir2g2Rd9gDW3esQS [1976]
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:aeGHh1xfWE2Y9FVvwQPB [2130]
AlternateDataStreams: C:\Users\user\Documents\이력서.DOC:$CmdZnID [26]



*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@softforum.com/npKeyPro" => key removed successfully
KOS_Service => service removed successfully
catchme => service removed successfully
JRSKD24 => service removed successfully
ProMDefense => service removed successfully
VGPU => service removed successfully
x64kdss => service removed successfully
C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
C:\Users\user\AppData\Local\recently-used.xbel => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\windows\avastSS.scr" => ":$CmdTcID" ADS not found.
"C:\windows\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\windows\ImageSAFERSvc.exe" => ":$CmdTcID" ADS not found.
"C:\windows\INISandBoxMonitor.10034.exe" => ":$CmdTcID" ADS not found.
"C:\windows\INISandBoxMonitor.10035.exe" => ":$CmdTcID" ADS not found.
"C:\windows\uninstallkdf8.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\AcpiServiceVnA64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\AERTAC64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\AERTAR64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\audioLibVc.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\btscan.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CKAgent.dat" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CKAgent.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CKAgentNXE.dat" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CKAgentNXE.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CONEQMSAPOGUILibrary.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CPFilters.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\CX64APO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPA64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPA64F3.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPD64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPD64AF3.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPO64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPO64AF3.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPP64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DDPP64AF3.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\devinv.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DolbyDAX2APOProp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DolbyDAX2APOv201.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DolbyDAX2APOv211.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSBassEnhancementDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSBoostDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSGainCompensatorDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSGFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSGFXAPONS64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSLFXAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSLimiterDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSNeoPCDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSS2HeadphoneDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSS2SpeakerDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSSymmetryDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSU2PGFX64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSU2PLFX64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSU2PREC64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\DTSVoiceClarityDLL64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\dxmasf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\els.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\EncDec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\evr.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\fixmapi.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\FMAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\FsExService64.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\fveapi.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\fveapibase.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\HiFiDAX2API.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\icaapi.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ICEsoundAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ImageSAFERMessage.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ImageSAFERRecovery.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ImageSAFERStart_X64.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ImageSAFERStart_X86.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\windows\system32\inseng.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\IntelSSTAPO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\IntelSstCApoPropPage.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\invagent.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\KAAPORT64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ksuser.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO20.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO30.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO4064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO5064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO6064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPO7064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioAPOShell64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioEQ64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxAudioRealtek64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxSpeechAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxVoiceAPO2064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxVoiceAPO3064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxVoiceAPO4064.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MaxxVolumeSDAPO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mcmde.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MISS_APO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msdxm.ocx" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msmpeg2adec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MsRdpWebAccess.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mstsc.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NAHIMICAPOlfx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NahimicAPONSControl.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NAHIMICV2apo.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvapi64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvaudcap64v.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvcuda.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvcuvid.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvd3dumx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispco6435850.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispco6435891.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispco6435906.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispco6436143.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispgenco6435850.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispgenco6435891.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispgenco6435906.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvdispgenco6436143.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvEncodeAPI64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NvFBC64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvhdagenco6420103.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvhdap64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NvIFR64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\NvIFROpenGL.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvinitx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvoglshim64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvoglv64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvopencl.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvumdshimx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvvsvc.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nvwgf2umx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\occache.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\OpenCL.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\qasf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\R4EEA64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\R4EED64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\R4EEG64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\R4EEL64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\R4EEP64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RCoInstII64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\rdpendp_winip.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\rdvidcrl.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RltkAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RP3DAA64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RP3DHT64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RTCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtDataProc64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RTEED64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RTEEG64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RTEEL64A.dll" => ":$CmdTcID" ADS not found.
 
"C:\windows\system32\RTEEP64A.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtkApi64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtkCfg64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtkCoLDR64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtlCPAPI64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RtPgEx64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\RTSnMg64.cpl" => ":$CmdTcID" ADS not found.
"C:\windows\system32\samlib.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\samsrv.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SEAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\seclogon.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SECOMN64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SEHDRA64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SFAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SFCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SFNHK64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SFSS_APO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\sl3apo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\slcnt64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\slprp64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\sltech64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\spwmp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRAPO64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRCOM.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRCOM64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRRPTR64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRSHP64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRSTSH64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRSTSX64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SRSWOW64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\SysFxUI.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tadefxapo.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tadefxapo264.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tbs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tepeqapo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tosade.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tosasfapo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\toseaeapo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tossaeapo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tossaemaxapo64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\TsUsbGDCoInstaller.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WavesGUILib64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WdfCoInstaller01009.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\winlogon.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wksprt.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wksprtPS.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMALFXGFXDSP.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wmp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wmploc.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wmpmde.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WpdMtp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\WpdMtpUS.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\wshrm.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\YamahaAE.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\YamahaAE2.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\CKAgent.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\CKAgentNXE.dat" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\CKAgentNXE.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\CKSetup32.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\CPFilters.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\dxmasf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\els.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\EncDec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\fixmapi.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\FsExService64.Exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ImageSAFERMessage.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ImageSAFERRecovery.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\INICRYPTOSDK.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\inseng.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\instnm.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\kck86.sys" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\kck86s.sys" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\kcu86.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\ksuser.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mapi32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mapistub.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MASetupCleaner.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msdxm.ocx" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msmpeg2adec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\MsRdpWebAccess.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mstsc.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\muzapp.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfx.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxa.sys" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxcv.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxe64.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxes.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxexp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxext.ocx" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxjv.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxmi.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxmp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxne.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxpa.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxrsen.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxrskr.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxsdk.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxsvc.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxtr.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxup.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxupd.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxust.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\npkfxx.ocx" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvapi.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvaudcap32v.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvcompiler.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvcuda.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvcuvid.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvd3dum.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvEncodeAPI.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\NvFBC.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\NvIFR.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\NvIFROpenGL.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvinit.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvISWOW64.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvoglshim32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvoglv32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvopencl.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvPhotoshopUtil.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvStreaming.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvumdshim.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\nvwgf2um.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\occache.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\OpenCL.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\qasf.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\rdpendp_winip.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\rdvidcrl.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\RltkAPO.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\samlib.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\SCSKLoader.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\SECOMN32.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\setup16.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\SFCOM.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\spwmp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\SRCOM.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\tbs.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\TDepend.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\TDepend64.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\tknetcfg.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\tknetcfg64.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\TUCtlMng.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\TUCTLSystem.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\uninst_MAWS_MMASJ.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\user.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\winver.exe" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wksprtPS.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wmp.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wmploc.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wmpmde.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wow32.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\wshrm.dll" => ":$CmdTcID" ADS not found.
"C:\windows\SysWOW64\XPayExtension.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\drmk.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\drmkaud.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\iusb3hcs.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\iusb3hub.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\iusb3xhc.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\nvhda64v.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\nvlddmkm.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\nvvad64v.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\portcls.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\rdpvideominiport.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\RTKVHD64.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\terminpt.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\tssecsrv.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\TsUsbFlt.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\TsUsbGD.sys" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\winusb.sys" => ":$CmdTcID" ADS not found.
C:\Program Files\Common Files\System => ":BSf4lYkfRPryHxt26PTRG4lAJelg" ADS removed successfully.
C:\ProgramData\Microsoft => ":0I6ihMVHWEJMwBokIcCb" ADS removed successfully.
C:\ProgramData\Microsoft => ":13eAKNOiTRuxOdaLHa4PNTgq" ADS removed successfully.
C:\ProgramData\Microsoft => ":7Ui8pQoAlWDkJY1tGX" ADS removed successfully.
"C:\Users\user\Desktop\adwcleaner_5.113.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Desktop\adwcleaner_5.113.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Desktop\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\user\Desktop\ComboFix.exe" => ":$CmdZnID" ADS not found.
"C:\Users\user\Desktop\JRT.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Desktop\RogueKiller.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Desktop\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe" => ":$CmdTcID" ADS not found.
"C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\3DP_Chip_v1511.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\3DP_Chip_v1511.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\3DP_Chip_v1601.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\3DP_Chip_v1601.exe.vqhlv62.partial => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe.7slorg6.partial => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.53.0.exe" => ":$CmdTcID" ADS not found.
"C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf" => ":$CmdTcID" ADS not found.
C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\user\AppData\Local\Temp => ":8GAbOwzMl9ir2g2Rd9gDW3esQS" ADS removed successfully.
"C:\Users\user\AppData\Local\Temporary Internet Files" => ":aeGHh1xfWE2Y9FVvwQPB" ADS not found.
C:\Users\user\Documents\이력서.DOC => ":$CmdZnID" ADS removed successfully.

==== End of Fixlog 11:05:11 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 77
Java 8 Update 91
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome (49.0.2623.112)
Google Chrome (50.0.2661.87)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by user (administrator) on 28-04-2016 at 15:19:28
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Ultimate K Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2016-04-28 06:26:42.618 Sophos Virus Removal Tool version 2.5.5
2016-04-28 06:26:42.618 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-28 06:26:42.618 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-28 06:26:42.618 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-04-28 06:26:42.618 Checking for updates...
2016-04-28 06:26:45.254 Update progress: proxy server not available
2016-04-28 06:26:49.324 Option all = no
2016-04-28 06:26:49.324 Option recurse = yes
2016-04-28 06:26:49.324 Option archive = no
2016-04-28 06:26:49.324 Option service = yes
2016-04-28 06:26:49.324 Option confirm = yes
2016-04-28 06:26:49.324 Option sxl = yes
2016-04-28 06:26:49.324 Option max-data-age = 35
2016-04-28 06:26:49.324 Option EnableSafeClean = yes
2016-04-28 06:26:50.385 Option vdl-logging = yes
2016-04-28 06:26:50.385 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-28 06:26:50.385 Machine ID: 4a90f69a9b6d416a95276bb0b93f558d
2016-04-28 06:26:50.385 Component SVRTcli.exe version 2.5.5
2016-04-28 06:26:50.385 Component control.dll version 2.5.5
2016-04-28 06:26:50.385 Component SVRTservice.exe version 2.5.5
2016-04-28 06:26:50.385 Component engine\osdp.dll version 1.44.1.2250
2016-04-28 06:26:50.385 Component engine\veex.dll version 3.65.0.2250
2016-04-28 06:26:50.385 Component engine\savi.dll version 9.0.1.2250
2016-04-28 06:26:50.385 Component rkdisk.dll version 1.5.30.0
2016-04-28 06:26:50.385 Version info: Product version 2.5.5
2016-04-28 06:26:50.385 Version info: Detection engine 3.65.0
2016-04-28 06:26:50.385 Version info: Detection data 5.26
2016-04-28 06:26:50.385 Version info: Build date 2016-04-05
2016-04-28 06:26:50.385 Version info: Data files added 238
2016-04-28 06:26:50.385 Version info: Last successful update (not yet updated)
2016-04-28 06:27:25.391 Downloading updates...
2016-04-28 06:27:25.391 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-04-28 06:27:25.391 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-04-28 06:27:25.391 Update progress: [I49502] Found supplement IDE527 LATEST
2016-04-28 06:27:25.391 Update progress: [I49502] Found supplement IDE528 LATEST
2016-04-28 06:27:25.391 Update progress: [I49502] Found supplement IDE529 LATEST
2016-04-28 06:27:25.391 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-28 06:27:25.391 Update progress: [I19463] Syncing product SAVIW32 70
2016-04-28 06:27:30.399 Update progress: [I19463] Syncing product IDE527 142
2016-04-28 06:27:30.586 Installing updates...
2016-04-28 06:27:31.194 Error level 1
2016-04-28 06:27:31.226 Update progress: [I19463] Syncing product IDE528 99
2016-04-28 06:27:31.226 Update progress: [I19463] Syncing product IDE529 1
2016-04-28 06:27:34.517 Update successful
2016-04-28 06:27:40.196 Option all = no
2016-04-28 06:27:40.196 Option recurse = yes
2016-04-28 06:27:40.196 Option archive = no
2016-04-28 06:27:40.196 Option service = yes
2016-04-28 06:27:40.196 Option confirm = yes
2016-04-28 06:27:40.196 Option sxl = yes
2016-04-28 06:27:40.196 Option max-data-age = 35
2016-04-28 06:27:40.196 Option EnableSafeClean = yes
2016-04-28 06:27:40.211 Option vdl-logging = yes
2016-04-28 06:27:40.211 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-04-28 06:27:40.211 Machine ID: 4a90f69a9b6d416a95276bb0b93f558d
2016-04-28 06:27:40.211 Component SVRTcli.exe version 2.5.5
2016-04-28 06:27:40.211 Component control.dll version 2.5.5
2016-04-28 06:27:40.211 Component SVRTservice.exe version 2.5.5
2016-04-28 06:27:40.211 Component engine\osdp.dll version 1.44.1.2250
2016-04-28 06:27:40.211 Component engine\veex.dll version 3.65.0.2250
2016-04-28 06:27:40.211 Component engine\savi.dll version 9.0.1.2250
2016-04-28 06:27:40.227 Component rkdisk.dll version 1.5.30.0
2016-04-28 06:27:40.227 Version info: Product version 2.5.5
2016-04-28 06:27:40.227 Version info: Detection engine 3.65.0
2016-04-28 06:27:40.227 Version info: Detection data 5.26
2016-04-28 06:27:40.227 Version info: Build date 2016-04-05
2016-04-28 06:27:40.227 Version info: Data files added 238
2016-04-28 06:27:40.227 Version info: Last successful update 2016-04-28 오후 3:27:34

2016-04-28 07:23:50.575 Could not open C:\Boot\BCD
2016-04-28 07:23:53.539 Could not open C:\hiberfil.sys
2016-04-28 07:24:52.133 Could not open C:\pagefile.sys
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{2511e0f4-06a2-11e6-ac52-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{7a5cfd0d-0b8c-11e6-aea5-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{7f280ff2-0b94-11e6-a981-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{bbcba947-0d09-11e6-949f-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{ed59e623-0147-11e6-8bbb-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:33:39.616 Could not open C:\System Volume Information\{ed59e6c0-0147-11e6-8bbb-240a641d22ce}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-28 07:36:21.810 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-04-28 07:36:21.810 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-04-28 07:36:22.684 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-04-28 07:36:22.684 Could not open C:\Windows\System32\config\RegBack\SAM
2016-04-28 07:36:22.684 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-04-28 07:36:22.684 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-04-28 07:36:22.699 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file F:\Personal\Programs\Autodesk 3ds Max 2012\xf-adesk2012x32.exe
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 09:24:18.208 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 09:24:18.224 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:18.224 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 09:24:22.888 >>> Virus 'Troj/Agent-RCG' found in file F:\Personal\Programs\Autodesk 3ds Max 2012\xf-adesk2012x64.exe
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-04-28 09:24:22.904 >>> Virus 'Troj/Agent-RCG' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609
2016-04-28 10:10:41.758 The following items will be cleaned up:
2016-04-28 10:10:41.774 Troj/Agent-RCG
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

===============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you for help to clean the PC and I have 1 question:

When I used AVAST Anti Virus Program, it found some of "Malware and differnt virus"
They are in the AVAST 's quarantine box now.

What will happened if I delete all Malware and Virus in the box ?
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back