Solved Am I Infected?

BMDuBB · Jan 30, 2017

My pc just all of sudden started being very sluggish. I'm getting the, "this application is not responding" error in reference to microsoft windows. Boot up takes forever. Programs take forever to load. Not sure what to do at this point so I'm including the frst. txt & Addition.txt files.

Thanks in advance!

** FRST.txt **

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by DubbSpot (administrator) on DUBBSPOT-PC (30-01-2017 08:33:20)
Running from C:\Users\DubbSpot\Desktop
Loaded Profiles: DubbSpot (Available Profiles: DubbSpot)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Gramblr\gramblr.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap Business\ashsnap.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\DubbSpot\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\DubbSpot\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\SpacialAudio\SAMBC\SAMBC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-09] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2017-01-07] (Hewlett-Packard)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3217672 2015-07-27] (GoPro)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2015-02-07] (Microsoft Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2017-01-11] (Autodesk, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-23] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2017-01-11] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [Audello] => [X]
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap Business\ashsnap.exe [7803240 2015-07-18] (Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [GoogleChromeAutoLaunch_25F73193062B5C497EF85883A07A6CEA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-14] (Google Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-09-28] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2017-01-11] (Autodesk, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [Akamai NetSession Interface] => C:\Users\DubbSpot\AppData\Local\Akamai\netsession_win.exe [4691384 2017-01-11] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-14] (Google Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\MountPoints2: {8de291a6-ad75-11e4-92d1-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2017-01-11] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-07] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2756856 2014-11-12] (ASUS)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)

BMDuBB · Jan 30, 2017

Rest of FRST.txt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{012F9E52-7670-4F31-906B-888936A29D77}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Binkiland
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-02-08] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-02-08] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-10-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1849667277-3262961879-3532140888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DubbSpot\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-31] (Citrix Online)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-08-20]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\2020Player_WEB@2020Technologies.com [2016-08-20]
FF Extension: ColorZilla - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-07]
FF Extension: Flash and Video Download - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-11-01]
FF Extension: MEGA - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\firefox@mega.co.nz.xpi [2015-04-15]
FF Extension: Gmail™ Notifier (restartless) - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-02-05]
FF Extension: Pin It button - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-09-22]
FF Extension: SpyBar - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid1-zcEbrNVnbrrn1w@jetpack.xpi [2016-03-23]
FF Extension: MozBar - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\toolbar@seomoz.org.xpi [2015-06-02]
FF Extension: Adblock Plus - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-17]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-05]

Chrome:
=======
CHR Profile: C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-26]
CHR Extension: (SEOquake) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-06-13]
CHR Extension: (Shopified App) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aogkkekoinpipjlolpcicigndjlcpdcn [2016-10-11]
CHR Extension: (Google Docs) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-26]
CHR Extension: (Google Drive) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-26]
CHR Extension: (YouTube) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-26]
CHR Extension: (Adblock Plus) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-03]
CHR Extension: (Ebates Cash Back) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-11-25]
CHR Extension: (Google Search) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-26]
CHR Extension: (SpyBar) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcihmjnfimlnmdjoddhjfiihbfpcnfk [2016-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-26]
CHR Extension: (Google Sheets) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Instamate) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgflmpanpcmhbeaifaefokfohogffa [2016-03-14]
CHR Extension: (Facebook Invite tool) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaifokiheokkmppijigppfdibninfao [2016-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-26]
CHR Extension: (Gmail) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Extension: (Viral Autobot Downloader) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpbjohookhlmgpingoadimlhmiehemp [2016-01-08]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2017-01-11] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2017-01-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-01-23] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2017-01-11] (Autodesk, Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-09-28] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-09-28] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-09-28] (BlueStack Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-09] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-23] (Dropbox, Inc.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10186832 2016-11-16] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-28] (SurfRight B.V.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MySQL5; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2016-09-12] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-12-01] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-08] (Microsoft Corporation)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 MySql; C:\mysql\bin\mysqld-nt.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-02] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797256 2015-06-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-06-05] (COMODO)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2015-02-11] (C-MEDIA)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-01-30] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104584 2015-06-05] (COMODO)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-11-30] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-11-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2017-01-28] (Western Digital Technologies)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 08:33 - 2017-01-30 08:36 - 00029803 _____ C:\Users\DubbSpot\Desktop\FRST.txt
2017-01-30 08:32 - 2017-01-30 08:33 - 00000000 ____D C:\FRST
2017-01-30 08:29 - 2017-01-30 08:32 - 02193920 _____ (Farbar) C:\Users\DubbSpot\Desktop\FRST64.exe
2017-01-30 07:35 - 2017-01-30 08:16 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-30 07:11 - 2017-01-30 08:25 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-30 07:01 - 2013-07-02 16:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2017-01-28 21:37 - 2017-01-28 21:40 - 00000000 _____ C:\Windows\system32\0
2017-01-28 21:18 - 2017-01-28 21:18 - 00000000 ____D C:\Windows\pss
2017-01-28 21:01 - 2017-01-28 21:59 - 00001023 _____ C:\Users\DubbSpot\Desktop\startup.txt
2017-01-28 20:21 - 2017-01-28 20:21 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-01-28 19:13 - 2017-01-28 19:34 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-28 19:13 - 2017-01-28 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-28 19:13 - 2017-01-28 19:13 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-28 19:05 - 2017-01-28 19:05 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\SUPERAntiSpyware.com
2017-01-28 19:04 - 2017-01-28 19:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-28 19:04 - 2017-01-28 19:04 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-01-28 19:04 - 2017-01-28 19:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-28 19:04 - 2017-01-28 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-28 19:03 - 2017-01-28 20:21 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-28 19:00 - 2017-01-28 19:00 - 29025312 _____ (SUPERAntiSpyware) C:\Users\DubbSpot\Downloads\SUPERAntiSpyware.exe
2017-01-28 18:59 - 2017-01-28 19:01 - 11581544 _____ (SurfRight B.V.) C:\Users\DubbSpot\Desktop\hitmanpro_x64.exe
2017-01-28 18:20 - 2017-01-28 18:20 - 00000000 ____D C:\Users\DubbSpot\Desktop\rkill
2017-01-28 18:19 - 2017-01-28 18:51 - 00003620 _____ C:\Users\DubbSpot\Desktop\Rkill.txt
2017-01-28 18:17 - 2015-03-01 12:49 - 01623456 _____ (Bleeping Computer, LLC) C:\Users\DubbSpot\Desktop\rkill.com
2017-01-28 16:40 - 2017-01-28 16:40 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2017-01-28 16:26 - 2017-01-28 16:26 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Western Digital
2017-01-28 16:25 - 2017-01-28 16:25 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Western_Digital_Technolog
2017-01-28 16:23 - 2017-01-28 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-01-28 16:22 - 2017-01-28 16:23 - 00010128 _____ C:\Windows\DPINST.LOG
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-28 10:50 - 2017-01-28 10:50 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\AMD
2017-01-28 10:48 - 2017-01-28 10:48 - 00000000 ____D C:\ProgramData\ATI
2017-01-28 10:45 - 2017-01-30 08:03 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-28 10:21 - 2017-01-28 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Pro and AMD FirePro Settings
2017-01-28 10:17 - 2017-01-28 10:17 - 00057781 _____ C:\Windows\SysWOW64\CCCInstall_201701281017555520.log
2017-01-28 10:06 - 2017-01-28 10:06 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-28 10:06 - 2016-09-09 13:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-01-28 10:06 - 2016-09-09 13:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-01-28 10:06 - 2016-09-09 13:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-01-28 10:06 - 2016-09-09 13:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-01-25 22:17 - 2017-01-28 09:13 - 00006358 _____ C:\Users\DubbSpot\Desktop\latest.txt
2017-01-25 19:38 - 2017-01-25 19:38 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\Google
2017-01-25 19:37 - 2017-01-25 19:37 - 00002172 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-01-25 19:37 - 2017-01-25 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2017-01-25 11:46 - 2017-01-25 11:46 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
2017-01-25 11:46 - 2017-01-25 11:46 - 00000000 ____D C:\Program Files (x86)\RAR Password Cracker
2017-01-25 11:01 - 2017-01-25 11:01 - 00003158 _____ C:\Windows\System32\Tasks\{F9EE1FD1-000A-465A-AFAE-6CE58EB251A1}
2017-01-25 11:01 - 2017-01-25 11:01 - 00000000 ____D C:\Windows\Intuit
2017-01-25 10:50 - 2017-01-25 10:57 - 665847096 _____ (Intuit, Inc. ) C:\Users\DubbSpot\Desktop\QuickBooksPro2017.exe
2017-01-25 10:50 - 2017-01-25 10:57 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Download Manager
2017-01-25 10:50 - 2017-01-25 10:50 - 00000764 _____ C:\Users\DubbSpot\Desktop\Setup_QuickBooksPro2017.lnk
2017-01-25 10:50 - 2017-01-25 10:50 - 00000000 ____D C:\Program Files (x86)\Akamai
2017-01-24 12:10 - 2017-01-24 12:10 - 00000404 _____ C:\Users\DubbSpot\Downloads\Hits 1-26-16.txt
2017-01-23 21:09 - 2017-01-23 21:09 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\Program Files\iTunes
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\Program Files\iPod
2017-01-23 19:03 - 2017-01-23 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-22 20:50 - 2017-01-26 06:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-22 20:50 - 2017-01-22 20:50 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-19 14:55 - 2017-01-19 14:55 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201701191455425123.log
2017-01-17 18:54 - 2017-01-17 18:54 - 00222275 _____ C:\Users\DubbSpot\Downloads\final.m4a
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-11 12:06 - 2017-01-11 12:06 - 00000118 _____ C:\Users\DubbSpot\Documents\acad.err
2017-01-11 12:02 - 2017-01-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-11 11:47 - 2017-01-11 11:47 - 00027193 _____ C:\Users\Public\Documents\AdApplicationManager-install.log
2017-01-11 11:45 - 2017-01-11 11:45 - 00002003 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2017-01-11 11:42 - 2017-01-11 11:42 - 00002075 _____ C:\Users\Public\Desktop\Autodesk ReCap 360.lnk
2017-01-11 11:38 - 2017-01-11 11:38 - 00002412 _____ C:\Users\Public\Desktop\AutoCAD Architecture 2017 - English (US Imperial).lnk
2017-01-11 11:38 - 2017-01-11 11:38 - 00002402 _____ C:\Users\Public\Desktop\AutoCAD Architecture 2017 - English (Global).lnk
2017-01-11 11:28 - 2017-01-11 11:28 - 00000000 ____D C:\Users\DubbSpot\Documents\Inventor Server SDK ACAD 2017
2017-01-11 11:10 - 2017-01-11 11:25 - 00440800 _____ (Autodesk, Inc.) C:\Windows\system32\AcSignOpt.exe
2017-01-11 10:46 - 2017-01-30 06:56 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Akamai
2017-01-11 09:49 - 2017-01-11 09:49 - 00002042 _____ C:\Users\Public\Desktop\Content Service - Configuration Console.lnk
2017-01-11 09:49 - 2017-01-11 09:49 - 00000994 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk
2017-01-10 22:58 - 2017-01-10 22:58 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-09 14:31 - 2017-01-09 14:31 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Hulubulu
2017-01-09 11:47 - 2017-01-09 11:47 - 00001043 _____ C:\Users\DubbSpot\Desktop\Advanced Renamer.lnk
2017-01-09 11:47 - 2017-01-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
2017-01-09 11:47 - 2017-01-09 11:47 - 00000000 ____D C:\Program Files (x86)\Advanced Renamer
2017-01-09 10:42 - 2017-01-30 08:28 - 00000000 ___RD C:\Users\DubbSpot\Dropbox
2017-01-09 10:42 - 2017-01-09 10:42 - 00001230 _____ C:\Users\DubbSpot\Desktop\Dropbox.lnk
2017-01-09 10:36 - 2017-01-30 08:16 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-09 10:36 - 2017-01-30 07:47 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-09 10:36 - 2017-01-23 19:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-09 10:36 - 2017-01-09 10:42 - 00003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-09 10:36 - 2017-01-09 10:42 - 00003656 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-09 10:36 - 2017-01-09 10:42 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Dropbox
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Dropbox
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\ProgramData\Dropbox
2017-01-07 21:16 - 2017-01-14 21:57 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\HpUpdate
2017-01-07 21:16 - 2017-01-07 21:16 - 00003606 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 2130 series
2017-01-07 21:16 - 2017-01-07 21:16 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\Visan
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-07 21:15 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-07 21:15 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-07 21:15 - 2017-01-07 21:15 - 00002212 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2017-01-07 21:15 - 2017-01-07 21:15 - 00001159 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 2130 series.lnk
2017-01-07 21:15 - 2017-01-07 21:15 - 00000000 ____D C:\Program Files\HP
2017-01-07 21:14 - 2017-01-07 21:15 - 00000000 ____D C:\ProgramData\HP
2017-01-07 21:14 - 2017-01-07 21:14 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-07 21:09 - 2017-01-07 21:17 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\HP
2017-01-05 18:15 - 2017-01-05 18:15 - 00000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RICOH THETA.lnk
2017-01-05 18:15 - 2017-01-05 18:15 - 00000901 _____ C:\Users\Public\Desktop\RICOH THETA.lnk
2017-01-05 18:15 - 2017-01-05 18:15 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\com.theta360.SphericalViewer
2017-01-05 18:15 - 2017-01-05 18:15 - 00000000 ____D C:\Program Files (x86)\RICOH THETA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-30 08:37 - 2016-01-08 09:39 - 00000000 ____D C:\ProgramData\Gramblr
2017-01-30 08:33 - 2015-02-05 15:31 - 01908158 _____ C:\Windows\WindowsUpdate.log
2017-01-30 08:27 - 2009-07-13 23:45 - 00025056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-30 08:27 - 2009-07-13 23:45 - 00025056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-30 08:26 - 2016-05-31 13:49 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
2017-01-30 08:21 - 2016-11-19 10:31 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\Mozilla
2017-01-30 08:18 - 2016-05-31 13:49 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
2017-01-30 08:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 08:15 - 2009-07-13 23:51 - 00090426 _____ C:\Windows\setupact.log
2017-01-30 08:01 - 2015-02-05 18:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-30 07:11 - 2009-07-14 00:13 - 00913550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 06:56 - 2015-02-05 20:16 - 00000000 ____D C:\Users\DubbSpot\Documents\Outlook Files
2017-01-28 23:02 - 2015-12-03 14:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 21:20 - 2015-02-05 20:13 - 00484326 _____ C:\Windows\PFRO.log
2017-01-28 21:17 - 2015-07-15 07:26 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Raptr
2017-01-28 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2017-01-28 20:24 - 2015-06-20 17:37 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\CrashDumps
2017-01-28 20:21 - 2016-03-19 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeTrafficScraper
2017-01-28 20:21 - 2016-03-19 13:17 - 00000000 ____D C:\Program Files (x86)\TubeTrafficScraper
2017-01-28 18:09 - 2015-02-11 13:57 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Skype
2017-01-28 17:20 - 2015-02-05 14:44 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\AMD
2017-01-28 16:22 - 2016-04-19 12:02 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64_prewin8.sys
2017-01-28 16:19 - 2015-02-05 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-28 15:53 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2017-01-28 12:23 - 2016-10-23 14:17 - 00000000 ____D C:\Users\Public\HTAdvantageData
2017-01-28 12:08 - 2015-03-10 22:30 - 00000000 ____D C:\Program Files (x86)\Incansoft
2017-01-28 12:07 - 2015-03-10 22:30 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Incansoft
2017-01-28 10:39 - 2016-10-04 20:09 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2017-01-28 10:39 - 2016-10-04 20:08 - 02132872 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-01-28 10:39 - 2016-10-04 20:08 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-28 10:39 - 2016-10-04 20:08 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-28 10:39 - 2015-06-22 20:58 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00519048 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-01-28 10:38 - 2016-10-04 20:10 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 01551344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 01274256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2017-01-28 10:38 - 2016-10-04 20:08 - 08065928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00892296 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00625032 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-01-28 10:38 - 2015-06-22 20:55 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2017-01-28 10:38 - 2015-06-22 20:10 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-01-28 10:20 - 2015-02-05 15:24 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-28 10:18 - 2015-02-05 15:24 - 00000000 ____D C:\Program Files\AMD
2017-01-28 09:52 - 2015-02-05 15:20 - 00000000 ____D C:\AMD
2017-01-28 09:40 - 2015-02-05 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 09:18 - 2016-11-17 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 02:00 - 2015-02-05 16:39 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Adobe
2017-01-26 19:02 - 2015-09-05 07:59 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Twittermatic
2017-01-26 05:35 - 2009-07-13 23:45 - 05325328 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-26 04:39 - 2016-05-31 13:49 - 00003714 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000
2017-01-26 04:39 - 2016-05-31 13:49 - 00003618 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000
2017-01-25 19:37 - 2015-03-26 07:15 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-25 16:55 - 2015-02-05 14:12 - 00198344 _____ C:\Users\DubbSpot\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-23 21:09 - 2015-10-25 19:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-23 19:03 - 2016-12-21 13:15 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-22 20:51 - 2015-03-11 06:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-22 20:49 - 2015-02-05 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-21 22:26 - 2016-08-23 12:20 - 00000000 ____D C:\Instagram Mega Bot
2017-01-19 14:54 - 2015-02-05 14:41 - 00000000 ____D C:\ProgramData\AMD
2017-01-19 14:50 - 2015-08-04 01:25 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2017-01-16 16:40 - 2016-06-06 20:08 - 00001147 _____ C:\Users\DubbSpot\Documents\plot.log
2017-01-16 13:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2017-01-16 13:35 - 2008-05-16 18:19 - 00038400 _____ (Hewlett-Packard Corporation, Microsoft Corporation) C:\Windows\HPLTLNK.EXE
2017-01-12 05:00 - 2016-04-27 11:58 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2017-01-11 13:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-11 12:08 - 2016-04-27 10:04 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-11 12:05 - 2016-04-27 09:55 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Autodesk
2017-01-11 12:01 - 2016-04-27 09:49 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Autodesk
2017-01-11 12:01 - 2016-04-27 09:49 - 00000000 ____D C:\ProgramData\Autodesk
2017-01-11 11:46 - 2016-05-13 05:41 - 00001457 _____ C:\Users\Public\Desktop\Autodesk Desktop App.lnk
2017-01-11 11:45 - 2016-04-27 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-11 11:44 - 2016-04-27 11:58 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-01-11 11:44 - 2016-04-27 11:54 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-01-11 11:44 - 2016-04-27 09:55 - 00000000 ____D C:\Program Files\Autodesk
2017-01-11 11:23 - 2015-02-27 00:10 - 00017069 _____ C:\Windows\DirectX.log
2017-01-11 10:50 - 2015-06-25 23:34 - 00400544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp140.dll
2017-01-11 10:46 - 2016-04-27 09:43 - 00000000 ____D C:\Autodesk
2017-01-11 04:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 03:23 - 2009-07-14 00:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-11 03:05 - 2015-02-07 06:42 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:00 - 2015-02-07 06:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 14:00 - 2016-12-13 16:00 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-01-10 14:00 - 2015-02-05 18:25 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 14:00 - 2015-02-05 18:25 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 14:00 - 2015-02-05 18:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 14:00 - 2015-02-05 17:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 14:00 - 2015-02-05 16:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-09 10:42 - 2015-02-05 12:37 - 00000000 ____D C:\Users\DubbSpot
2017-01-07 21:14 - 2015-10-23 07:06 - 02946224 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkinsE111.exe
2017-01-07 21:14 - 2015-10-23 07:06 - 00388784 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkstsE111LM.dll
2017-01-07 21:14 - 2015-10-23 07:06 - 00323248 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkcoiE111.dll
2017-01-05 18:52 - 2015-07-15 07:15 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Apple Computer
2017-01-04 15:42 - 2015-08-20 13:28 - 00000000 ____D C:\MB Ingram Advanced Edition

==================== Files in the root of some directories =======

2015-07-08 15:35 - 2015-07-08 15:35 - 0000088 _____ () C:\Users\DubbSpot\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-08-24 15:42 - 2015-08-24 15:42 - 0000088 _____ () C:\Users\DubbSpot\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-10 12:04 - 2016-11-30 12:47 - 0000132 _____ () C:\Users\DubbSpot\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-21 14:05 - 2016-08-21 14:05 - 0456008 _____ (AutoIt Team) C:\Users\DubbSpot\AppData\Roaming\AutoItX3.dll
2016-08-21 14:05 - 2016-08-21 14:05 - 4968448 _____ () C:\Users\DubbSpot\AppData\Roaming\chromedriver223.exe
2016-06-23 11:51 - 2016-06-23 11:51 - 0034476 _____ () C:\Users\DubbSpot\AppData\Roaming\disable_webrtc-1.0.6.xpi
2015-07-08 15:53 - 2015-07-08 15:53 - 0000128 _____ () C:\Users\DubbSpot\AppData\Roaming\GWMC-I92M
2016-06-23 11:50 - 2016-06-23 11:51 - 18587648 _____ (PhantomJS) C:\Users\DubbSpot\AppData\Roaming\PhantomJSv211.exe
2015-07-08 15:35 - 2015-08-24 15:43 - 0000216 _____ () C:\Users\DubbSpot\AppData\Roaming\RO39-2M3Q
2015-02-17 12:36 - 2015-08-28 23:36 - 0000227 _____ () C:\Users\DubbSpot\AppData\Roaming\WB.CFG
2016-08-21 14:05 - 2016-08-21 14:05 - 0701560 _____ () C:\Users\DubbSpot\AppData\Roaming\WebDriver.FirefoxExt2531.zip
2016-03-30 14:47 - 2016-03-30 14:47 - 0005632 _____ () C:\Users\DubbSpot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 02:36 - 2015-02-19 02:36 - 0234679 _____ () C:\Users\DubbSpot\AppData\Local\dsi1.dat
2015-02-19 02:36 - 2015-02-19 02:36 - 0161916 _____ () C:\Users\DubbSpot\AppData\Local\dsi2.dat
2017-01-07 21:14 - 2017-01-07 21:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\DubbSpot\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 22:54

==================== End of FRST.txt ============================

BMDuBB · Jan 30, 2017

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by DubbSpot (2017-01-30 08:38:15)
Running from C:\Users\DubbSpot\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-02-05 17:37:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1849667277-3262961879-3532140888-500 - Administrator - Disabled)
DubbSpot (S-1-5-21-1849667277-3262961879-3532140888-1000 - Administrator - Enabled) => C:\Users\DubbSpot
Guest (S-1-5-21-1849667277-3262961879-3532140888-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 9.2.4 - Advanced Business Objects)
ACA & MEP 2017 Object Enabler (Version: 7.9.48.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.73 - Hulubulu Software)
Akamai NetSession Interface (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Arbitrage Underdog Black Label Edition v3.3 (HKLM-x32\...\{F48E7A76-1A81-401C-ArbUDogBLACKG8976-KWV12}_is1) (Version: - Arbitrage Underdog)
Ashampoo Snap Business v.8.0.3_demo (HKLM-x32\...\{C92AB6F1-9B01-B80D-170B-AB6360C6FF0D}_is1) (Version: 8.0.3 - Ashampoo GmbH & Co. KG)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.7.6.0 - ASUSTek COMPUTER INC.) Hidden
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Audello (HKLM-x32\...\{FA3949DD-84FE-4ADC-BD2B-748EC873A5F5}) (Version: 1.0.1 - WebActix)
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD Architecture 2017 - English (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Core (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Language Core - English (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Language Shared - English (Version: 7.9.48.0 - Autodesk) Hidden
AutoCAD Architecture 2017 Shared (Version: 7.9.48.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD Architecture 2017 - English (HKLM\...\AutoCAD Architecture 2017 - English) (Version: 7.9.48.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.43.6254 - BlueStack Systems, Inc.)
BluffTitler (HKLM-x32\...\BluffTitler) (Version: - Outerspace Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1004.2047.35575 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CT4L (HKLM-x32\...\CT4L) (Version: 1.4.1 - UNKNOWN)
CT4L (x32 Version: 1.4.1 - UNKNOWN) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Email Jeet 2 PRO (HKLM-x32\...\Email Jeet 2 PRO_is1) (Version: 2.1 - Teknikforce)
Facebook Automation version 6.1 (HKLM-x32\...\{A1BB1E36-3D00-4DDA-AF83-DE9D27357B71}_is1) (Version: 6.1 - Snaware.com)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro App (x32 Version: 5.6.509 - GoPro, Inc.) Hidden
GoPro Studio 2.5.6 (HKLM-x32\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.)
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
Gramblr (HKLM\...\Gramblr) (Version: 2.8.0 - Gramblr Team)
Group Poster (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Group Poster) (Version: 00.00.00.01 - Unknown)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iFree Skype Recorder 6.0.18 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.18 - iFree Skype Recorder)
Instagram Mega Bot (HKLM-x32\...\{1B182927-5299-4121-80F2-B0130E8A67D7}) (Version: - Professional Botters)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 7 Update 76 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170760}) (Version: 1.7.0.760 - Oracle)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
join.me (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\JoinMe) (Version: 3.0.0.4054 - LogMeIn, Inc.)
Legal Pages Generator 1.0 (HKLM-x32\...\Legal_0) (Version: 1.0 - MasterResellRights.com)
Listing Factory 2016 3.9.4.6 (HKLM-x32\...\{6dc401ab-252b-4360-b165-3a6a906b75a7}_is1) (Version: 3.9.4.6 - www.AuctionListingCreator.com)
Llama Spin (HKLM-x32\...\{8F8A76B4-E005-49C1-9790-99AF45FB5478}) (Version: 1.0.1 - Incansoft)
MailStyler (HKLM-x32\...\{77C1C524-CCF5-49C8-8B30-516A46559092}) (Version: 1 - Delivery Tech Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MB Ingram Advanced Edition (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\{9D7471FB-F47D-D1CF-3AB7-E4180B6A60C8}) (Version: 2.59 - professionalbotters.com)
MB SoundC Edition (HKLM-x32\...\{FEC7F549-5722-C2EC-D8D1-36DD202840B1}) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Lead Scout (HKLM-x32\...\MobileLeadScout) (Version: 0.0.0 - UNKNOWN)
Mobile Lead Scout (x32 Version: 0.0.0 - UNKNOWN) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MySQL Server 5.5 (HKLM\...\{74F0A415-A74E-43B1-89D9-2BBA6D141073}) (Version: 5.5.52 - Oracle Corporation)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.1-r112682-release - Plays.tv, LLC)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.20 - dnSoft Research Group)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RICOH THETA (HKLM-x32\...\com.theta360.SphericalViewer) (Version: 2.3.3 - RICOH COMPANY,LTD.)
RICOH THETA (x32 Version: 2.3.3 - RICOH COMPANY,LTD.) Hidden
SAM Broadcaster v4 (HKLM-x32\...\SAM3) (Version: v4 - Spacial Audio Solutions, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sound Forge Pro 11.0 (HKLM-x32\...\{FE1A7F80-1348-11E4-8C79-F04DA23A5C58}) (Version: 11.0.293 - Sony)
SpamBot (HKLM-x32\...\{D4E67F17-807F-4EBC-918E-5AA16959AC9C}) (Version: 1.0.0 - SpamBot)
Spotify (HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
TRAFFICFRESH (HKLM-x32\...\TRAFFICFRESH) (Version: 2.1.0 - UNKNOWN)
TRAFFICFRESH (x32 Version: 2.1.0 - UNKNOWN) Hidden
TubeTrafficScraper (HKLM-x32\...\{E7075EB2-6A20-4C3C-A123-D74D5CBDE1BF}) (Version: 4.3 - More Great Software)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.150422 - TweetAdder.com)
Twittermatic Enterprise version 1.0 (HKLM-x32\...\{44B88966-D48E-4F9A-BE44-59CB2D2C4AB9}_is1) (Version: 1.0 - IM Authority Resources)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Viper Plagiarism Scanner (HKLM-x32\...\{2D9F8754-84AB-4C46-8243-9EADF23A63EE}_is1) (Version: 4.1.90.1039 - All Answers Ltd)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

BMDuBB · Jan 30, 2017

Next part of addition...

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\DubbSpot\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-05 17:25 - 00000955 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F9FF9E2-B03F-4F0D-B160-3EF128A60283} - System32\Tasks\{F9EE1FD1-000A-465A-AFAE-6CE58EB251A1} => pcalua.exe -a C:\Users\DubbSpot\Desktop\QuickBooksPro2017.exe -d C:\Users\DubbSpot\Desktop
Task: {1CC137FD-93EF-41E9-BE57-69353081565C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-09] (Dropbox, Inc.)
Task: {28C7A29A-AB23-4321-83DA-C74BF1B82B1F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-11] (Microsoft Corporation)
Task: {2FA26DAA-9F4A-4FF2-8F5F-14E5D18F18B6} - System32\Tasks\AdobeAAMUpdater-1.0-DubbSpot-PC-DubbSpot => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {30593BEB-659A-44E0-9360-917D5E4E7112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {3E66A7E9-B8FE-4C64-BBEF-154295386CAE} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-09] (COMODO)
Task: {649FB645-1E79-4CF9-9D41-8EDD22392854} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {6AC501C9-2476-4075-A0E5-BD70D28A8CDF} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2017-01-07] (Hewlett-Packard Development Company, LP)
Task: {75E572CE-6258-4956-956E-C02946DAE91E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-09] (Dropbox, Inc.)
Task: {7807D2EF-D0F3-4576-B522-83726EB344C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {7F02187E-7C3C-48F6-85F9-4A2B42C75954} - System32\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000 => C:\Users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {82A89DEB-7155-4691-8914-A3EBBE1FBDC9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-09] (COMODO)
Task: {9A73FA0D-58BC-4305-A10C-82F2D50F695C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A32626A3-8538-4D36-8C56-E6FA7EA4C1F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-09-25] (Apple Inc.)
Task: {A7D2E1D2-79A0-4F55-B354-6FCF43D5A100} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {BBB23CA7-D1FD-414E-9FCF-D1A83FEE2B62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {E279BB83-D201-425E-B05E-137A21485CE9} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {EA6A89E4-7E9F-4217-9526-794CA3A63E4B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000 => C:\Users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-26] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job => C:\Users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job => C:\Users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-01-08 09:40 - 2016-11-16 22:27 - 10186832 _____ () C:\Program Files\Gramblr\gramblr.exe
2016-08-26 12:38 - 2016-09-12 08:54 - 09723904 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2016-08-03 10:45 - 2016-08-03 10:45 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-12-15 20:42 - 2015-12-15 20:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2011-07-13 03:20 - 2016-09-12 09:41 - 10185728 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\SAMBC.exe
2016-05-13 05:41 - 2016-07-01 01:39 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-05-13 05:41 - 2016-07-01 01:39 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 15:46 - 2015-11-24 15:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 15:48 - 2015-11-24 15:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 15:46 - 2015-11-24 15:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 15:48 - 2015-11-24 15:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 15:57 - 2015-12-07 15:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 15:47 - 2015-11-24 15:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 15:43 - 2015-11-24 15:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2014-10-09 10:18 - 2014-10-09 10:18 - 00278528 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2014-10-29 11:42 - 2014-10-29 11:42 - 00057344 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2015-07-18 00:13 - 2015-07-18 00:13 - 00271208 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap Business\CrashRpt1402.dll
2015-07-18 00:13 - 2015-07-18 00:13 - 00077160 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap Business\MouseHook.dll
2015-07-02 22:31 - 2015-07-02 22:31 - 02287616 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\gopro-lib-win-analytics.dll
2016-12-14 18:25 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 18:25 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-23 19:03 - 2017-01-18 13:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-23 19:03 - 2016-12-21 03:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-23 19:03 - 2016-12-21 03:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 19:03 - 2016-12-21 03:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-23 19:03 - 2016-12-21 03:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 19:03 - 2016-12-21 03:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 19:03 - 2016-12-21 03:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-23 19:03 - 2016-12-21 03:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-23 19:03 - 2016-12-21 03:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-23 19:03 - 2016-12-21 03:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-23 19:03 - 2016-12-21 03:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-23 19:03 - 2016-12-21 03:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 19:03 - 2016-12-21 03:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 19:03 - 2016-12-21 03:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 19:03 - 2017-01-18 13:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 19:03 - 2016-12-21 03:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 19:03 - 2016-12-21 03:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 19:03 - 2017-01-18 13:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-23 19:03 - 2016-12-21 03:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 19:03 - 2017-01-18 13:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-05-13 05:41 - 2015-11-05 07:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-05-13 05:41 - 2015-11-05 07:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-05-13 05:41 - 2015-11-05 07:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-05-13 05:41 - 2013-09-23 12:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-05-13 05:41 - 2016-07-01 01:05 - 00285120 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2016-05-13 05:41 - 2015-09-08 01:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-05-13 05:41 - 2014-09-02 19:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-05-13 05:41 - 2014-09-02 19:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2004-11-22 20:04 - 2004-11-22 20:04 - 00009216 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\ogg.dll
2004-11-22 20:03 - 2004-11-22 20:03 - 00140288 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\vorbis.dll
2004-11-24 13:11 - 2004-11-24 13:11 - 01069056 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\libmysql.dll
2004-11-05 10:44 - 2004-11-05 10:44 - 00057344 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\SS_agc.dll
2008-11-28 01:32 - 2008-11-28 01:32 - 00380928 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\LAME_ENC.DLL
2005-11-22 03:25 - 2005-11-22 03:25 - 00565248 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\mp3prodriver.drv
2003-06-23 22:36 - 2003-06-23 22:36 - 00233472 _____ () C:\Program Files (x86)\SpacialAudio\SAMBC\plugins\mp3prodec.drv

BMDuBB · Jan 30, 2017

More addition...
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\HPLTLNK.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AcSignOpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdave64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amdhcp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODCLI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ATIODE.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atisamu64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BWUnpairElevated.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CMUSBDACASIO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coinst_16.40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DbxSvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID

BMDuBB · Jan 30, 2017

More addition...

AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HotStartUserAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkcoiE111.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkinsE111.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hpinkstsE111LM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HPScanTRDrv_DJ2130.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\HPWia2_DJ2130.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IcCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iTVData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogiLDA.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mcx2Svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID

BMDuBB · Jan 30, 2017

More addition...

AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PushPrinterConnections.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shadow.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmbusCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmbusres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmicres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmicsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmstorfltres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdave32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdhcp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdlvr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdmcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdocl12cl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amduve32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amdvlk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amfrt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID

BMDuBB · Jan 30, 2017

More addition...

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atisamu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CMUSBDACASIO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\defaultlocationcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dnscmmc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnaddr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DShowRdpFilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DXPTaskRingtone.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GameManager32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ippjw7-6.1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iTVData.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBLR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBULG.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDCZ1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDGEO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDGKL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDGR1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINBEN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINHIN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINKAN.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINMAR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINORI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINTAM.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDINTEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kbdlk41a.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDLT1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDMAORI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDMON.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDNEPR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDPO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDSF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDSG.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAJIK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTUF.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTUQ.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTURME.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDUGHR1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDUS.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc40u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscoree.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPCRYPT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NAPHLPR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netfxperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OnLineIDCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pifmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

BMDuBB · Jan 30, 2017

More addition...

AlternateDataStreams: C:\Windows\SysWOW64\PresentationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PushPrinterConnections.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qcap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpd3d.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdprefdrvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sppcomapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sppinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwizres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SWFToImage.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TRAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wiavideo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPEncEn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpsrcwp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdwcn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AGP440.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdacpksd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ANDROIDUSB.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CMUSBDAC.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-canary.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-dev.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-stable.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\errdev.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\HpSAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ipfltdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\MpFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NisDrvWFP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NV_AGP.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspptp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storvsc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ULIAGPKX.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VMBusHID.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vms3cap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64_prewin8.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wmiacpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Cookies:i2GpqPPnJaAkTj8Cm9l
AlternateDataStreams: C:\Users\DubbSpot\Desktop\Blank Wendler 5_3_1 spreadsheet.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\gramblr.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\gramblr.exe:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\internet_radio_submission.xls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\Keyword Planner 2015-03-19 at 19_56_14.csv:$CmdZnID

BMDuBB · Jan 30, 2017

AlternateDataStreams: C:\Users\DubbSpot\Desktop\Proxy-n-VPN-Proxy-List.txt:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\Proxy-n-VPN-Proxy-List.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\QuickBooksPro2017.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\radio_submission.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\rkill.com:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\subscription_manager.xml:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\subscription_manager.xml:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\Wendler-PDF.pdf:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Desktop\Wendler-PDF.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10 pc. Set Tooth Brush Shape Oval Makeup Brush Tools.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10253891_919111968144657_4957491500743850194_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10253891_919111968144657_4957491500743850194_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10357183_408343786037413_8732949385197350946_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10393656_689334631134983_7364159563461531404_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10420254_765841860150926_7763678260508760627_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10430496_689324871135959_7562354193892346145_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10441016_909933219056980_5388480421246669760_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10563224_687504671317979_3282423675972762503_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10565121_276994549172338_4153153768130668360_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10580186_689334531134993_9160719314670484742_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10614406_687517677983345_3228503125892223606_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10615549_689326534469126_4978999641658921411_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10615972_689328891135557_7092359269578342773_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10628506_689328651135581_4257108025035237175_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10703723_375171866021272_6794975027989730661_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10712879_1219380744807826_3200857633369485790_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\10931028_10152684280785847_427130025215400901_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11076210_792477524154026_3916151393815837826_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11148623_1050518848355148_6491950278954779715_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11169159_1714014758856011_458990787833382998_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11220119_1164168813634391_4301746146122770481_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11221695_402491876622604_5040882580919816939_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11222913_874812699253936_1539760880445300316_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11232181_1659922927584913_6846960960296361520_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11262451_10152860880093616_2467563939012434694_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11407075_375171459354646_1941662478066990281_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11667324_903146246398588_5387855472127600920_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11698658_383292288542563_6038606240715346505_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\11707688_825385837578697_5538395942793275585_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12032207_404362829768842_1361878998261630394_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12105934_408344319370693_5294885925739533822_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12122486_1307186515963964_4119502658967477899_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12122892_414028582135600_8637522054648170149_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12144802_1665428447034361_7442319807322294422_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12188968_854629301321017_8772138728107418105_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12227710_803278049781445_8272484510686246028_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12279098_420119951526463_4937468301589037093_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12294688_1291848297497786_6298635810796877392_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12313991_420122028192922_7070123976134316750_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12376576_1687846641459208_7719874149055704203_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12400466_432062653665526_4492995140265658777_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12418057_10153583029782428_6620018591160954984_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12455374_1703095499937621_1700362737_n.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12540570_234506543561608_5747697724325921151_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12549020_1698507370393135_7680883321435008302_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12705520_1719118844998654_891636897505560660_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12799275_1717068148537057_2485710775510032911_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12802913_1153810921310041_658954367165901304_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12821442_1719367861640419_3499443738849582571_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12828263_10153955936013851_5051993692033168945_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12924491_10153623553092428_1130331777387238550_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12933048_1148605185192416_5963271182591474774_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\12994517_10201817773082703_2123766788673775374_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13012849_464439907094467_3000871952341605880_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13062085_1742442202666318_3513112190979855001_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13087517_1054417621290296_1121995646435769858_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13174030_10153681574312428_6769138202560305449_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13240526_1014233031988232_7971337522009076505_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13241395_1752231521687386_5873103752326609007_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13263726_1181572785228989_2193366756580301590_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13307468_1640763805974229_2201825601742062482_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13320368_10153845207613127_8710064826439314352_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13335653_10153536272042611_3648158143400685931_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13413668_10153605254026198_1098638569203310456_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13418784_551637111686171_5766026105656740352_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13418953_10207837896843509_6338247432533905590_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13428528_1642550739128869_4099987762267537047_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13442168_10153758132617428_7746091712596201702_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13442204_1765315107045694_6451488048136133683_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13445390_1186173298109966_3875251983338904935_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13445685_1194155900637344_3169347034194848812_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13450864_1765314917045713_1639299494630979102_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13494758_594051387429674_2089083679922000494_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13494777_594051447429668_4800922727086403161_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13494861_1067485386654706_2903159761650499661_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13507038_10153566556127611_1275303933662288396_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13509008_368404429950068_1840394242167758140_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13516340_509170952613753_224656374024728590_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13516578_1122579137780224_7288604652255718055_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13522013_1066788220057756_6908560026094834432_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13524337_10153586321862611_5718870612724963388_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13528744_10154394673466495_696531516584434996_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13529155_594051410763005_6889209423319709491_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13529216_1112892295451136_107202873390601883_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13532952_1070474509689127_7656930688307707296_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13532970_1200149060038028_7326781103839928576_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13533051_648407585318093_1468659080849679342_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13533179_650051331820385_7913298608720890973_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13537723_1033873260032941_6253504674401922366_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13537724_1117627444942060_5675802079874695789_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13537727_1067648886638356_8569906566661560990_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13557726_1066298670106711_1714813658221027453_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13590270_1039990766050862_5271756185969753414_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13590415_1074308682639043_2148470435049487111_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13592343_1070069549729623_6924589605163766850_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13592371_1071157709620807_8953282505742549400_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13592642_1073949199341658_3637281180299479858_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13599770_1075599542509957_7872964788045361037_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13599921_1773427849582039_6057386992836732344_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13600352_10154279561683851_2565591260737050733_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13606637_1074867205916524_1126774542821287765_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13612352_1071023762967535_8534398159754152968_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13615191_1070969269639651_1986727560681219709_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13615267_1075323702537541_7998464051213580907_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13615451_10153812912912428_4350195152412367470_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13620085_1348380185189949_6083648830300767004_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13620383_1075612029175375_2838054114590325325_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13631468_1074341889302389_2528672966052237076_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13631472_1085603818176196_4520245379372189291_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13631512_513599875504194_1509073223342437942_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13631557_1073938996009345_1377693990672732787_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13645305_10153828179842428_4705309105994173691_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13654131_514180762112772_9088998779268560819_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13654131_514180762112772_9088998779268560819_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13654355_1073812639355314_110078732983698866_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13658920_1074000462669865_1518321029526242850_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13668011_10209439950270153_8765169364658967195_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13668969_1079939315409313_8386358396970194005_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13669096_521443311386517_6339760328038734679_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13680966_1401671193181131_8619904534913091696_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13686692_515691651961683_1941794114419552862_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13686728_1086285221441389_2895149791183798646_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13686745_1076423689094209_8130824437706511828_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13690720_1076911189045459_3603564527784428918_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13692604_1082468415156403_3674330868865658221_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13696996_1080829908653587_6694616217038962637_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13697098_1078979232171988_3552439433034463404_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13697126_1215219351864332_3330102248715390154_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13700170_1079830002086911_9116888727125878939_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13700198_529196050612487_4232343737579583809_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13707578_1081911021878809_7864694217889371038_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13716047_1082263438510234_8904205785576086225_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13716115_1082218558514722_4248272211340511854_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13719240_277742365936823_98246270_n.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13726646_1077585692311342_1326489387560390225_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13726659_1078829288853649_5295983721418851212_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13754327_1081476455255599_2638312906694778603_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13763157_351140855216856_1796017449_n.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13770429_1081417025261542_1012342871395592755_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13770469_1561240917516029_5275777156482507219_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13775352_1561241260849328_2647019675586878009_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13775417_891842737593660_8950204010446293586_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13775427_1079099232159988_2409478101469373559_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13775994_724515087691493_2294988533753869534_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13776016_664298010395717_4541429008791082734_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13781675_1080734035329841_7306885505124717462_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13781830_518501131680735_761885974835623746_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13782048_1082318261838085_642994520935659174_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13782048_1082318261838085_642994520935659174_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1380639_430338693737612_117582327_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13872907_1089643817772196_5184119468092327693_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13873056_1256170291074103_869488636380657853_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13873061_1563071790666275_182539837198853417_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13873228_1564437743863013_539236815810937763_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13876108_321894981486492_280484370311526490_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13876204_1563865180586936_808414151204970006_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13876313_1090691397667438_6964633928232799339_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13879216_1088494374553807_1297047045763052043_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13879266_1089654721104439_7392510808261925900_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13882394_1085761968160381_8378350172371156835_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13882645_1093084184094826_6104935068186340044_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13886416_322037751472215_7869665018509092768_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13886490_666510493507802_7951819015215884252_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13886885_1562804947359626_9067114264722498358_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13887021_1758877994381999_6111583796129108292_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13892186_1124574077609346_5975806155004559635_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13895092_10154329137104788_6020174228839542435_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13895402_1778421999036558_4856067466796416423_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13895555_1772984929625660_4013025768250219465_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13900096_1376769652340388_4849656535029020555_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13901372_1224132620980700_3841986839941192827_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13906615_1566456483661139_3906189741550154715_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13907191_676171662541685_1880819480831705501_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13912365_1095410757195502_4896419093778050237_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13912645_1095300627206515_8705196867860386398_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13912708_165112950585966_2147443274542067029_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13920037_1171161959613900_6489391863772636553_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13920619_1231618823557718_2703907680252704938_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13920786_1098207370249174_2174103460125094428_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13920944_1759015584316013_1694717189767036493_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13925185_1090817260988185_7594033855723331288_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13925261_1099681673435077_7922195233368727843_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13925422_1092616107474967_970982437391747381_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13934631_1099819870087924_184184305247861375_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13934845_1567748290198625_1620269828193167138_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13938377_1090959574307287_8770956393225454450_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13938477_1098632863539958_8526860647124490405_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13938559_1779724685618351_9077387429029618264_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13939440_1099315680138343_7380338502867421140_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13939578_1090230104380234_5976852569980844422_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13962562_1569093373397450_7852676667747428709_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\13962564_1098074763595768_6947477968342492144_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14021494_1095857227150855_1599055912981052873_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14021547_1567926363514151_272896351918444998_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14021591_1100202406716337_765697563835733459_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14021643_1104265676310010_890982620847831157_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14039901_1103545643048680_8187636571255611389_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14040109_1108185609251350_9179976753173696700_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14045742_1568387410134713_5431912457737556379_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14054928_1107399429329968_4052127339545149164_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14054973_1105531522850092_7053353709168723102_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14055036_1100583756678202_6554881898739201548_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14055094_1177351485659901_4652032003900785233_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14055115_1568708296769291_5672376044615430268_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14061650_102456863539793_1114227983_n.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14067563_1098986833504561_2991238769068495982_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14067578_1107287509341160_8156964460083343532_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14068037_1106610142742230_476449831523949094_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14068238_1099903216746256_5930514818494039352_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14079754_1108109562592288_7334754408521404051_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14079842_1573640176276103_7474943286568106777_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14088415_511292549075869_5437813431052255456_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14089043_1104307569639154_4782201918720226130_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14089127_1594281154208643_6686859686126816200_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14089127_1594281154208643_6686859686126816200_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14089206_1102581089811802_9159212871701706799_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14095975_534447200086128_4685810041316698176_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14100255_1571004586539662_5130781228475138822_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14102675_1107831712620073_5249647569797953823_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14102759_1103636289706282_7194410114150540573_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14117781_1239764289417533_1645287595248477793_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14142083_1109647449105166_7860667585899253465_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14183907_1788969778027175_5167525244057570907_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14184472_1111027328967178_442936895210005743_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14199290_1576881625951958_6474138972902088532_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14202563_1442852385729903_7236217761714790169_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14203197_1111365872266657_2382569676565137753_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14203227_1119295334807044_4603614374968097139_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14212218_1119435374793040_2803531465079159217_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14224796_1790348244555995_7659868481468193742_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14225577_1786560318268121_2106637051380817166_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14232398_1121295154607062_6829208711482056402_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14233062_1235996373113715_469781419787102679_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14238315_1121884584548119_3158062614714251533_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14264008_1593102274326531_1368236673837270274_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14291722_1237644443000792_9136181655871142550_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14316943_1789894661268020_8966677812021365442_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14322426_1123614371041807_2099379650478621778_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14322775_1190590167669366_7856475286129347745_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14329902_1121334234614932_6689023573646779680_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14333738_1581241268849327_7459823122475767295_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14344365_1124883694248208_1943056915147633595_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14355785_1121445594603796_7766352539590635628_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14368673_1130758203660757_5541779363790527449_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14370040_1124487790954465_3474747861119606100_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14370229_1123102411093003_1605273769412151231_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14390624_1777013322516239_7889969112686909078_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14390695_543034862560695_5321513591137091203_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14432951_544848055712709_6127915908903306926_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14440826_1131633576906553_7376974042128577576_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14445932_1129642667105644_6644702010224320415_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14448768_1130605280342716_6449377942291120873_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14449950_1272982586095703_7311683325561996661_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14455989_1129637303751164_595467107_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14462759_1131986833537894_6213490662118645498_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14462761_1599597323677026_4556549601443022407_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14463049_1132333273503250_2083743147740927410_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14469569_1599781370325288_3170355496198986407_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14470450_1797177710539715_7116163877034816064_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14470623_551159168414931_3291256995473594101_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14479613_1426319014052118_884791553212543486_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14479639_1600831833553575_8458361231049879335_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14479752_1134118866658024_8370462501560768179_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14484753_1599417440361681_294524201615080056_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14484770_1599685520334873_2478474725248213665_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14485016_1799756140281872_5849782435487285020_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14485024_1133558506714060_1000295513062809097_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14492591_1134373813299196_160491155490794593_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14494704_10210447564124570_7942421939809270954_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14495239_1280341358693159_3103111240990204804_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14502710_1777778189106419_1913510733534951973_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14502868_1271621886231773_176968563096457345_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14516592_1797878003803019_3467552229332823710_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14517558_1585124061794381_1973616574848992365_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14519684_535448819987019_547251385105646606_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14522990_901494819993865_9156292620359718190_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14523032_1144148832321694_1559374746860451569_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14523229_10205839382938436_7183249970139037013_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1456106_743279782368806_256929953_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14563417_1602512120052213_2170291017027434306_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14568004_561091660755015_2137252780588199067_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14572813_1285362104857751_3840727990460502416_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14581307_1605303693106389_7145476278847630951_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14581432_1587091381597649_5515141140022153402_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14581433_1596353530671434_956396332252731829_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14581433_1596353530671434_956396332252731829_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14591591_10154568432932629_135817958112987486_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14591856_1603290366641055_7499994806629535556_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14595536_1587817054858415_1219678152378397824_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14600952_1588972871409500_5299616627769607047_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14601038_1143137935756117_5906113181309859335_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14610953_722236144596094_4941007584374269828_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14632932_1604898919813533_3419753028354062519_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14639601_1143519265717984_7373245798937735644_n.jpg:$CmdZnID

BMDuBB · Jan 30, 2017

More addition...

AlternateDataStreams: C:\Users\DubbSpot\Downloads\14639859_1297054737021821_2231801730843833129_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14642232_1216858088375907_529922742329303857_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14650194_1592983254341795_6782705460191380310_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14650271_1206788422733725_1413391601992840731_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14650644_1410952208933147_7145704599467499852_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14650644_1410952208933147_7145704599467499852_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14656246_2429131437109901_6227820691968305856_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14666261_556261254571389_7644854056920882854_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14671142_1812823652308454_618816574230456918_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14671224_1590427561264031_8926621248422548161_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14690901_1806406819616804_5386002058379085260_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14702494_658910064278178_3387503249269884240_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14708328_1406622372699464_3058216213803013371_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14708340_1594696994170421_8966239503231150933_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14716245_1589318518041602_8387770121970752176_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14724414_1814003835523769_8313361479179244764_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14725475_1523080877706828_5178790818251600022_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14729093_1223001041094945_2719498361021833905_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14729120_1589458724694248_1088038062812185282_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14729362_10155491193687627_2437999578056522122_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14731135_658102607692257_1191402649228619509_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14731372_1291766160941129_7374426097232609005_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14732414_10153997912482006_3873046755070418858_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14906872_1298585913592487_5815176503657413402_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14906980_1617101141926644_9129871587425884015_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14907025_660997004069484_7568480114131123659_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14907071_1815821928676535_6268637971118451061_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14907167_1301838963267182_8602926573940228866_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14908274_1320215378062967_1210852234920378219_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14908370_1814362695489125_7824704220125586924_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14908408_1300731026711309_6844209361199487737_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14915132_1814826922109369_8410772484471094335_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14925279_1300728323378246_3507751190992816635_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14925353_1205815442831023_5422979248172064060_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14925361_1209400642472503_5816919458252155753_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14925687_1213171095428791_6053491825956072636_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14925818_1325212380896600_8907909430598448825_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14937366_1065194416923327_1886927512768482298_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14937366_1065194416923327_1886927512768482298_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14938407_727838817369160_6572250913334696779_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14947461_1304331143017964_6254508643608078786_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14947710_1820091118248374_5320997497493191364_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14947831_1206785992733968_9220006946490359980_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14955814_1211820995563801_8437370503394854615_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14955976_1818025425122852_4318110559810377134_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14956655_1818415585083836_232578198103851861_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14962524_1213292098750024_4446343019451268233_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14963244_1297450273706051_4452033256488343824_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14963308_1321709834613428_6214058988072244161_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14980816_1305571346227277_6189281827947508799_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14991841_1302039126580499_621202312734427969_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\14993395_1221718237907410_8618599737146134715_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15032117_1817624928496235_6687620630681642307_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15032578_1876454902577465_425638342_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15032759_1324963554254816_601104023228664551_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15032844_1313040708813674_6774889184840080488_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15033756_1876454492577506_1127180228_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15036359_1213142075431693_2226858501296091865_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15049914_1876454145910874_1695765633_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15050256_1452250524789848_988308876_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15052043_1876454522577503_1580311842_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15055638_1221718141240753_7141883098961743790_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15055864_1822708987986587_2854029539556827859_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15056241_1339826999435138_8341933596652178598_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15056288_1822708711319948_7899747479209166122_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15056452_1221720271240540_2716162477081235824_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15078936_1220429188036315_5229126839049638718_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15079036_1221726881239879_814995796923079950_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15085706_1339817036102801_1937088422330131662_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15094310_1219381461474421_4149896671641692776_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15102068_1876455212577434_1728876412_o.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15107331_1220529004693000_9171871081922873582_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15134786_1080350715407697_1393503089436067439_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15135977_1336590356425469_5154919440425348010_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15170894_1233844823361418_226909099437993039_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15171295_1185042074910814_4128573709992937296_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15178285_1226551077424126_5654982780136491945_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15179118_674239772724993_7754630610191277431_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15181463_1185042564910765_8279827954405350641_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15181489_1233392793406621_6654275199207709227_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15181546_1182733061808382_4141035164775867697_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15181569_1232123156866918_4634927913760147258_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15192518_1827133754210777_3105634903523902580_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15202607_1351151494969355_492323590063187358_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15203117_1830968867160599_2271679997958735842_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15203274_1322956814488730_434596140836364396_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15219412_10154852548823724_8846296048573880375_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15220087_1235558199856747_1809194105731885626_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15220088_675023952646575_3403465406876104212_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15230596_1236606279751939_2054445041221030898_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15230791_1332540220141950_6330789178344964128_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15230818_1085122914930477_6961048596396914405_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15232230_1236629449749622_741959481245387414_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15253398_1086169764825792_5865198005411969642_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15267794_1081945641914871_7036163570326770866_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15284031_1329828120468266_3150639382317002473_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15284057_1250215151711904_5240748354051766552_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15317744_1628736120763146_490046517106556670_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15317836_1362815767136261_322152311791749376_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15319086_674239302725040_5722693738803718911_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15319115_1835588330031986_4031397032551912185_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15319191_1370868762997628_6546618331633197465_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15327314_1244905998921967_7187983315753297160_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15327354_1610415135931940_7738968506801057043_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15337398_1370891872995317_6586047098824129783_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15337443_1244904002255500_6401392149586036929_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15337484_1362678350483336_1848408521687693243_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15337587_1244905278922039_6488456948615793711_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15350499_1244810758931491_5171229590770546956_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15356692_1835555416701944_7355761994946504475_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15380848_1512250018792350_5294130465485424967_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15391037_10154851133913724_2923171067230547981_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15421038_1249968935082340_627348793578832226_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15442108_1252032344875999_8962915858212471728_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15492193_1096578997118202_3847162117972019359_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15541204_1255724621173438_546249844870147509_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15542119_1261128300620589_5785060742049759714_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15542178_1613562045617249_8684241360290279864_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1555447_1691649161078956_1607388182460073339_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\155574_537579086268011_79098921_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15578299_1381580718593099_1083419833955895443_o.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15590349_1288234141219576_494245249680353002_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15621951_590634401134074_2479113265577133160_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15622608_1255706714508562_8393990665732795776_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15622679_1347156758689601_5901642053574934432_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15665664_220646038345845_4735163679290787618_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15726299_1262321533847080_8316381720004095942_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15822755_595629377301243_5504729779387225560_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15826512_1372173222900422_5637197472897895303_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15871512_1373019369482474_3115084552645781977_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15871580_1371317092986035_1926943490440864478_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15871870_1373022479482163_3118359035113823041_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15875120_10209647289437193_4111100613641633792_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15895319_1373022606148817_3597309742515429597_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15941024_1372681472803796_7799517219552021194_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\15941386_1401853163232521_4544771591785582540_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\16105723_1244153992371925_9103694706683982336_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1610947_379871705551288_1249387177806826847_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\16143365_10154553430183025_106376985489525660_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1621818_686242738110839_7626132295502370081_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\16386962_1251849191602405_4761507884817102574_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1797337_10151911861096160_1457133976_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1910331_1291848034164479_2144197371804411082_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\1934063_1160264733997993_7857196518371545734_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\217809_501550459875074_595557756_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\40321_137645082942399_8227597_n (1).jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\40321_137645082942399_8227597_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\483080_532389613453625_300890263_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\522725_604532672908041_2131978992_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\527600_605149692846339_1022469469_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\578162_434217176608403_1957786433_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\581253_434215073275280_1033031597_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\58800_542309705794949_904449342_n.png:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\8386_1717290875181451_2732149601253389773_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\clip in hair.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\download.htm:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\easygram.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Elevations.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\eyeliner.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\eyeshadow.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.10.1.1_win32-setup [1].exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.10.2_win32-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.10.3_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.11.0.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.11.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.12.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.13.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.14.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.16.0_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.16.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.17.0.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.18.0_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.20.1_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.21.0_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\FileZilla_3.23.0.2_win64-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\final.m4a:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\gopro-link.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\hair vid.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Hits 1-26-16.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Instagram Do and Don_t (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Instagram Do and Don_t (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Instagram Do and Don_t.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\legitcheck.hta:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\legitcheck.hta:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\listings_111316.csv:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\listings_111316.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\makeup options.mp4:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\popover-pro.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\revised-playlist-template.csv:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\RoyaltiesExport_53685_56d5f8a41989c.csv:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Social (6).air:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\social-commerce (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\social-commerce.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\Using Skype with SAM Broadcaster.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\ViralMarketingMastery.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\WDSR Radio Mixtape Track 1.mp3:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\WDSR_Radio (1).pls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\WDSR_Radio (2).pls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\WDSR_Radio (3).pls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Downloads\WDSR_Radio.pls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\AppData\Roaming\chromedriver223.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\AppData\Roaming\PhantomJSv211.exe:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\AppData\Local\meCC7db1G:KvaQNwnKJfefmN7Qu43CBfI
AlternateDataStreams: C:\Users\DubbSpot\AppData\Local\nCHsJoaj:Ma0siH0RndUxfMTnNuHcAszo
AlternateDataStreams: C:\Users\DubbSpot\Documents\110通用机基本接线检查步骤English.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\AcknowledgementLetter.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Attachments_20161122.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\AutopilotVideoSyndication.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\bck_07-21-2015-01-22-36_1444464608.sql:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\blank_inspection_form_00125132_2925 Edgewood Rd.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\CertifiedCopy.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\contract-video-phtoto.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\credentials.csv:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\DANNY-SAVAGE-DJS-GUIDE-TO-SOCIAL-MEDIA-V1.0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\dannysavage-ebook_BOOK.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Earning $5k each month from Movie Streaming website.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\ebay-incognito-mini-ebook4-150618024541-lva1-app6891.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Expungement-Petition-Example.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Facebook Marketing Made Easy 2.0 - Training Guide.doc:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Facebook Marketing Made Easy 2.0 - Training Guide.doc:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Ftp bmdubb@dubbspotrecords.com.xml:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Ftp bmdubb@grow-lights-4u.com.xml:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\GuidelinesForDemolitionSubmittal.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Home-Repair-Contract-Template-PDF-Download.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\htaccess_Backup_for_newpuppychecklist.net.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\htaccess_Backup_for_promo.dubbspotrecords.com.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\IMG_0106.JPG:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\IMG_0107.JPG:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\IMG_0109.JPG:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\listbuilding-series.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\msvcr70.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Music for Wedding.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\NinjaLocalFile:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Order-Detail-00125132.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\phonescreen-20161111T024131Z.zip:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Documents\phonescreen-20161111T024131Z.zip:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Phonescreenphotos.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Proplay adcopy..txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\rctsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\ReinstatementApplication-ICC.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Remodeling_Contract.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Rights-Owner-Repertoire.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Simms Reico.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\subscription_manager.xml:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\The-Game-by-Neil-Strauss.pdf:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Universal DJ Signature Sheet.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Universal DJ's-Artist Contract 10-20-19.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\user.ini_Backup_for_promo.dubbspotrecords.com.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\ViralMarketingMastery.docx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\webstore_cert_pem.txt:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\wendler-531-rounded-blank1.xls:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Wendler.5-3-1WorkoutSpreadsheet-v1.2-LANDSCAPE.xltx:$CmdZnID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Wendler.5-3-1WorkoutSpreadsheet-v1.2-PORTRAIT.xltx:$CmdTcID
AlternateDataStreams: C:\Users\DubbSpot\Documents\Wendler.5-3-1WorkoutSpreadsheet-v1.2-PORTRAIT.xltx:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DubbSpot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Program.lnk => C:\Windows\pss\My Program.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DubbSpot^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP DeskJet 2130 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP DeskJet 2130 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^DubbSpot^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - VCCServ.lnk => C:\Windows\pss\Monitor Ink Alerts - VCCServ.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MailStylerWarmup => C:\Program Files (x86)\Delivery Tech Corp\MailStyler 1\MailStyler.exe /warmup
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\DubbSpot\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Twittermatic Enterprise => "C:\Users\DubbSpot\AppData\Roaming\Twittermatic\TwittermaticEnterprise.exe"
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5537B483-63DE-40A2-8BBB-FB3CE30B27DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1C2E674-3440-4D06-9DBA-FBA9677BE392}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB5DF63-AA46-42B4-B5A4-CE22E463F59E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7CAAE1B9-3B6E-47CC-9914-CEDD16C3A3F1}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [UDP Query User{D1D335DD-1EA4-4BFB-9505-243E1DB0B3A4}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe
FirewallRules: [{FE56BB9F-E4BE-453A-B366-0F60ACA49192}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76FC8A9C-E38D-4B0F-B77D-009798A5D284}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE1CE8AF-8169-4E5E-AD43-F989C1A6C216}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56C82AA5-0431-4D39-836B-968517DB2750}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4EB7E51E-43BB-4642-A2C0-7864613F4600}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77FB0A89-85B0-4104-B8CE-ED3F945336C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3EC7038-BB25-45A8-A9D4-9CD8E31F4A0A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{6BE23870-DB44-430F-9FF1-733C7332F171}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{466C4EFF-4531-4355-BCA9-3AE706D68281}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D78DF784-60BF-437E-99F1-4D1BC8CA8AED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D86AA76C-F512-4F4F-AC04-A41C647F75CB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3A85C6AA-3D22-4F1C-AFC5-78AA34D123D2}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{109FD748-AA00-4655-8C5F-FD835D4F4A13}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{5373010F-9DB7-452E-8407-3A8158CAB5AC}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0007D2F9-84CB-4258-AB13-22270F0046D8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6D1AAF66-CA23-4791-9711-EEC68FC0D1AE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A6A4DCDC-7914-415F-B69A-936E60384D1A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{ABEDFBB8-FFA3-409A-8177-C04EAE29548C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A6F1F6EB-24FB-4F9A-A143-1857D2FC2724}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{23026257-C612-4EF2-9293-20F66ABE5054}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{93C8116C-02F9-46D1-8715-06ACC96600EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FBC0A50B-A02E-40E0-892A-50213ED606D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3EB58F65-E689-4FC4-A3AA-57949538A780}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B464D8E1-A381-45B7-9461-FCD8992D3655}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{849D38A1-AADD-44AD-9903-4A6857EABC03}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5F9D6A4D-14F9-4440-A6CF-A6EF17BE4DC9}] => (Allow) LPort=50248
FirewallRules: [{F79CE2B1-4EDF-465A-BC3A-FF38BB222987}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5868A853-F5E4-43A0-9F16-1C8E78CB8123}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2017 08:15:25 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/30/2017 07:34:40 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/30/2017 07:04:46 AM) (Source: PerfOS) (EventID: 2011) (User: )
Description:

Error: (01/30/2017 07:01:18 AM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (01/30/2017 07:00:59 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/30/2017 06:56:22 AM) (Source: MsiInstaller) (EventID: 11310) (User: DubbSpot-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\DubbSpot\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (01/30/2017 06:56:04 AM) (Source: MsiInstaller) (EventID: 11310) (User: DubbSpot-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\DubbSpot\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (01/30/2017 02:54:52 AM) (Source: MsiInstaller) (EventID: 11310) (User: DubbSpot-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\DubbSpot\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (01/30/2017 02:54:32 AM) (Source: MsiInstaller) (EventID: 11310) (User: DubbSpot-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\DubbSpot\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (01/29/2017 10:52:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.10.209.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e8

Start Time: 01d27a9631ca3f80

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

System errors:
=============
Error: (01/30/2017 08:26:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/30/2017 08:25:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/30/2017 08:20:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/30/2017 08:15:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MySql service failed to start due to the following error:
%%2

Error: (01/30/2017 08:15:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (01/30/2017 07:45:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/30/2017 07:41:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/30/2017 07:40:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/30/2017 07:40:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (01/30/2017 07:40:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

CodeIntegrity:
===================================
Date: 2017-01-28 10:32:12.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 10:32:12.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 10:32:11.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 10:32:10.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1075T Processor
Percentage of memory in use: 29%
Total physical RAM: 16382.18 MB
Available physical RAM: 11553.63 MB
Total Virtual: 24380.36 MB
Available Virtual: 19668.45 MB

==================== Drives ================================

Drive a: (3TB Storage) (Fixed) (Total:2794.39 GB) (Free:1306.83 GB) NTFS
Drive b: (Data) (Fixed) (Total:1796.45 GB) (Free:1096.92 GB) NTFS
Drive c: () (Fixed) (Total:251.46 GB) (Free:76.98 GB) NTFS
Drive k: (DSRBkUp) (Fixed) (Total:1862.98 GB) (Free:245.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: CA6CCA63)
Partition 1: (Active) - (Size=100 MB) - (Type=06)
Partition 2: (Not Active) - (Size=251.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1796.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6F8F30A8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Jan 30, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

I don't see much there but we can run some checks.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

BMDuBB · Jan 31, 2017

Thank you for responding! I will get this started once I get back in front of a computer this evening. Thanks again!

Broni · Jan 31, 2017

BMDuBB · Feb 1, 2017

Sorry I got in late but I will take care of it this evening. I did manage to download the software to my desktop. Thanks for your preliminary help!

BMDuBB · Feb 1, 2017

RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DubbSpot [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/01/2017 18:04:05 (Duration : 01:02:02)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #4 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-background-networking --disable-client-side-phishing-detection --disable-component-update --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --disable-web-resources --enable-logging --ignore-certificate-errors --load-component-extension="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\internal" --load-extension="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\extension_hgimnogjllphhhkhlmebbmlgjoejdpjl,C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\extension_gighmmpiobklfepjocnamgkkbiglidom" --log-level=0 --metrics-recording-only --no-first-run --password-store=basic --remote-debugging-port=12876 --safebrowsing-disable-auto-update --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_1889" --flag-switches-begin --flag-switches-end --restore-last-session data:, [x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #4 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --disable-background-networking --disable-client-side-phishing-detection --disable-component-update --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --disable-web-resources --enable-logging --ignore-certificate-errors --load-component-extension="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\internal" --load-extension="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\extension_hgimnogjllphhhkhlmebbmlgjoejdpjl,C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_5189\extension_gighmmpiobklfepjocnamgkkbiglidom" --log-level=0 --metrics-recording-only --no-first-run --password-store=basic --remote-debugging-port=12876 --safebrowsing-disable-auto-update --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Users\DubbSpot\AppData\Local\Temp\scoped_dir9424_1889" --flag-switches-begin --flag-switches-end --restore-last-session data:, [x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x][x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {109FD748-AA00-4655-8C5F-FD835D4F4A13} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5373010F-9DB7-452E-8407-3A8158CAB5AC} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {109FD748-AA00-4655-8C5F-FD835D4F4A13} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5373010F-9DB7-452E-8407-3A8158CAB5AC} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\DubbSpot\AppData\Roaming\Download Manager -> Deleted
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Deleted
[PUP.Gen0][File] C:\Program Files (x86)\Common Files\DVDVideoSoft\psvince.dll -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] d30jy3ff.default : user_pref("browser.search.selectedEngine", "Binkiland"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST4000DM000-1F2168 ATA Device +++++
--- User ---
[MBR] c8c2daf39500b13873203240ecda22c1
[BSP] b80693abeef07a8948f74aeab5eb5031 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 257490 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 527546368 | Size: 1839560 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3000DM001-1CH166 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: WD My Book 1130 USB Device +++++
--- User ---
[MBR] 0c5e15b6d4a158778b35eebf88e58e78
[BSP] 4eed9975ec72b8c9eaf0a8ad6de8bbb6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907694 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

BMDuBB · Feb 1, 2017

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/1/2017
Scan Time: 7:16 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.01.10
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DubbSpot

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349793
Time Elapsed: 28 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

BMDuBB · Feb 1, 2017

# AdwCleaner v6.043 - Logfile created 01/02/2017 at 19:53:56
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-01.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : DubbSpot - DUBBSPOT-PC
# Running from : C:\Users\DubbSpot\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\DubbSpot\AppData\Local\Geckofx

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1047 Bytes] - [01/02/2017 19:53:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [1351 Bytes] - [01/02/2017 19:50:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1193 Bytes] ##########

BMDuBB · Feb 1, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by DubbSpot (Administrator) on Wed 02/01/2017 at 20:13:44.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 18

Successfully deleted: C:\Users\DubbSpot\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVO78HK6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVN0AVGG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFUUUCLV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\DubbSpot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z0FWQS6T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVO78HK6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVN0AVGG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFUUUCLV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z0FWQS6T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\RENF247.tmp (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_25F73193062B5C497EF85883A07A6CEA (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/01/2017 at 20:29:04.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BMDuBB · Feb 1, 2017

Okay I believe I got everything posted per your instructions. Let me know if you need anything else.

Thanks!

Broni · Feb 1, 2017

Not much there so far...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

BMDuBB · Feb 1, 2017

ComboFix 17-01-29.01 - DubbSpot 02/01/2017 21:02:03.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16382.14022 [GMT -5:00]
Running from: c:\users\DubbSpot\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
FW: COMODO Firewall *Disabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DubbSpot\AppData\Roaming\chromedriver223.exe
c:\windows\SysWow64\SET63AF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2017-01-02 to 2017-02-02 )))))))))))))))))))))))))))))))
.
.
2017-02-02 02:23 . 2017-02-02 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-02 01:05 . 2017-02-02 01:05 54736 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2017-02-02 00:47 . 2017-02-02 01:08 -------- d-----w- C:\AdwCleaner
2017-02-01 23:04 . 2017-02-01 23:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-01 23:02 . 2017-02-01 23:02 -------- d-----w- c:\program files\RogueKiller
2017-02-01 23:01 . 2017-02-02 00:13 -------- d-----w- c:\programdata\RogueKiller
2017-02-01 13:31 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9B6C5F6-48E6-4D54-AF08-D8CE56CA94CE}\mpengine.dll
2017-01-31 01:04 . 2017-01-31 01:04 -------- d-----w- c:\users\DubbSpot\AppData\Local\ESET
2017-01-30 13:32 . 2017-01-30 13:39 -------- d-----w- C:\FRST
2017-01-30 12:01 . 2013-07-02 21:29 24824 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2017-01-30 03:26 . 2016-12-30 22:43 12229912 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-01-29 01:21 . 2017-01-29 01:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2017-01-29 00:13 . 2017-01-29 00:13 -------- d-----w- c:\program files\HitmanPro
2017-01-29 00:05 . 2017-01-29 00:05 -------- d-----w- c:\users\DubbSpot\AppData\Roaming\SUPERAntiSpyware.com
2017-01-29 00:04 . 2017-01-29 00:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2017-01-29 00:04 . 2017-01-29 00:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2017-01-29 00:03 . 2017-01-29 01:21 -------- d-----w- c:\programdata\HitmanPro
2017-01-28 21:26 . 2017-01-28 21:26 -------- d-----w- c:\users\DubbSpot\AppData\Local\Western Digital
2017-01-28 21:25 . 2017-01-28 21:25 -------- d-----w- c:\users\DubbSpot\AppData\Local\Western_Digital_Technolog
2017-01-28 21:21 . 2017-01-28 21:21 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2017-01-28 21:21 . 2017-01-28 21:21 -------- d-----w- c:\program files (x86)\Western Digital
2017-01-28 21:21 . 2017-01-28 21:21 -------- d-----w- c:\program files\Common Files\Western Digital
2017-01-28 21:21 . 2017-01-28 21:21 -------- d-----w- c:\programdata\Western Digital
2017-01-28 21:21 . 2017-01-28 21:21 -------- d-----w- c:\program files\Western Digital
2017-01-28 15:48 . 2017-01-28 15:48 -------- d-----w- c:\programdata\ATI
2017-01-28 15:45 . 2017-02-02 00:54 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-01-28 15:06 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-01-28 15:06 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-01-28 15:06 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2017-01-28 15:06 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-01-28 15:06 . 2017-01-28 15:06 -------- d-----w- c:\program files (x86)\VulkanRT
2017-01-25 16:46 . 2017-01-25 16:46 -------- d-----w- c:\program files (x86)\RAR Password Cracker
2017-01-25 16:01 . 2017-01-25 16:01 -------- d-----w- c:\windows\Intuit
2017-01-25 15:50 . 2017-01-25 15:50 -------- d-----w- c:\program files (x86)\Akamai
2017-01-24 02:09 . 2017-01-24 02:09 -------- d-----w- c:\program files\iPod
2017-01-24 02:09 . 2017-01-24 02:09 -------- d-----w- c:\program files\iTunes
2017-01-17 23:07 . 2017-01-17 23:07 230480 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2017-01-12 19:14 . 2017-01-24 00:03 46192 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-01-12 19:14 . 2017-01-24 00:03 46192 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-01-12 19:14 . 2017-01-24 00:03 46192 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-01-11 17:02 . 2017-01-11 17:02 -------- d-----w- c:\programdata\boost_interprocess
2017-01-11 16:10 . 2017-01-11 16:25 440800 ----a-w- c:\windows\system32\AcSignOpt.exe
2017-01-11 15:46 . 2017-02-01 22:36 -------- d-----w- c:\users\DubbSpot\AppData\Local\Akamai
2017-01-09 19:31 . 2017-01-09 19:31 -------- d-----w- c:\users\DubbSpot\AppData\Roaming\Hulubulu
2017-01-09 16:47 . 2017-01-09 16:47 -------- d-----w- c:\program files (x86)\Advanced Renamer
2017-01-09 15:42 . 2017-02-02 01:03 -------- d-----r- c:\users\DubbSpot\Dropbox
2017-01-09 15:36 . 2017-01-09 15:36 -------- d-----w- c:\users\DubbSpot\AppData\Roaming\Dropbox
2017-01-09 15:36 . 2017-01-24 00:04 -------- d-----w- c:\program files (x86)\Dropbox
2017-01-09 15:36 . 2017-01-09 15:42 -------- d-----w- c:\users\DubbSpot\AppData\Local\Dropbox
2017-01-09 15:36 . 2017-01-09 15:36 -------- d-----w- c:\programdata\Dropbox
2017-01-08 02:16 . 2017-01-08 02:16 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2017-01-08 02:16 . 2017-01-08 02:16 -------- d-----w- c:\program files (x86)\HP Photo Creations
2017-01-08 02:16 . 2017-01-08 02:16 -------- d-----w- c:\programdata\Visan
2017-01-08 02:16 . 2017-01-08 02:16 -------- d-----w- c:\programdata\HP Photo Creations
2017-01-08 02:16 . 2017-01-15 02:57 -------- d-----w- c:\users\DubbSpot\AppData\Roaming\HpUpdate
2017-01-08 02:15 . 2017-01-08 02:16 -------- d-----w- c:\program files (x86)\HP
2017-01-08 02:15 . 2017-01-08 02:15 -------- d-----w- c:\program files\HP
2017-01-08 02:14 . 2017-01-08 02:15 -------- d-----w- c:\programdata\HP
2017-01-08 02:09 . 2017-01-08 02:17 -------- d-----w- c:\users\DubbSpot\AppData\Local\HP
2017-01-05 23:15 . 2017-01-05 23:15 -------- d-----w- c:\users\DubbSpot\AppData\Roaming\com.theta360.SphericalViewer
2017-01-05 23:15 . 2017-01-05 23:15 -------- d-----w- c:\program files (x86)\RICOH THETA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-02 00:16 . 2015-12-03 19:30 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-28 21:22 . 2016-04-19 17:02 23200 ----a-w- c:\windows\system32\drivers\wdcsam64_prewin8.sys
2017-01-28 20:53 . 2015-04-30 05:01 23200 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
2017-01-28 15:39 . 2016-10-05 01:08 2132872 ----a-w- c:\windows\SysWow64\amfrt32.dll
2017-01-28 15:39 . 2016-10-05 01:09 349064 ----a-w- c:\windows\system32\ATIODE.exe
2017-01-28 15:39 . 2016-10-05 01:08 112520 ----a-w- c:\windows\system32\OpenCL.dll
2017-01-28 15:39 . 2016-10-05 01:08 103304 ----a-w- c:\windows\SysWow64\OpenCL.dll
2017-01-28 15:39 . 2015-06-23 01:58 38268808 ----a-w- c:\windows\SysWow64\amdocl.dll
2017-01-28 15:38 . 2016-10-05 01:08 892296 ----a-w- c:\windows\system32\coinst_16.40.dll
2017-01-28 15:38 . 2015-06-23 01:55 21640584 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2017-01-28 15:38 . 2016-10-05 01:10 519048 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2017-01-28 15:38 . 2015-06-23 01:10 175496 ----a-w- c:\windows\SysWow64\atigktxx.dll
2017-01-28 15:38 . 2016-10-05 01:10 107400 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2017-01-28 15:38 . 2016-10-05 01:10 107400 ----a-w- c:\windows\system32\atiglpxx.dll
2017-01-28 15:38 . 2016-10-05 01:10 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2017-01-28 15:38 . 2016-10-05 01:09 136584 ----a-w- c:\windows\system32\atisamu64.dll
2017-01-28 15:38 . 2016-10-05 01:09 117640 ----a-w- c:\windows\SysWow64\atisamu32.dll
2017-01-28 15:38 . 2016-10-05 01:09 67464 ----a-w- c:\windows\system32\ATIODCLI.exe
2017-01-28 15:38 . 2016-10-05 01:09 201608 ----a-w- c:\windows\system32\atig6txx.dll
2017-01-28 15:38 . 2016-10-05 01:09 122760 ----a-w- c:\windows\system32\atig6pxx.dll
2017-01-28 15:38 . 2016-10-05 01:10 123776 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2017-01-28 15:38 . 2016-10-05 01:10 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2017-01-28 15:38 . 2016-10-05 01:08 625032 ----a-w- c:\windows\SysWow64\amdlvr32.dll
2017-01-28 15:38 . 2016-10-05 01:09 1551344 ----a-w- c:\windows\system32\aticfx64.dll
2017-01-28 15:38 . 2016-10-05 01:08 134536 ----a-w- c:\windows\SysWow64\amduve32.dll
2017-01-28 15:38 . 2016-10-05 01:09 1274256 ----a-w- c:\windows\SysWow64\aticfx32.dll
2017-01-28 15:38 . 2016-10-05 01:08 8065928 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2017-01-28 15:38 . 2016-10-05 01:10 240008 ----a-w- c:\windows\SysWow64\GameManager32.dll
2017-01-28 15:38 . 2016-10-05 01:09 145400 ----a-w- c:\windows\system32\amdave64.dll
2017-01-28 15:38 . 2016-10-05 01:09 141280 ----a-w- c:\windows\system32\amdhcp64.dll
2017-01-28 15:38 . 2016-10-05 01:09 125288 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2017-01-28 15:38 . 2016-10-05 01:09 124776 ----a-w- c:\windows\SysWow64\amdave32.dll
2017-01-28 15:38 . 2016-10-05 01:08 66440 ----a-w- c:\windows\SysWow64\amdmcl32.dll
2017-01-28 15:38 . 2016-10-05 01:10 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2017-01-24 00:03 . 2016-12-21 18:15 46400 ----a-w- c:\windows\system32\DbxSvc.exe
2017-01-19 19:50 . 2015-08-04 06:25 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2017-01-16 18:35 . 2008-05-16 23:19 38400 ----a-w- c:\windows\HPLTLNK.EXE
2017-01-11 15:50 . 2015-06-26 04:34 400544 ----a-w- c:\windows\SysWow64\vcamp140.dll
2017-01-11 08:00 . 2015-02-07 11:42 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-10 19:00 . 2015-02-05 23:25 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 19:00 . 2015-02-05 23:25 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-10 19:00 . 2016-12-13 21:00 20358232 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2017-01-08 02:14 . 2015-10-23 12:06 388784 ----a-w- c:\windows\system32\hpinkstsE111LM.dll
2017-01-08 02:14 . 2015-10-23 12:06 323248 ----a-w- c:\windows\system32\hpinkcoiE111.dll
2017-01-08 02:14 . 2015-10-23 12:06 2946224 ----a-w- c:\windows\system32\hpinkinsE111.exe
2016-12-24 10:35 . 2016-12-24 10:36 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-12-24 10:35 . 2015-04-11 17:58 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-12-24 10:34 . 2016-12-24 10:34 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-12-19 02:11 . 2016-12-19 02:11 45056 ----a-r- c:\users\DubbSpot\AppData\Roaming\Microsoft\Installer\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}\ARPPRODUCTICON.exe
2016-12-19 02:11 . 2016-12-19 02:11 45056 ----a-r- c:\users\DubbSpot\AppData\Roaming\Microsoft\Installer\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}\_Built21_61F855D084594F648FC7A881F8201FCB.exe
2016-12-19 02:11 . 2016-12-19 02:11 45056 ----a-r- c:\users\DubbSpot\AppData\Roaming\Microsoft\Installer\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}\_Built2_0E6057F12D5E4FDBBD47A7827F20597C.exe
2016-12-14 03:31 . 2016-12-14 03:31 25759744 ----a-w- c:\windows\system32\mshtml.dll
2016-12-14 03:31 . 2016-12-14 03:31 6049280 ----a-w- c:\windows\system32\jscript9.dll
2016-12-14 03:31 . 2016-12-14 03:31 15257088 ----a-w- c:\windows\system32\ieframe.dll
2016-12-14 03:31 . 2016-12-14 03:31 633296 ----a-w- c:\windows\system32\winload.exe
2016-12-14 03:31 . 2016-12-14 03:31 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-12-14 03:31 . 2016-12-14 03:31 3244032 ----a-w- c:\windows\system32\msi.dll
2016-12-14 03:31 . 2016-12-14 03:31 3219456 ----a-w- c:\windows\system32\win32k.sys
2016-12-14 03:31 . 2016-12-14 03:31 2920960 ----a-w- c:\windows\system32\wininet.dll
2016-12-14 03:31 . 2016-12-14 03:31 2444800 ----a-w- c:\windows\SysWow64\wininet.dll
2016-12-14 03:31 . 2016-12-14 03:31 1483264 ----a-w- c:\windows\system32\crypt32.dll
2016-12-14 03:31 . 2016-12-14 03:31 802304 ----a-w- c:\windows\system32\usp10.dll
2016-12-14 03:31 . 2016-12-14 03:31 631176 ----a-w- c:\windows\system32\winresume.efi
2016-12-14 03:31 . 2016-12-14 03:31 467392 ----a-w- c:\windows\system32\drivers\cng.sys
2016-12-14 03:31 . 2016-12-14 03:31 404992 ----a-w- c:\windows\system32\gdi32.dll
2016-12-14 03:31 . 2016-12-14 03:31 3944680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-12-14 03:31 . 2016-12-14 03:31 394448 ----a-w- c:\windows\system32\iedkcs32.dll
2016-12-14 03:31 . 2016-12-14 03:31 370920 ----a-w- c:\windows\system32\clfs.sys
2016-12-14 03:31 . 2016-12-14 03:31 346112 ----a-w- c:\windows\system32\bcdedit.exe
2016-12-14 03:31 . 2016-12-14 03:31 2365440 ----a-w- c:\windows\SysWow64\msi.dll
2016-12-14 03:31 . 2016-12-14 03:31 229376 ----a-w- c:\windows\system32\wintrust.dll
2016-12-14 03:31 . 2016-12-14 03:31 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll
2016-12-14 03:31 . 2016-12-14 03:31 114408 ----a-w- c:\windows\system32\consent.exe
2016-12-14 03:31 . 2016-12-14 03:31 1009152 ----a-w- c:\windows\system32\user32.dll
2016-12-14 03:31 . 2016-12-14 03:31 706792 ----a-w- c:\windows\system32\winload.efi
2016-12-14 03:31 . 2016-12-14 03:31 5547752 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-12-14 03:31 . 2016-12-14 03:31 4000488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-12-14 03:31 . 2016-12-14 03:31 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-12-14 03:31 . 2016-12-14 03:31 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-12-14 03:31 . 2016-12-14 03:31 1543680 ----a-w- c:\windows\system32\urlmon.dll
2016-12-14 03:31 . 2016-12-14 03:31 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-12-14 03:31 . 2016-12-14 03:31 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-12-14 03:31 . 2016-12-14 03:31 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-12-14 03:31 . 2016-12-14 03:31 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-12-14 03:31 . 2016-12-14 03:31 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-12-14 03:31 . 2016-12-14 03:31 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-12-14 03:31 . 2016-12-14 03:31 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2016-12-14 03:31 . 2016-12-14 03:31 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-12-14 03:31 . 2016-12-14 03:31 109568 ----a-w- c:\windows\system32\hlink.dll
2016-12-14 03:31 . 2016-12-14 03:31 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-12-14 03:31 . 2016-12-14 03:31 817664 ----a-w- c:\windows\system32\jscript.dll
2016-12-14 03:31 . 2016-12-14 03:31 806912 ----a-w- c:\windows\system32\msfeeds.dll
2016-12-14 03:31 . 2016-12-14 03:31 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-12-14 03:31 . 2016-12-14 03:31 576000 ----a-w- c:\windows\system32\vbscript.dll
2016-12-14 03:31 . 2016-12-14 03:31 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-12-14 03:31 . 2016-12-14 03:31 2896384 ----a-w- c:\windows\system32\iertutil.dll
2016-12-14 03:31 . 2016-12-14 03:31 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-12-14 03:31 . 2016-12-14 03:31 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-12-14 03:31 . 2016-12-14 03:31 128512 ----a-w- c:\windows\system32\msiexec.exe
2016-12-14 03:31 . 2016-12-14 03:31 615936 ----a-w- c:\windows\system32\ieui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 360776 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.11.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap Business\ashsnap.exe" [2015-07-18 7803240]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2016-09-28 978456]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2017-01-11 1283112]
"Akamai NetSession Interface"="c:\users\DubbSpot\AppData\Local\Akamai\netsession_win.exe" [2017-01-11 4691384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2017-01-08 96056]
"GoPro Studio Importer"="c:\program files (x86)\GoPro\Tools\Importer\GoPro Importer.exe" [2015-07-27 3217672]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2017-01-24 26142864]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2015-02-07 89184]
"Autodesk Desktop App"="c:\program files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" [2017-01-11 721856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2017-01-24 67384]
"ADSKAppManager"="c:\program files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" [2017-01-11 721856]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2017-01-11 1283112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2014-11-12 2756856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdPlusAndroidSvc;BlueStacks Plus Android Service;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Plus-Service.exe BstHdPlusAndroidSvc Android [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdAppMgrSvc;Autodesk Desktop App Service;c:\program files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe ;c:\program files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstkDrv;BlueStacks Plus Hypervisor;c:\program files (x86)\BlueStacks\BstkDrv.sys;c:\program files (x86)\BlueStacks\BstkDrv.sys [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 gramblrclient;Windows Connectivity Manager for Gramblr;c:\program files\Gramblr\gramblr.exe;c:\program files\Gramblr\gramblr.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x]
S2 PlaysService;Plays.tv Update Service;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe;c:\program files (x86)\Raptr Inc\PlaysTV\plays_service.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;c:\windows\system32\DRIVERS\CMUSBDAC.sys;c:\windows\SYSNATIVE\DRIVERS\CMUSBDAC.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64_prewin8.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64_prewin8.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-14 23:24 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-01-17 23:07 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 19:00]
.
2017-02-02 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-09 15:35]
.
2017-02-02 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-09 15:35]
.
2017-02-02 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
- c:\users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupdate.exe [2017-01-26 09:39]
.
2017-02-02 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
- c:\users\DubbSpot\AppData\Local\Citrix\GoToMeeting\6291\g2mupload.exe [2017-01-26 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-01-18 18:34 464712 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.11.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-06-09 1427648]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\
FF - prefs.js: browser.search.selectedEngine - Binkiland
FF - prefs.js: browser.startup.homepage - hxxp://google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Audello - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0A653CD-9E95-4E79-8842-7AFBEE87CB69}*]
"hagiagkjlmdhmjig"=hex:6a,61,66,6b,66,6e,6c,64,6d,69,6b,66,6e,63,6d,68,64,63,
6f,67,00,00
"iaaiclhmlaejoflapo"=hex:63,61,62,6b,64,6c,00,00
"iamhkpkbfokmcjhfdi"=hex:6a,61,66,6b,66,6e,6c,64,6d,69,6b,66,6e,63,6d,68,64,63,
6f,67,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2017-02-01 21:35:34
ComboFix-quarantined-files.txt 2017-02-02 02:35
.
Pre-Run: 42,939,760,640 bytes free
Post-Run: 80,712,163,328 bytes free
.
- - End Of File - - F47BF690ECC8299D2C47320916257B20
A36C5E4F47E84449FF07ED3517B43A31

Broni · Feb 1, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

BMDuBB · Feb 1, 2017

S
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by DubbSpot (administrator) on DUBBSPOT-PC (01-02-2017 21:55:50)
Running from C:\Users\DubbSpot\Desktop
Loaded Profiles: DubbSpot (Available Profiles: DubbSpot)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Gramblr\gramblr.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Sysinternals) C:\ComboFix\handle64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-09] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2017-01-07] (Hewlett-Packard)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3217672 2015-07-27] (GoPro)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2015-02-07] (Microsoft Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2017-01-11] (Autodesk, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-23] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2017-01-11] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap Business\ashsnap.exe [7803240 2015-07-18] (Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [978456 2016-09-28] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2017-01-11] (Autodesk, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Run: [Akamai NetSession Interface] => C:\Users\DubbSpot\AppData\Local\Akamai\netsession_win.exe [4691384 2017-01-11] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2017-01-11] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2756856 2014-11-12] (ASUS)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{012F9E52-7670-4F31-906B-888936A29D77}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1849667277-3262961879-3532140888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-24] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1849667277-3262961879-3532140888-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FireFox:
========
FF ProfilePath: C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Binkiland
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-02-08] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-02-08] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-10-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1849667277-3262961879-3532140888-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DubbSpot\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-31] (Citrix Online)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-08-20]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\2020Player_WEB@2020Technologies.com [2016-08-20]
FF Extension: ColorZilla - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-07]
FF Extension: Flash and Video Download - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-01]
FF Extension: MEGA - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\firefox@mega.co.nz.xpi [2015-04-15]
FF Extension: Gmail™ Notifier (restartless) - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-02-05]
FF Extension: Pin It button - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-09-22]
FF Extension: SpyBar - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\jid1-zcEbrNVnbrrn1w@jetpack.xpi [2016-03-23]
FF Extension: MozBar - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\toolbar@seomoz.org.xpi [2015-06-02]
FF Extension: Adblock Plus - C:\Users\DubbSpot\AppData\Roaming\Mozilla\Firefox\Profiles\d30jy3ff.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-17]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-05]

Chrome:
=======
CHR Profile: C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-26]
CHR Extension: (SEOquake) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-06-13]
CHR Extension: (Shopified App) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aogkkekoinpipjlolpcicigndjlcpdcn [2016-10-11]
CHR Extension: (Google Docs) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-26]
CHR Extension: (Google Drive) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-26]
CHR Extension: (YouTube) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-26]
CHR Extension: (Adblock Plus) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-03]
CHR Extension: (Ebates Cash Back) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-11-25]
CHR Extension: (Google Search) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-26]
CHR Extension: (SpyBar) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcihmjnfimlnmdjoddhjfiihbfpcnfk [2016-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-26]
CHR Extension: (Google Sheets) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Instamate) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgflmpanpcmhbeaifaefokfohogffa [2016-03-14]
CHR Extension: (Facebook Invite tool) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaifokiheokkmppijigppfdibninfao [2016-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-26]
CHR Extension: (Gmail) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Extension: (Viral Autobot Downloader) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpbjohookhlmgpingoadimlhmiehemp [2016-01-08]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\DubbSpot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2017-01-11] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2017-01-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-01-23] (Apple Inc.)
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2017-01-11] (Autodesk, Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [445976 2016-09-28] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [425496 2016-09-28] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [462360 2016-09-28] (BlueStack Systems, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-09] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-23] (Dropbox, Inc.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10274384 2017-01-31] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-28] (SurfRight B.V.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MySQL5; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2016-09-12] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-12-01] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-08] (Microsoft Corporation)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 MySql; C:\mysql\bin\mysqld-nt.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-08-02] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797256 2015-06-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-06-05] (COMODO)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2015-02-11] (C-MEDIA)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-01] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104584 2015-06-05] (COMODO)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-11-30] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-11-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2017-01-28] (Western Digital Technologies)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 21:35 - 2017-02-01 21:35 - 00040105 _____ C:\ComboFix.txt
2017-02-01 20:58 - 2017-02-01 21:35 - 00000000 ____D C:\ComboFix
2017-02-01 20:58 - 2017-02-01 20:46 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00256000 _____ C:\Windows\PEV.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00208896 _____ C:\Windows\MBR.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00098816 _____ C:\Windows\sed.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00080412 _____ C:\Windows\grep.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00068096 _____ C:\Windows\zip.exe
2017-02-01 20:58 - 2017-02-01 20:46 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-01 20:48 - 2017-02-01 21:35 - 00000000 ____D C:\Qoobox
2017-02-01 20:47 - 2017-02-01 21:29 - 00000000 ____D C:\Windows\erdnt
2017-02-01 20:38 - 2017-02-01 20:38 - 05659775 ____R (Swearware) C:\Users\DubbSpot\Desktop\ComboFix.exe
2017-02-01 20:29 - 2017-02-01 20:29 - 00003500 _____ C:\Users\DubbSpot\Desktop\JRT.txt
2017-02-01 20:12 - 2017-02-01 20:12 - 01599379 _____ C:\Users\DubbSpot\Desktop\JRT.rar
2017-02-01 20:05 - 2017-02-01 20:05 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-01 19:48 - 2017-02-01 19:48 - 04015056 _____ C:\Users\DubbSpot\Desktop\adwcleaner_6.043.exe
2017-02-01 19:47 - 2017-02-01 20:08 - 00000000 ____D C:\AdwCleaner
2017-02-01 18:04 - 2017-02-01 18:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-01 18:02 - 2017-02-01 18:02 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-01 18:02 - 2017-02-01 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-01 18:02 - 2017-02-01 18:02 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-01 18:01 - 2017-02-01 19:13 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-31 18:41 - 2017-01-31 18:41 - 00341784 _____ C:\Users\DubbSpot\Documents\virusname.txt
2017-01-31 03:57 - 2017-01-31 03:57 - 01663040 _____ (Malwarebytes) C:\Users\DubbSpot\Desktop\JRT.exe
2017-01-31 03:55 - 2017-01-31 03:56 - 34821984 _____ (Adlice Software ) C:\Users\DubbSpot\Desktop\setup.exe
2017-01-30 20:04 - 2017-01-30 20:04 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\ESET
2017-01-30 08:38 - 2017-01-30 08:40 - 00266024 _____ C:\Users\DubbSpot\Desktop\Addition.txt
2017-01-30 08:33 - 2017-02-01 21:58 - 00026792 _____ C:\Users\DubbSpot\Desktop\FRST.txt
2017-01-30 08:32 - 2017-02-01 21:56 - 00000000 ____D C:\FRST
2017-01-30 08:29 - 2017-01-30 08:32 - 02193920 _____ (Farbar) C:\Users\DubbSpot\Desktop\FRST64.exe
2017-01-30 07:35 - 2017-02-01 19:57 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-30 07:01 - 2013-07-02 16:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2017-01-28 21:37 - 2017-01-28 21:40 - 00000000 _____ C:\Windows\system32\0
2017-01-28 21:18 - 2017-01-28 21:18 - 00000000 ____D C:\Windows\pss
2017-01-28 21:01 - 2017-01-28 21:59 - 00001023 _____ C:\Users\DubbSpot\Desktop\startup.txt
2017-01-28 20:21 - 2017-01-28 20:21 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-01-28 19:13 - 2017-01-28 19:34 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-28 19:13 - 2017-01-28 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-28 19:13 - 2017-01-28 19:13 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-28 19:05 - 2017-01-28 19:05 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\SUPERAntiSpyware.com
2017-01-28 19:04 - 2017-01-28 19:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-28 19:04 - 2017-01-28 19:04 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-01-28 19:04 - 2017-01-28 19:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-28 19:04 - 2017-01-28 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-28 19:03 - 2017-01-28 20:21 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-28 19:00 - 2017-01-28 19:00 - 29025312 _____ (SUPERAntiSpyware) C:\Users\DubbSpot\Downloads\SUPERAntiSpyware.exe
2017-01-28 18:59 - 2017-01-28 19:01 - 11581544 _____ (SurfRight B.V.) C:\Users\DubbSpot\Desktop\hitmanpro_x64.exe
2017-01-28 18:20 - 2017-01-28 18:20 - 00000000 ____D C:\Users\DubbSpot\Desktop\rkill
2017-01-28 18:19 - 2017-01-28 18:51 - 00003620 _____ C:\Users\DubbSpot\Desktop\Rkill.txt
2017-01-28 18:17 - 2015-03-01 12:49 - 01623456 _____ (Bleeping Computer, LLC) C:\Users\DubbSpot\Desktop\rkill.com
2017-01-28 16:40 - 2017-01-28 16:40 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital

BMDuBB · Feb 1, 2017

2017-01-28 16:26 - 2017-01-28 16:26 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Western Digital
2017-01-28 16:25 - 2017-01-28 16:25 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Western_Digital_Technolog
2017-01-28 16:23 - 2017-01-28 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-01-28 16:22 - 2017-01-28 16:23 - 00010128 _____ C:\Windows\DPINST.LOG
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-01-28 16:21 - 2017-01-28 16:21 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-28 10:50 - 2017-01-28 10:50 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\AMD
2017-01-28 10:48 - 2017-01-28 10:48 - 00000000 ____D C:\ProgramData\ATI
2017-01-28 10:45 - 2017-02-01 19:54 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-28 10:21 - 2017-01-28 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Pro and AMD FirePro Settings
2017-01-28 10:17 - 2017-01-28 10:17 - 00057781 _____ C:\Windows\SysWOW64\CCCInstall_201701281017555520.log
2017-01-28 10:06 - 2017-01-28 10:06 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-28 10:06 - 2016-09-09 13:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-01-28 10:06 - 2016-09-09 13:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-01-28 10:06 - 2016-09-09 13:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-01-28 10:06 - 2016-09-09 13:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-01-25 22:17 - 2017-01-28 09:13 - 00006358 _____ C:\Users\DubbSpot\Desktop\latest.txt
2017-01-25 19:38 - 2017-01-25 19:38 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\Google
2017-01-25 19:37 - 2017-01-25 19:37 - 00002172 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-01-25 19:37 - 2017-01-25 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2017-01-25 11:46 - 2017-01-25 11:46 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
2017-01-25 11:46 - 2017-01-25 11:46 - 00000000 ____D C:\Program Files (x86)\RAR Password Cracker
2017-01-25 11:01 - 2017-01-25 11:01 - 00003158 _____ C:\Windows\System32\Tasks\{F9EE1FD1-000A-465A-AFAE-6CE58EB251A1}
2017-01-25 11:01 - 2017-01-25 11:01 - 00000000 ____D C:\Windows\Intuit
2017-01-25 10:50 - 2017-01-25 10:57 - 665847096 _____ (Intuit, Inc. ) C:\Users\DubbSpot\Desktop\QuickBooksPro2017.exe
2017-01-25 10:50 - 2017-01-25 10:50 - 00000764 _____ C:\Users\DubbSpot\Desktop\Setup_QuickBooksPro2017.lnk
2017-01-25 10:50 - 2017-01-25 10:50 - 00000000 ____D C:\Program Files (x86)\Akamai
2017-01-24 12:10 - 2017-01-24 12:10 - 00000404 _____ C:\Users\DubbSpot\Downloads\Hits 1-26-16.txt
2017-01-23 21:09 - 2017-01-23 21:09 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\Program Files\iTunes
2017-01-23 21:09 - 2017-01-23 21:09 - 00000000 ____D C:\Program Files\iPod
2017-01-23 19:03 - 2017-01-23 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-22 20:50 - 2017-01-26 06:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-22 20:50 - 2017-01-22 20:50 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-01-19 14:55 - 2017-01-19 14:55 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201701191455425123.log
2017-01-17 18:54 - 2017-01-17 18:54 - 00222275 _____ C:\Users\DubbSpot\Downloads\final.m4a
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-23 19:03 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-11 12:06 - 2017-01-11 12:06 - 00000118 _____ C:\Users\DubbSpot\Documents\acad.err
2017-01-11 12:02 - 2017-01-11 12:02 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-11 11:47 - 2017-01-11 11:47 - 00027193 _____ C:\Users\Public\Documents\AdApplicationManager-install.log
2017-01-11 11:45 - 2017-01-11 11:45 - 00002003 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2017-01-11 11:42 - 2017-01-11 11:42 - 00002075 _____ C:\Users\Public\Desktop\Autodesk ReCap 360.lnk
2017-01-11 11:38 - 2017-01-11 11:38 - 00002412 _____ C:\Users\Public\Desktop\AutoCAD Architecture 2017 - English (US Imperial).lnk
2017-01-11 11:38 - 2017-01-11 11:38 - 00002402 _____ C:\Users\Public\Desktop\AutoCAD Architecture 2017 - English (Global).lnk
2017-01-11 11:28 - 2017-01-11 11:28 - 00000000 ____D C:\Users\DubbSpot\Documents\Inventor Server SDK ACAD 2017
2017-01-11 11:10 - 2017-01-11 11:25 - 00440800 _____ (Autodesk, Inc.) C:\Windows\system32\AcSignOpt.exe
2017-01-11 10:46 - 2017-02-01 17:36 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Akamai
2017-01-11 09:49 - 2017-01-11 09:49 - 00002042 _____ C:\Users\Public\Desktop\Content Service - Configuration Console.lnk
2017-01-11 09:49 - 2017-01-11 09:49 - 00000994 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk
2017-01-10 22:58 - 2017-01-10 22:58 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 22:58 - 2017-01-10 22:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 22:58 - 2017-01-10 22:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 22:58 - 2017-01-10 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-09 14:31 - 2017-01-09 14:31 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Hulubulu
2017-01-09 11:47 - 2017-01-09 11:47 - 00001043 _____ C:\Users\DubbSpot\Desktop\Advanced Renamer.lnk
2017-01-09 11:47 - 2017-01-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
2017-01-09 11:47 - 2017-01-09 11:47 - 00000000 ____D C:\Program Files (x86)\Advanced Renamer
2017-01-09 10:42 - 2017-02-01 20:03 - 00000000 ___RD C:\Users\DubbSpot\Dropbox
2017-01-09 10:42 - 2017-01-09 10:42 - 00001230 _____ C:\Users\DubbSpot\Desktop\Dropbox.lnk
2017-01-09 10:36 - 2017-02-01 21:47 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-09 10:36 - 2017-02-01 19:57 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-09 10:36 - 2017-01-23 19:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-09 10:36 - 2017-01-09 10:42 - 00003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-09 10:36 - 2017-01-09 10:42 - 00003656 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-09 10:36 - 2017-01-09 10:42 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Dropbox
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Dropbox
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\ProgramData\Dropbox
2017-01-07 21:16 - 2017-01-14 21:57 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\HpUpdate
2017-01-07 21:16 - 2017-01-07 21:16 - 00003606 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 2130 series
2017-01-07 21:16 - 2017-01-07 21:16 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\Visan
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-01-07 21:16 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-07 21:15 - 2017-01-07 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-07 21:15 - 2017-01-07 21:16 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-07 21:15 - 2017-01-07 21:15 - 00002212 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2017-01-07 21:15 - 2017-01-07 21:15 - 00001159 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 2130 series.lnk
2017-01-07 21:15 - 2017-01-07 21:15 - 00000000 ____D C:\Program Files\HP
2017-01-07 21:14 - 2017-01-07 21:15 - 00000000 ____D C:\ProgramData\HP
2017-01-07 21:14 - 2017-01-07 21:14 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-07 21:09 - 2017-01-07 21:17 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\HP
2017-01-05 18:15 - 2017-01-05 18:15 - 00000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RICOH THETA.lnk
2017-01-05 18:15 - 2017-01-05 18:15 - 00000901 _____ C:\Users\Public\Desktop\RICOH THETA.lnk
2017-01-05 18:15 - 2017-01-05 18:15 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\com.theta360.SphericalViewer
2017-01-05 18:15 - 2017-01-05 18:15 - 00000000 ____D C:\Program Files (x86)\RICOH THETA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 21:59 - 2016-01-08 09:39 - 00000000 ____D C:\ProgramData\Gramblr
2017-02-01 21:38 - 2016-11-19 10:31 - 00000000 ____D C:\Users\DubbSpot\AppData\LocalLow\Mozilla
2017-02-01 21:26 - 2016-05-31 13:49 - 00000580 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
2017-02-01 21:23 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-02-01 21:00 - 2015-02-05 18:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-01 20:46 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2017-02-01 20:25 - 2009-07-13 23:45 - 00025056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-01 20:25 - 2009-07-13 23:45 - 00025056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-01 20:20 - 2015-02-05 15:31 - 02084839 _____ C:\Windows\WindowsUpdate.log
2017-02-01 20:18 - 2016-05-31 13:49 - 00000676 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000.job
2017-02-01 19:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-01 19:56 - 2009-07-13 23:51 - 00090706 _____ C:\Windows\setupact.log
2017-02-01 19:16 - 2015-12-03 14:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 17:58 - 2015-02-05 20:16 - 00000000 ____D C:\Users\DubbSpot\Documents\Outlook Files
2017-02-01 02:04 - 2015-02-05 16:39 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Adobe
2017-01-31 16:06 - 2016-01-08 09:40 - 00000000 ____D C:\Program Files\Gramblr
2017-01-30 09:16 - 2009-07-14 00:13 - 00913550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-28 21:20 - 2015-02-05 20:13 - 00484326 _____ C:\Windows\PFRO.log
2017-01-28 21:17 - 2015-07-15 07:26 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Raptr
2017-01-28 21:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2017-01-28 20:24 - 2015-06-20 17:37 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\CrashDumps
2017-01-28 20:21 - 2016-03-19 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeTrafficScraper
2017-01-28 20:21 - 2016-03-19 13:17 - 00000000 ____D C:\Program Files (x86)\TubeTrafficScraper
2017-01-28 18:09 - 2015-02-11 13:57 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Skype
2017-01-28 17:20 - 2015-02-05 14:44 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\AMD
2017-01-28 16:22 - 2016-04-19 12:02 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64_prewin8.sys
2017-01-28 16:19 - 2015-02-05 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-28 15:53 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2017-01-28 12:23 - 2016-10-23 14:17 - 00000000 ____D C:\Users\Public\HTAdvantageData
2017-01-28 12:08 - 2015-03-10 22:30 - 00000000 ____D C:\Program Files (x86)\Incansoft
2017-01-28 12:07 - 2015-03-10 22:30 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Incansoft
2017-01-28 10:39 - 2016-10-04 20:09 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2017-01-28 10:39 - 2016-10-04 20:08 - 02132872 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-01-28 10:39 - 2016-10-04 20:08 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-28 10:39 - 2016-10-04 20:08 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-28 10:39 - 2015-06-22 20:58 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00519048 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-01-28 10:38 - 2016-10-04 20:10 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2017-01-28 10:38 - 2016-10-04 20:10 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 01551344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 01274256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-01-28 10:38 - 2016-10-04 20:09 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2017-01-28 10:38 - 2016-10-04 20:08 - 08065928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00892296 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00625032 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2017-01-28 10:38 - 2016-10-04 20:08 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-01-28 10:38 - 2015-06-22 20:55 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2017-01-28 10:38 - 2015-06-22 20:10 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-01-28 10:20 - 2015-02-05 15:24 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-28 10:18 - 2015-02-05 15:24 - 00000000 ____D C:\Program Files\AMD
2017-01-28 09:52 - 2015-02-05 15:20 - 00000000 ____D C:\AMD
2017-01-28 09:40 - 2015-02-05 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 09:18 - 2016-11-17 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 19:02 - 2015-09-05 07:59 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Twittermatic
2017-01-26 05:35 - 2009-07-13 23:45 - 05325328 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-26 04:39 - 2016-05-31 13:49 - 00003714 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1849667277-3262961879-3532140888-1000
2017-01-26 04:39 - 2016-05-31 13:49 - 00003618 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1849667277-3262961879-3532140888-1000
2017-01-25 19:37 - 2015-03-26 07:15 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-25 16:55 - 2015-02-05 14:12 - 00198344 _____ C:\Users\DubbSpot\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-23 21:09 - 2015-10-25 19:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-23 19:03 - 2016-12-21 13:15 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-22 20:51 - 2015-03-11 06:23 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-22 20:49 - 2015-02-05 16:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-21 22:26 - 2016-08-23 12:20 - 00000000 ____D C:\Instagram Mega Bot
2017-01-19 14:54 - 2015-02-05 14:41 - 00000000 ____D C:\ProgramData\AMD
2017-01-19 14:50 - 2015-08-04 01:25 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2017-01-16 16:40 - 2016-06-06 20:08 - 00001147 _____ C:\Users\DubbSpot\Documents\plot.log
2017-01-16 13:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2017-01-16 13:35 - 2008-05-16 18:19 - 00038400 _____ (Hewlett-Packard Corporation, Microsoft Corporation) C:\Windows\HPLTLNK.EXE
2017-01-12 05:00 - 2016-04-27 11:58 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2017-01-11 13:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-11 12:08 - 2016-04-27 10:04 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-11 12:05 - 2016-04-27 09:55 - 00000000 ____D C:\Users\DubbSpot\AppData\Local\Autodesk
2017-01-11 12:01 - 2016-04-27 09:49 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Autodesk
2017-01-11 12:01 - 2016-04-27 09:49 - 00000000 ____D C:\ProgramData\Autodesk
2017-01-11 11:46 - 2016-05-13 05:41 - 00001457 _____ C:\Users\Public\Desktop\Autodesk Desktop App.lnk
2017-01-11 11:45 - 2016-04-27 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-11 11:44 - 2016-04-27 11:58 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-01-11 11:44 - 2016-04-27 11:54 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-01-11 11:44 - 2016-04-27 09:55 - 00000000 ____D C:\Program Files\Autodesk
2017-01-11 11:23 - 2015-02-27 00:10 - 00017069 _____ C:\Windows\DirectX.log
2017-01-11 10:50 - 2015-06-25 23:34 - 00400544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp140.dll
2017-01-11 10:46 - 2016-04-27 09:43 - 00000000 ____D C:\Autodesk
2017-01-11 04:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 03:23 - 2009-07-14 00:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-11 03:05 - 2015-02-07 06:42 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:00 - 2015-02-07 06:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 14:00 - 2016-12-13 16:00 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-01-10 14:00 - 2015-02-05 18:25 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 14:00 - 2015-02-05 18:25 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 14:00 - 2015-02-05 18:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 14:00 - 2015-02-05 17:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 14:00 - 2015-02-05 16:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-09 10:42 - 2015-02-05 12:37 - 00000000 ____D C:\Users\DubbSpot
2017-01-07 21:14 - 2015-10-23 07:06 - 02946224 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkinsE111.exe
2017-01-07 21:14 - 2015-10-23 07:06 - 00388784 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkstsE111LM.dll
2017-01-07 21:14 - 2015-10-23 07:06 - 00323248 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\hpinkcoiE111.dll
2017-01-05 18:52 - 2015-07-15 07:15 - 00000000 ____D C:\Users\DubbSpot\AppData\Roaming\Apple Computer
2017-01-04 15:42 - 2015-08-20 13:28 - 00000000 ____D C:\MB Ingram Advanced Edition

==================== Files in the root of some directories =======

2015-07-08 15:35 - 2015-07-08 15:35 - 0000088 _____ () C:\Users\DubbSpot\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-08-24 15:42 - 2015-08-24 15:42 - 0000088 _____ () C:\Users\DubbSpot\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-10 12:04 - 2016-11-30 12:47 - 0000132 _____ () C:\Users\DubbSpot\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-21 14:05 - 2016-08-21 14:05 - 0456008 _____ (AutoIt Team) C:\Users\DubbSpot\AppData\Roaming\AutoItX3.dll
2016-06-23 11:51 - 2016-06-23 11:51 - 0034476 _____ () C:\Users\DubbSpot\AppData\Roaming\disable_webrtc-1.0.6.xpi
2015-07-08 15:53 - 2015-07-08 15:53 - 0000128 _____ () C:\Users\DubbSpot\AppData\Roaming\GWMC-I92M
2016-06-23 11:50 - 2016-06-23 11:51 - 18587648 _____ (PhantomJS) C:\Users\DubbSpot\AppData\Roaming\PhantomJSv211.exe
2015-07-08 15:35 - 2015-08-24 15:43 - 0000216 _____ () C:\Users\DubbSpot\AppData\Roaming\RO39-2M3Q
2015-02-17 12:36 - 2015-08-28 23:36 - 0000227 _____ () C:\Users\DubbSpot\AppData\Roaming\WB.CFG
2016-08-21 14:05 - 2016-08-21 14:05 - 0701560 _____ () C:\Users\DubbSpot\AppData\Roaming\WebDriver.FirefoxExt2531.zip
2016-03-30 14:47 - 2016-03-30 14:47 - 0005632 _____ () C:\Users\DubbSpot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 02:36 - 2015-02-19 02:36 - 0234679 _____ () C:\Users\DubbSpot\AppData\Local\dsi1.dat
2015-02-19 02:36 - 2015-02-19 02:36 - 0161916 _____ () C:\Users\DubbSpot\AppData\Local\dsi2.dat
2017-01-07 21:14 - 2017-01-07 21:14 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 22:54

==================== End of FRST.txt ============================

Solved Am I Infected?

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Similar threads