Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Opera hijacked by Smartshopping malware [Closed]

Started by janji , Oct 13 2015 07:27 AM

This topic is locked

#1
janji

Posted 13 October 2015 - 07:27 AM

Member

Member
210 posts

Hi,

been to a lot of sites recently to find a new game to play and inadvertently must have clicked on some malware.

Now everytime I want to open any link I get redirected to some spammy website or to a search page with the pink Smartshopping.com logo. Could someone please help me to get rid of it?

Malwarebites and the cluster of other security software on my computer doesn,t even seem to detect it.

I have a 64- bit OS and a x64- based processor

Windows 10 Home.

#2
janji

Posted 13 October 2015 - 07:28 AM

Member

Topic Starter
Member
210 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015

Ran by SitiM (administrator) on [bleep] (13-10-2015 14:59:57)

Running from C:\Users\SitiM\Desktop

Loaded Profiles: SitiM (Available Profiles: SitiM)

Platform: Windows 10 Home (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe

(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe

(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe

(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe

() C:\Users\SitiM\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Typing Innovation Group Ltd) C:\Program Files (x86)\TypingMaster10\kboost.exe

(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe

(J. Eric Vaughan) C:\Program Files (x86)\Stay On Top\StayOnTop.exe

(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe

(Dropbox, Inc.) C:\Users\SitiM\AppData\Roaming\Dropbox\bin\Dropbox.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe

(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe

() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe

(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe

(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe

(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.13251.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe

(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-15] (Intel Corporation)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-06] (Károly Pados)

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-10-11] ()

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-11] (AVAST Software)

HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-02-16] (QFX Software Corporation)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [110144 2013-03-06] (CyberLink)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-08-27] (Comodo Security Solutions, Inc.)

HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2163264 2015-09-01] (1und1 Mail und Media GmbH)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-10-11] (QIHU 360 SOFTWARE CO. LIMITED)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-10-12] (Oracle Corporation)

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\setstretch.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\mcpr.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\keyscrambler_setup.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\setstretch.exe <====== ATTENTION

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Amazon Music] => C:\Users\SitiM\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-03] ()

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [EDO-Soft Sticky Notes] => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe [372736 2013-05-24] (Microsoft)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-03-30] (Spotify Ltd)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Dropbox Update] => C:\Users\SitiM\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-17] (Dropbox, Inc.)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Spotify] => C:\Program Files (x86)\Spotify\spotify.exe [6737976 2015-03-30] (Spotify Ltd)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [TypingSatellite] => C:\Program Files (x86)\TypingMaster10\KBOOST.EXE [1726608 2015-09-06] (Typing Innovation Group Ltd)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1438480 2015-10-11] (Lavasoft)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-10-12] ()

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-11] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-03-09]

ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-02-24]

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-02-24]

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-08-27]

ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk [2015-03-03]

ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()

Startup: C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-20]

ShortcutTarget: Dropbox.lnk -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-11] (Lavasoft Limited)

Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-11] (Lavasoft Limited)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{817aec91-3fc7-4347-840f-83a9a719aa99}: [NameServer] 156.154.70.22,156.154.71.22

Tcpip\..\Interfaces\{817aec91-3fc7-4347-840f-83a9a719aa99}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{f309daef-eba2-4db3-b3eb-39bc10c01369}: [NameServer] 156.154.70.22,156.154.71.22

Tcpip\..\Interfaces\{f309daef-eba2-4db3-b3eb-39bc10c01369}: [DhcpNameServer] 192.13.128.24

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> {4AE39415-888F-481D-8E4F-34F72A8121C1} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> {85E35116-5896-4053-A11C-DBA69B655409} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> {98E06B57-EFE3-486C-852B-939ED572161C} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8

SearchScopes: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> {DCD0F7B3-B834-4082-A987-953D2EAB5A36} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-17] (IObit)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-11] (AVAST Software)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-24] (LastPass)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-09-21] (Qihu 360 Software Co., Ltd.)

BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-11] (AVAST Software)

BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-24] (LastPass)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-09-21] (Qihu 360 Software Co., Ltd.)

BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-02-24] (LastPass)

Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-02-24] (LastPass)

Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Toolbar: HKU\S-1-5-21-1682213809-1738160255-596039434-1001 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-07-29] (1und1 Mail und Media GmbH)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\SitiM\AppData\Roaming\Mozilla\Firefox\Profiles\nkz85dc4.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-25] ()

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-24] (LastPass)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-02-24] (LastPass)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-19]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-10-11]

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR StartupUrls: Default -> "hxxps://my.yahoo.com/#","hxxps://www.flickr.com/photos/131402087@N04/"

CHR DefaultSearchKeyword: Default -> lp

CHR Profile: C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]

CHR Extension: (Google Docs) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]

CHR Extension: (Google Drive) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]

CHR Extension: (YouTube) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]

CHR Extension: (Google Search) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]

CHR Extension: (Google Sheets) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]

CHR Extension: (Google Docs Offline) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-08-06]

CHR Extension: (AdBlock) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]

CHR Extension: (Avast Online Security) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-19]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-05]

CHR Extension: (TS1.8) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhhmlalomhpoaelhcgmaeobmbbhfnkf [2015-03-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]

CHR Extension: (Gmail) - C:\Users\SitiM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-21]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

Opera:

=======

OPR StartupUrls: "hxxps://my.yahoo.com/;_ylt=AwrSbjRFnQxV178A5w1LBQx.;_ylu=X3oDMTByaDNhc2JxBHNlYwNzcgRwb3MDMQRjb2xvA2dxMQR2dGlkAw--"],"urls_signature":"wp8MWAWPEcRMuqSzsl2iuWH6fpVeN7ZgvnMd/Gmd0uWknd2Ok+oR2fz9e1SGFphH"},"speeddial":{"bookmarks_folder_guid":"1EB4517B-FCDB-4F93-9D54-0776EBEEF436","imported_to_bookmarks":true},"spellcheck":{"dictionaries":["en-GB"

OPR Extension: (yeblon) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\albdaapmpigcomkoifjkfjbljelkemlc [2015-03-31]

OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\cjpgflbjkikhbkampgenidbmkmkkfgkb [2015-10-11]

OPR Extension: (ZenMate for Opera™) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-20]

OPR Extension: (360 Internet Protection) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2015-10-11]

OPR Extension: (getphuture) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\dpmegphonemongjfnhmohpmhnoccaikg [2015-03-30]

OPR Extension: (sarahavilov) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\eplmkgpekfffgloaipfjbpnhoebggodb [2015-03-31]

OPR Extension: (disconnectme) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2015-03-21]

OPR Extension: (LastPass) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-02-24]

OPR Extension: (flaviobayer) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\kclijeogghhkmenkommbnjobhnndpfba [2015-05-25]

OPR Extension: (sarahavilov) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\ladofaneofbefllkcghdjincjlhkmmol [2015-03-22]

OPR Extension: (Amazon for Opera) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-04-21]

OPR Extension: (videos-downloader) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpnpijldpdipnfbjpfjgopcdnjejgbda [2015-07-25]

OPR Extension: (jeremy-schomery) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlhabdnjcoggnpnnaamopkaolcggpdmi [2015-08-15]

OPR Extension: (arpitnext) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogejmjlbjlhgelcjholioljjiojamjfk [2015-10-13]

OPR Extension: (Adblock Plus) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-03-21]

OPR Extension: (philiptholus) - C:\Users\SitiM\AppData\Roaming\Opera Software\Opera Stable\Extensions\pfdafkloejmpdifkkmfimkpbpggfihce [2015-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-11] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-08-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-08-14] (Microsoft Corporation)

R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1982648 2015-10-12] (Comodo)

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-27] (Comodo Security Solutions, Inc.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)

R2 DptfParticipantDisplayService; C:\Windows\System32\DptfParticipantDisplayService.exe [141944 2014-09-15] (Intel Corporation)

R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-15] (Intel Corporation)

R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2014-09-15] (Intel Corporation)

R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2014-09-15] (Intel Corporation)

R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2014-09-15] (Intel Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)

R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-08-27] (Comodo Security Solutions, Inc.)

R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1972408 2015-10-11] ()

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-10-11] ()

R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-11] (Lavasoft Limited)

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-14] (IObit)

S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3611808 2015-09-12] (INCA Internet Co., Ltd.)

U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)

R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [858744 2015-10-11] (QIHU 360 SOFTWARE CO. LIMITED)

S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-10-11] ()

R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-06] (Károly Pados)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-21] (360.cn)

R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-21] (360.cn)

R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-21] (360.cn)

R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-21] (360.cn)

R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-21] (360.cn)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-11] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-11] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-11] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-11] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-11] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-11] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-11] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-11] (AVAST Software)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)

R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-21] (360.cn)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)

R1 cmdHlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)

S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-15] (Intel Corporation)

R3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)

S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)

S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)

R3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)

S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)

R3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)

R3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [495320 2014-09-15] (Intel Corporation)

R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-29] (COMODO)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [223696 2015-02-07] (QFX Software Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-11] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)

R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)

S3 tapwp01; C:\Windows\system32\DRIVERS\tapwp01.sys [40664 2014-10-29] (The OpenVPN Project)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-10-11] (BitDefender S.R.L.)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

S3 X6va031; \??\C:\WINDOWS\SysWOW64\Drivers\X6va031 [25816 2015-09-24] ()

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 14:59 - 2015-10-13 15:01 - 00055675 _____ C:\Users\SitiM\Desktop\FRST.txt

2015-10-13 14:59 - 2015-10-13 15:00 - 00000000 ____D C:\FRST

2015-10-13 14:57 - 2015-10-13 14:58 - 02196480 _____ (Farbar) C:\Users\SitiM\Desktop\FRST64.exe

2015-10-13 14:10 - 2015-10-13 14:10 - 00016148 _____ C:\WINDOWS\system32\HELL_SitiM_HistoryPrediction.bin

2015-10-13 09:10 - 2015-10-13 09:10 - 00000045 _____ C:\Users\SitiM\jagex_cl_runescape_LIVE1.dat

2015-10-13 09:10 - 2015-10-13 09:10 - 00000000 ____D C:\Users\SitiM\jagexcache1

2015-10-13 09:09 - 2015-10-13 09:09 - 00000000 ____D C:\Users\SitiM\.jagex_cache_32

2015-10-13 08:48 - 2015-10-13 12:35 - 00000024 _____ C:\Users\SitiM\random.dat

2015-10-13 08:48 - 2015-10-13 12:10 - 00000023 _____ C:\Users\SitiM\jagexappletviewer.preferences

2015-10-13 08:48 - 2015-10-13 09:10 - 00000044 _____ C:\Users\SitiM\jagex_cl_runescape_LIVE.dat

2015-10-13 08:48 - 2015-10-13 08:48 - 00000000 ____D C:\.jagex_cache_32

2015-10-13 08:42 - 2015-10-13 08:42 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\IceDragon

2015-10-13 08:40 - 2015-10-13 08:48 - 00000000 ____D C:\Users\SitiM\jagexcache

2015-10-13 08:40 - 2015-10-13 08:40 - 00002106 _____ C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk

2015-10-13 08:40 - 2015-10-13 08:40 - 00002076 _____ C:\Users\SitiM\Desktop\RuneScape.lnk

2015-10-13 08:40 - 2015-10-13 08:40 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape

2015-10-13 08:32 - 2015-10-13 08:32 - 00001206 _____ C:\Users\Public\Desktop\Opera.lnk

2015-10-13 08:32 - 2015-10-13 08:32 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2015-10-13 08:31 - 2015-10-13 08:32 - 00000000 ____D C:\Program Files (x86)\Opera

2015-10-13 00:29 - 2015-10-13 00:29 - 24219648 _____ C:\Users\SitiM\Downloads\RuneScape.msi

2015-10-12 20:41 - 2015-10-13 12:44 - 00000000 ____D C:\AdwCleaner

2015-10-12 18:19 - 2015-10-12 18:19 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Sun

2015-10-12 18:18 - 2015-10-12 18:18 - 00000000 ____D C:\Users\SitiM\.oracle_jre_usage

2015-10-12 18:13 - 2015-10-12 18:13 - 00000000 ____D C:\Program Files (x86)\Amazon

2015-10-12 18:05 - 2015-10-12 18:05 - 00002119 _____ C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk

2015-10-12 18:05 - 2015-10-12 18:05 - 00002089 _____ C:\Users\SitiM\Desktop\FileHippo App Manager.lnk

2015-10-12 18:05 - 2015-10-12 18:05 - 00000000 ____D C:\Program Files (x86)\FileHippo.com

2015-10-11 20:45 - 2015-10-11 20:45 - 00000000 __SHD C:\$360Section

2015-10-11 19:15 - 2015-10-12 23:46 - 00000000 ____D C:\ProgramData\360Quarant

2015-10-11 19:14 - 2015-10-11 19:14 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\360safe

2015-10-11 19:13 - 2015-10-13 14:56 - 00000000 ____D C:\Users\SitiM\AppData\LocalLow\360WD

2015-10-11 19:13 - 2015-10-12 14:58 - 00000000 _RSHD C:\360SANDBOX

2015-10-11 19:13 - 2015-10-11 19:13 - 00001224 _____ C:\Users\Public\Desktop\360 Total Security.lnk

2015-10-11 19:13 - 2015-10-11 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center

2015-10-11 19:13 - 2015-10-11 19:13 - 00000000 ____D C:\ProgramData\360TotalSecurity

2015-10-11 19:13 - 2015-10-11 19:13 - 00000000 ____D C:\ProgramData\360safe

2015-10-11 19:13 - 2015-09-21 07:29 - 00363088 _____ (360.cn) C:\WINDOWS\system32\Drivers\360fsflt.sys

2015-10-11 19:13 - 2015-09-21 07:29 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys

2015-10-11 19:13 - 2015-09-21 07:29 - 00178768 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS

2015-10-11 19:13 - 2015-09-21 07:29 - 00137296 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys

2015-10-11 19:13 - 2015-09-21 07:29 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys

2015-10-11 19:13 - 2015-09-21 07:29 - 00040520 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys

2015-10-11 19:12 - 2015-10-11 19:12 - 00000000 ____D C:\Program Files (x86)\360

2015-10-11 19:10 - 2015-10-11 19:10 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\LavasoftStatistics

2015-10-11 19:09 - 2015-10-12 16:50 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Lavasoft

2015-10-11 19:09 - 2015-10-11 20:52 - 00002912 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

2015-10-11 19:09 - 2015-10-11 20:52 - 00002912 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini

2015-10-11 19:09 - 2015-10-11 19:09 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll

2015-10-11 19:09 - 2015-10-11 19:09 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll

2015-10-11 19:09 - 2015-10-11 19:09 - 00000000 ____D C:\Users\SitiM\AppData\Local\Lavasoft

2015-10-11 19:09 - 2015-10-11 19:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft

2015-10-11 19:08 - 2015-10-12 18:00 - 00002404 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2015-10-11 19:08 - 2015-10-11 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2015-10-11 19:08 - 2015-10-11 19:08 - 00000000 ____D C:\Program Files\Lavasoft

2015-10-11 19:06 - 2015-10-11 19:09 - 00000000 ____D C:\ProgramData\Lavasoft

2015-10-11 19:06 - 2015-10-11 19:06 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

2015-10-11 18:44 - 2015-10-11 18:44 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-10-11 18:44 - 2015-10-11 18:44 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2015-10-11 17:05 - 2015-10-12 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(UK)

2015-10-11 16:28 - 2015-10-12 18:27 - 00000000 ____D C:\Users\SitiM\Downloads\Gameforge Live

2015-10-04 15:57 - 2015-10-04 16:23 - 19753395 _____ C:\Users\SitiM\Documents\smap.tmp25

2015-10-04 15:57 - 2015-10-04 16:23 - 11458995 _____ C:\Users\SitiM\Documents\smsk.tmp96

2015-10-04 03:35 - 2015-09-25 21:41 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-04 03:35 - 2015-09-25 21:41 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-03 16:37 - 2015-10-04 16:23 - 00000790 _____ C:\Users\SitiM\Desktop\Play DOMO.lnk

2015-10-03 16:37 - 2015-10-03 16:37 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suba Games

2015-10-03 16:34 - 2015-10-03 16:34 - 00000000 ____D C:\Suba Games

2015-10-03 09:47 - 2015-10-03 09:47 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-10-01 20:42 - 2015-10-01 20:42 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-10-01 20:42 - 2015-10-01 20:42 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-10-01 20:42 - 2015-10-01 20:42 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-10-01 20:42 - 2015-10-01 20:42 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-10-01 20:42 - 2015-10-01 20:42 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-10-01 20:42 - 2015-10-01 20:42 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-10-01 20:41 - 2015-10-01 20:41 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2015-10-01 20:41 - 2015-10-01 20:41 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys

2015-10-01 20:41 - 2015-10-01 20:41 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2015-10-01 20:40 - 2015-10-01 20:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2015-10-01 20:40 - 2015-10-01 20:40 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2015-10-01 20:40 - 2015-10-01 20:40 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll

2015-09-26 03:37 - 2015-09-26 03:37 - 00318920 _____ C:\WINDOWS\Minidump\092615-47265-01.dmp

2015-09-24 20:25 - 2015-09-24 20:30 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\FiestaOnline

2015-09-24 20:18 - 2015-09-24 20:18 - 00025816 _____ C:\WINDOWS\SysWOW64\Drivers\X6va031

2015-09-23 20:55 - 2015-09-24 19:16 - 00001704 _____ C:\Users\SitiM\Desktop\Fiesta Online NA.lnk

2015-09-23 20:45 - 2015-09-23 20:45 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamigo

2015-09-23 20:34 - 2015-09-23 20:34 - 00000000 ____D C:\Gamigo

2015-09-23 20:26 - 2015-10-11 20:45 - 00000000 ____D C:\Users\SitiM\Desktop\AFC

2015-09-20 21:15 - 2015-10-11 20:45 - 00000000 ___RD C:\Users\SitiM\Desktop\Downloads - Copy

2015-09-20 20:29 - 2015-09-20 20:29 - 09487718 _____ C:\Users\SitiM\Downloads\Attachments_2015920.zip

2015-09-16 20:11 - 2015-09-16 20:12 - 184374921 _____ C:\Users\SitiM\Desktop\Islam _ the Future of Tolerance _ Sam harris and Maajid Nawaz.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 15:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-10-13 15:00 - 2015-03-16 21:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-10-13 14:52 - 2015-08-09 18:25 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2015-10-13 14:52 - 2015-06-21 11:27 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001UA.job

2015-10-13 14:28 - 2015-02-19 22:57 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-13 14:14 - 2015-08-14 20:00 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Skype

2015-10-13 14:07 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-10-13 12:52 - 2015-06-21 11:27 - 00000876 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001Core.job

2015-10-13 09:10 - 2015-08-28 17:58 - 00000000 ____D C:\Users\SitiM

2015-10-13 08:28 - 2015-02-23 22:15 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_SitiM.job

2015-10-12 23:59 - 2015-08-04 00:43 - 00000000 ____D C:\Program Files (x86)\Comodo

2015-10-12 20:16 - 2015-02-23 22:15 - 00002474 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_SitiM

2015-10-12 18:18 - 2015-03-06 15:17 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

2015-10-12 18:18 - 2015-03-06 15:17 - 00000000 ____D C:\Program Files\Java

2015-10-12 18:18 - 2015-02-24 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-10-12 18:14 - 2015-03-16 20:36 - 00002069 _____ C:\Users\SitiM\Desktop\Kindle.lnk

2015-10-12 18:10 - 2015-04-01 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2015-10-12 18:10 - 2015-04-01 20:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client

2015-10-12 18:09 - 2015-08-14 19:59 - 00000000 ____D C:\ProgramData\Skype

2015-10-12 18:06 - 2015-08-09 17:03 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1

2015-10-12 18:06 - 2015-08-09 17:03 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2

2015-10-12 18:06 - 2015-02-19 21:38 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E561D4A-8F2F-40F6-9FFB-EE345C6035C0}

2015-10-12 18:05 - 2015-02-20 04:26 - 00000000 ___RD C:\Users\SitiM\Dropbox

2015-10-12 18:05 - 2015-02-20 04:18 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Dropbox

2015-10-12 18:04 - 2015-02-19 23:07 - 00000000 ____D C:\Program Files (x86)\TinyWall

2015-10-12 18:04 - 2015-02-19 21:21 - 00000074 _____ C:\Users\SitiM\AppData\Roaming\sp_data.sys

2015-10-12 18:03 - 2015-02-19 22:57 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-10-12 18:00 - 2015-02-19 22:57 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-12 17:58 - 2015-08-28 17:54 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-10-12 17:56 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-12 17:55 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-10-12 14:44 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration

2015-10-11 22:06 - 2015-08-28 17:48 - 00136574 _____ C:\WINDOWS\PFRO.log

2015-10-11 20:47 - 2015-03-27 17:06 - 00000000 ___RD C:\Users\SitiM\Desktop\isNaNPics

2015-10-11 20:47 - 2015-03-25 22:01 - 00000000 ___RD C:\Users\SitiM\Desktop\LaguMelayu

2015-10-11 20:47 - 2015-03-13 22:22 - 00000000 ___RD C:\Users\SitiM\Desktop\Screenshots

2015-10-11 20:47 - 2015-03-05 19:13 - 00000000 ___RD C:\Users\SitiM\Desktop\synne

2015-10-11 20:45 - 2015-08-27 10:10 - 00000000 ___RD C:\Users\SitiM\Desktop\internetPics

2015-10-11 20:45 - 2015-08-26 18:31 - 00000000 ____D C:\Users\SitiM\Desktop\Ausstellung

2015-10-11 20:45 - 2015-04-21 19:33 - 00000000 ___RD C:\Users\SitiM\Desktop\Family

2015-10-11 20:45 - 2015-04-21 19:31 - 00000000 ___RD C:\Users\SitiM\Desktop\Friends

2015-10-11 19:08 - 2015-01-22 17:16 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\Trufos.sys

2015-10-11 18:58 - 2015-08-28 19:36 - 00789316 _____ C:\WINDOWS\system32\perfh007.dat

2015-10-11 18:58 - 2015-08-28 19:36 - 00163816 _____ C:\WINDOWS\system32\perfc007.dat

2015-10-11 18:58 - 2015-08-28 18:13 - 01792898 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-11 18:44 - 2015-02-19 22:57 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-10-11 18:44 - 2015-02-19 22:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-10-11 18:43 - 2015-02-24 19:45 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-10-11 17:33 - 2015-03-30 14:15 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\Spotify

2015-10-11 17:09 - 2015-02-19 22:57 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-11 16:37 - 2015-08-04 00:43 - 00001137 _____ C:\Users\Public\Desktop\Comodo IceDragon.lnk

2015-10-11 15:42 - 2015-02-20 04:26 - 00001262 _____ C:\Users\SitiM\Desktop\Dropbox.lnk

2015-10-11 12:38 - 2015-03-30 14:15 - 00000000 ____D C:\Users\SitiM\AppData\Local\Spotify

2015-10-10 20:28 - 2015-02-23 22:15 - 00000000 ____D C:\ProgramData\ProductData

2015-10-07 14:43 - 2015-09-06 17:53 - 00000000 ____D C:\Users\SitiM\AppData\Roaming\TypingMaster10

2015-10-06 20:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache

2015-10-04 19:22 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-10-04 16:05 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning

2015-10-04 03:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas

2015-10-04 02:46 - 2015-08-13 15:19 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job

2015-10-03 11:59 - 2015-07-10 14:20 - 00023777 _____ C:\WINDOWS\setupact.log

2015-10-02 18:11 - 2015-02-19 21:19 - 00000000 ____D C:\Users\SitiM\AppData\Local\Packages

2015-10-02 18:10 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-01 20:03 - 2015-02-22 03:59 - 00003922 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424570340

2015-09-28 20:59 - 2015-08-27 10:11 - 00000000 ___RD C:\Users\SitiM\Desktop\musicVids

2015-09-28 19:35 - 2015-02-25 21:52 - 00000293 _____ C:\Users\SitiM\AppData\Roaming\FotoSketcher.ini

2015-09-26 20:45 - 2015-09-07 18:25 - 00000000 ____D C:\Lager

2015-09-26 20:44 - 2014-08-18 14:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-09-26 19:02 - 2015-09-11 22:47 - 00000000 ____D C:\Users\SitiM\AppData\Local\Sage Fusion

2015-09-26 03:37 - 2015-08-29 19:19 - 00000000 ____D C:\WINDOWS\Minidump

2015-09-26 03:36 - 2015-08-29 19:19 - 937263964 _____ C:\WINDOWS\MEMORY.DMP

2015-09-25 19:00 - 2015-08-13 15:19 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2015-09-25 18:00 - 2015-03-16 21:23 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-09-24 20:15 - 2015-08-28 18:57 - 00002372 _____ C:\Users\SitiM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-09-24 20:15 - 2015-02-20 20:59 - 00000000 ___RD C:\Users\SitiM\OneDrive

2015-09-20 18:04 - 2015-02-19 22:57 - 00000000 ____D C:\Users\SitiM\AppData\Local\Google

2015-09-18 16:23 - 2015-02-19 22:57 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-18 16:23 - 2015-02-19 22:57 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-09-15 03:58 - 2015-02-20 18:51 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-09-15 03:37 - 2015-07-10 14:20 - 00226072 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-09-15 03:35 - 2015-07-10 18:29 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-02-24 14:04 - 2015-02-24 14:04 - 14190648 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe

2015-02-25 21:52 - 2015-09-28 19:35 - 0000293 _____ () C:\Users\SitiM\AppData\Roaming\FotoSketcher.ini

2015-09-02 16:42 - 2015-09-02 17:09 - 0001630 _____ () C:\Users\SitiM\AppData\Roaming\Master Key History

2015-09-02 16:42 - 2015-09-02 16:47 - 0000459 _____ () C:\Users\SitiM\AppData\Roaming\Master Key Preferences

2015-09-02 16:42 - 2015-09-02 17:09 - 0000261 _____ () C:\Users\SitiM\AppData\Roaming\Master Key User Options

2015-02-19 21:21 - 2015-10-12 18:04 - 0000074 _____ () C:\Users\SitiM\AppData\Roaming\sp_data.sys

2015-04-23 15:06 - 2015-04-23 15:06 - 0000017 _____ () C:\Users\SitiM\AppData\Local\resmon.resmoncfg

2015-08-28 17:55 - 2015-08-28 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2015-03-19 21:16 - 2015-03-19 21:24 - 48552712 _____ (JonDos GmbH) C:\ProgramData\JonDoFox.paf.exe

2014-05-15 17:58 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

2014-05-15 17:58 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

2014-05-15 17:58 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

2015-03-25 22:44 - 2013-01-07 12:04 - 0000037 _____ () C:\ProgramData\ttrainer8.data

2015-02-23 23:21 - 2015-02-23 23:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2015-02-23 23:21 - 2015-02-23 23:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:

====================

C:\ProgramData\JonDoFox.paf.exe

C:\ProgramData\SetStretch.VBS

C:\Users\SitiM\KeyScrambler_Setup.exe

C:\Users\SitiM\MCPR.exe

Some files in TEMP:

====================

C:\Users\SitiM\AppData\Local\Temp\42b326cf-f136-42ff-8a12-527dfcf971b8.exe

C:\Users\SitiM\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn2n34n.dll

C:\Users\SitiM\AppData\Local\Temp\NGMDll.dll

C:\Users\SitiM\AppData\Local\Temp\NGMResource.dll

C:\Users\SitiM\AppData\Local\Temp\unicows.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-06 19:02

==================== End of FRST.txt ============================

#3
janji

Posted 13 October 2015 - 07:29 AM

Member

Topic Starter
Member
210 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015

Ran by SitiM (2015-10-13 15:02:08)

Running from C:\Users\SitiM\Desktop

Windows 10 Home (X64) (2015-08-28 16:46:08)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1682213809-1738160255-596039434-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1682213809-1738160255-596039434-503 - Limited - Disabled)

Guest (S-1-5-21-1682213809-1738160255-596039434-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1682213809-1738160255-596039434-1003 - Limited - Enabled)

SitiM (S-1-5-21-1682213809-1738160255-596039434-1001 - Administrator - Enabled) => C:\Users\SitiM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}

AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}

AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.2.0.1021 - 360 Security Center)

Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)

AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden

AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)

Amazon Music (HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)

AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)

ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)

Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.10.0 - Canon Inc.)

Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.10.0 - Canon Inc.)

Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.1.0.18 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)

Chromodo (HKLM-x32\...\Chromodo) (Version: 45.6.11.383 - Comodo)

Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 40.1.1.18 - COMODO)

COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)

CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0.0.8517 - CyberLink Corp.)

Dream of Mirror Online (HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\{305734a7-c0c2-43cb-b1bf-d6e344958038}}_is1) (Version: - Suba Games)

Dropbox (HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)

Easy Watermark Studio Lite version 3.5 (HKLM-x32\...\{964901C7-A5A4-4262-A435-04FF0CB5EF64}_is1) (Version: 3.5 - Refero Group SRL)

ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)

Evernote Sticky Notes (HKLM-x32\...\{744C0F1A-C433-43F2-B95C-E0885D040543}) (Version: 1.5.5 - Evernote Sticky Notes)

FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)

Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.02.031 - Gamigo games)

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)

FotoSketcher 3.00 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version: - David THOIRON)

Free MP4 MP3 Converter 3.0.1 (HKLM-x32\...\Free MP4 MP3 Converter) (Version: 3.0.1 - ZISUN Freeware)

Game Explorer Categories - casual (x32 Version: 3.2.0.6 - WildTangent, Inc.) Hidden

Game Explorer Categories - enthusiast (x32 Version: 3.2.0.6 - WildTangent, Inc.) Hidden

Game Explorer Categories - family (x32 Version: 3.2.0.6 - WildTangent, Inc.) Hidden

Game Explorer Categories - kids (x32 Version: 3.2.0.6 - WildTangent, Inc.) Hidden

Game Explorer Categories - touch (x32 Version: 3.2.0.6 - WildTangent, Inc.) Hidden

GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)

GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.4.0 - 1&1 Mail & Media GmbH)

GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.8 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.168 - IObit)

Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)

Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)

JonDo (HKLM-x32\...\JonDoUninstall) (Version: - )

KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Master Key 5.4.8 (HKLM-x32\...\Master Key_is1) (Version: - MacinMind Software, Inc.)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)

NVIDIA Graphics Driver 332.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.85 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)

paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)

Paranormal BETA_5 (HKLM-x32\...\Paranormal) (Version: BETA_5 - Matt Cohen)

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

RapidTyping 5 (HKLM-x32\...\RapidTyping5) (Version: 5.0.100 - RapidTyping Software)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)

RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)

Sage Fusion version 1.0 (HKLM-x32\...\{30101EA7-FF3F-47F7-8EBC-24613164204D}_is1) (Version: 1.0 - Kidalang)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)

SpongeBob Typing (x32 Version: 2.2.0.98 - WildTangent) Hidden

Spotify (HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Stay On Top (HKLM-x32\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )

Super Mario Forever 2015 (HKLM-x32\...\Super Mario Forever 2015) (Version: - )

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab Detection (HKLM-x32\...\{5FE7DFFD-76C1-4C6F-A655-5744A6AE47DC}) (Version: 6.1.6.0 - Husdawg, LLC)

TinyWall (HKLM-x32\...\{284938D1-2280-40F4-81AE-C4815BC09080}) (Version: 2.1.6.0 - Károly Pados)

TypeFaster Typing Tutor (HKLM-x32\...\TypeFaster) (Version: - )

Typing Master 10 (HKLM-x32\...\{19B5F18A-1638-4037-AD44-CF7D0EEAB875}_is1) (Version: 10.00 - Typing Innovation Group Ltd)

Typing Trainer 8.0 (HKLM-x32\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version: - Typing Innovation Group Ltd)

UniDream PowerBatch (HKLM-x32\...\UniDream PowerBatch_is1) (Version: UniDream PowerBatch - UniDream Marketing Technologies Inc.)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Villagers and Heroes (HKLM-x32\...\{48BD847E-18C0-439C-822B-39E544DCEFF0}_is1) (Version: 35289 - Mad Otter Games / Neonga)

Web Companion (HKLM-x32\...\{85b97fc8-444e-46fc-b7d1-638a4818fbfd}) (Version: 2.1.1133.2333 - Lavasoft)

WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden

Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1682213809-1738160255-596039434-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\SitiM\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-09-2015 21:38:46 Windows Update

02-10-2015 18:05:39 Windows Modules Installer

11-10-2015 18:42:46 avast! antivirus system restore point

12-10-2015 14:30:54 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EEA8DC1-5CF5-4A7A-85FD-A82A81D2FA76} - System32\Tasks\Opera scheduled Autoupdate 1424570340 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-13] (Opera Software)

Task: {1CFC102C-358E-4DD2-8963-595ECFE34A09} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)

Task: {1F1FE40C-1BCD-4C38-8E56-080C6FA976DA} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)

Task: {29DFA3A9-9F75-412C-9330-DE3A399F096B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-11] (AVAST Software)

Task: {2A2830CB-11F4-4383-951B-9E2B40C4DFFC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

Task: {2A2BBCD7-1190-4CCD-A91D-4814B800AA58} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)

Task: {2AECE53C-7DD1-4628-9DC8-5933CE48A4AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {2C3479FD-2860-4B3C-9981-0AE91D51D523} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)

Task: {2C9A267C-0D61-4AC5-BC46-1D26F7654672} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {2E0BF2B9-A8E5-4842-896E-F829E2501EB6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)

Task: {2E579DE5-478C-4786-B63F-5BD8C251E22B} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)

Task: {304BBD09-F699-4648-AC70-CF193B9CA526} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {39FE1753-6DD8-410C-BFF4-0C9FC5F0D816} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {3C314EA1-959C-490F-ABDE-44A73B9BA01E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()

Task: {3D89D1DE-AA92-4E94-ACAD-411E2C82C673} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)

Task: {45A44E4A-5096-42FF-917D-E5219486A187} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {45B06DF4-AFDF-41E5-AB3B-7629FF015CA1} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] ()

Task: {4C259996-C3E5-46F0-8968-8C7ACA92ADD9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {4F36B4D0-3810-4922-BF7F-B60701ABA425} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-25] (Adobe Systems Incorporated)

Task: {541FEF43-3938-4E4F-BD05-21E3B5FEEEBD} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)

Task: {593319A8-B975-4355-8A66-E8F1A3E6276C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)

Task: {5A7CCAE6-861E-4BC2-942B-9585D445CD8D} - System32\Tasks\Amazon Music Helper => C:\Users\SitiM\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-03-03] ()

Task: {5CB6C629-F7FA-496E-9F82-372A6E609A8E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)

Task: {5CEBBF0B-AC1D-424B-AAA1-F75B6A8A13A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {5EEA8E32-534F-47BF-87B3-EFBCC638C855} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-09-01] (1&1 Mail & Media GmbH)

Task: {5EFFD67B-674D-4032-A846-10D72CF9B6EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {642F513D-4CDF-4554-9251-3D9D1784350A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001Core => C:\Users\SitiM\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-17] (Dropbox, Inc.)

Task: {6FFFB4AF-DF2C-4DB4-82AE-7BA5BA1037D0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-25] (Adobe Systems Incorporated)

Task: {7C3FA874-7E5A-47E2-A1C7-976BD2B63C99} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001UA => C:\Users\SitiM\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-17] (Dropbox, Inc.)

Task: {8C0D9B01-4390-427A-B013-3B29C6029805} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {8D0BB367-4082-4522-92A1-3269ECDA9053} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)

Task: {9191FD7F-35FD-4F4E-B530-F352EF69B791} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)

Task: {9A1AFAC7-328A-428B-A9AF-BA71499B1971} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)

Task: {ACF858CE-822B-494C-9D23-C3511BB23E50} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {ADC91635-1057-4301-9CCA-7AA74372EEC6} - System32\Tasks\Uninstaller_SkipUac_SitiM => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-17] (IObit)

Task: {AE3D1AD4-B5F4-46BF-BEC8-E3343C9642B0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {D6A77D48-1A54-4BF3-B666-32895D551193} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {D6F246F4-0D3B-45A7-8AE3-0846CDD99E82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {DCE22064-16A5-47D2-B76B-CF4B8B24C236} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)

Task: {DE2BCBA0-EF0D-4FBF-BE73-FD14D725F174} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {E9DFB4A5-7892-45F6-BF35-DE99C2AEAB6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {FA7E97C2-B222-4896-A9E5-24229DACC25D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001Core.job => C:\Users\SitiM\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1682213809-1738160255-596039434-1001UA.job => C:\Users\SitiM\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_SitiM.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-28 19:42 - 2015-08-28 19:42 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2015-08-28 17:55 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-08-28 21:04 - 2015-08-28 21:04 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2015-10-05 16:17 - 2015-10-11 16:37 - 01972408 _____ () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe

2015-08-27 15:54 - 2015-10-11 19:08 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe

2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll

2015-08-27 15:56 - 2015-10-11 19:08 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll

2015-08-27 15:57 - 2015-10-11 19:08 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll

2015-08-27 15:56 - 2015-10-11 19:08 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll

2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2014-02-11 18:08 - 2014-02-11 18:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll

2014-02-11 18:08 - 2014-02-11 18:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll

2015-10-11 19:13 - 2015-09-21 07:29 - 00613968 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll

2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe

2015-10-01 20:41 - 2015-10-01 20:41 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll

2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-10-01 20:41 - 2015-10-01 20:41 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-08-27 15:57 - 2015-10-11 19:08 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe

2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll

2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll

2015-03-01 05:02 - 2015-03-03 00:44 - 05886272 _____ () C:\Users\SitiM\AppData\Local\Amazon Music\Amazon Music Helper.exe

2015-08-13 14:34 - 2015-08-13 14:34 - 02875584 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 01283776 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 10451648 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 00039104 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll

2015-08-13 14:34 - 2015-08-13 14:34 - 01529024 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll

2015-10-11 19:13 - 2015-10-11 19:12 - 01032312 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

2015-09-02 13:00 - 2015-10-12 18:05 - 10566352 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe

2015-10-03 15:41 - 2015-10-03 15:41 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2015-10-03 15:41 - 2015-10-03 15:41 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

2015-09-16 14:15 - 2015-09-16 14:15 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

2015-10-11 17:06 - 2015-10-08 12:56 - 01982792 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.8\libglesv2.dll

2015-10-11 17:05 - 2015-10-08 12:56 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.8\libegl.dll

2015-10-11 19:13 - 2015-09-21 07:29 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll

2015-10-11 18:44 - 2015-10-11 18:44 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-10-11 18:44 - 2015-10-11 18:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-10-12 14:12 - 2015-10-12 14:12 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101200\algo.dll

2015-10-13 00:02 - 2015-10-13 00:02 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101202\algo.dll

2015-02-23 22:15 - 2015-02-23 22:15 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll

2013-10-08 21:41 - 2013-10-08 21:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll

2013-09-09 19:23 - 2013-09-09 19:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll

2015-08-17 12:39 - 2015-08-08 17:42 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl

2015-08-17 12:39 - 2015-08-08 17:42 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl

2015-08-17 12:39 - 2015-08-08 17:42 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

2015-10-11 19:09 - 2015-10-11 19:09 - 00097040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

2015-10-11 19:09 - 2015-10-11 19:09 - 00256272 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

2015-10-11 19:09 - 2015-10-11 19:09 - 00049424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll

2015-10-11 19:09 - 2015-10-11 19:09 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll

2015-10-02 18:46 - 2015-10-02 01:07 - 00166416 _____ () C:\Users\SitiM\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll

2015-10-12 18:03 - 2015-10-12 18:03 - 00071168 _____ () c:\users\sitim\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn2n34n.dll

2015-10-03 09:47 - 2015-09-24 01:07 - 00012800 _____ () C:\Users\SitiM\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-10-03 09:47 - 2015-09-24 01:07 - 00779776 _____ () C:\Users\SitiM\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-10-03 09:47 - 2015-09-24 01:07 - 00056320 _____ () C:\Users\SitiM\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-10-03 09:47 - 2015-09-24 01:07 - 00012288 _____ () C:\Users\SitiM\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2014-08-18 14:26 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

2015-10-11 18:44 - 2015-10-11 18:44 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-03-06 17:37 - 2013-03-06 17:37 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2015-10-11 19:13 - 2015-09-21 07:29 - 00559224 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll

2015-10-13 08:32 - 2015-09-25 09:11 - 59639416 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\opera.dll

2015-09-16 14:15 - 2015-09-16 14:15 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2015-10-13 08:32 - 2015-09-25 09:10 - 01881208 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\libglesv2.dll

2015-10-13 08:32 - 2015-09-25 09:10 - 00081528 _____ () C:\Program Files (x86)\Opera\32.0.1948.69\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CallHistoryClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\configmanager2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\coredpus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmcsps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationCrowdsource.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationGeofences.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationPeCell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationPeIP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationPeWiFi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationWebproxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LocationWiFiAdapter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdmmigrator.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MessagingDataModel2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ngckeyenum.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\omadmapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\omadmclient.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PhoneCallHistoryApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syncmlhook.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\syncutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserDataAccountApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.Speech.Pal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.PicturePassword.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CallHistoryClient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GameMon.des:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MessagingDataModel2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\buttonconverter.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\inspect.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpiowin32.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Trufos.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\Wdf01000.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\OneDrive:ms-properties

AlternateDataStreams: C:\Users\SitiM\Desktop\FRST64.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Desktop\FRST64.exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Desktop\Islam _ the Future of Tolerance _ Sam harris and Maajid Nawaz.mp4:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Desktop\Islam _ the Future of Tolerance _ Sam harris and Maajid Nawaz.mp4:com.dropbox.attributes

AlternateDataStreams: C:\Users\SitiM\Desktop\Neil Young-Helpless.mp3:com.dropbox.attributes

AlternateDataStreams: C:\Users\SitiM\Downloads\21381045368_33682166a4_z.jpg:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Attachments_2015920.zip:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection (1).msi:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection (1).msi:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection (2).msi:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection (2).msi:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection.msi:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\Detection.msi:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\FileZilla_3.13.1_win64-setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup (1).exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup (1).exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup (2).exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup (2).exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\GMX_Toolbar_IE_Setup.exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Intel Driver Update Utility Installer (2).exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\Intel Driver Update Utility Installer (2).exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\ManualPatcherv165 (1).exe.xje1nof.partial:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\ManualPatcherv165.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\ManualPatcherv165.exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\NASASpacescapes.themepack:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\NASASpacescapes.themepack:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\NexonLauncherSetup.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\NexonLauncherSetup.exe:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\RuneScape.msi:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\SleepyKittens.themepack:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\SleepyKittens.themepack:$CmdZnID

AlternateDataStreams: C:\Users\SitiM\Downloads\TypingMaster10Installer.exe:$CmdTcID

AlternateDataStreams: C:\Users\SitiM\Downloads\TypingMaster10Installer.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SitiM\Desktop\Downloads\discworld (1).jpg

DNS Servers: 156.154.70.22 - 156.154.71.22

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-1682213809-1738160255-596039434-1001\...\StartupApproved\Run: => "EDO-Soft Sticky Notes"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-Out-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-Out-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-In-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe

FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe

FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe

FirewallRules: [{50F272D6-51F9-4DF7-A3E8-60D33451F9E4}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

FirewallRules: [{E191422C-EA9C-4F0A-A350-D704BE007F7A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

FirewallRules: [{E2F64D1E-7147-44A9-959E-66115DD06555}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/13/2015 03:04:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:04:41Z. Error Code: 0x80070005.

Error: (10/13/2015 03:04:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:04:11Z. Error Code: 0x80070005.

Error: (10/13/2015 03:04:00 PM) (Source: ESENT) (EventID: 474) (User: )

Description: svchost (2200) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 16293888 (0x0000000000f8a000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [ab6870495dd54cef] and the computed checksum was [00000f8930790813]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (10/13/2015 03:04:00 PM) (Source: ESENT) (EventID: 474) (User: )

Description: svchost (2200) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 16322560 (0x0000000000f91000) (database page svchost0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [5d475d47d35809d7] and the computed checksum was [5d475d47d3580bf7]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (10/13/2015 03:03:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:03:41Z. Error Code: 0x80070005.

Error: (10/13/2015 03:03:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:03:11Z. Error Code: 0x80070005.

Error: (10/13/2015 03:03:00 PM) (Source: ESENT) (EventID: 474) (User: )

Error: (10/13/2015 03:02:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:02:40Z. Error Code: 0x80070005.

Error: (10/13/2015 03:02:10 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-09-19T13:02:10Z. Error Code: 0x80070005.

System errors:

=============

Error: (10/13/2015 09:23:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/13/2015 09:23:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Error: (10/13/2015 08:18:14 AM) (Source: DCOM) (EventID: 10001) (User: [bleep])

Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXwmnqm0nvq2b90pwvr42qmtdjp7cj3w82.mca31App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mcaUnavailableUnavailable

Error: (10/12/2015 06:02:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Delivery Optimization service did not respond on starting.

Error: (10/12/2015 05:58:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

%%1053

Error: (10/12/2015 05:58:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (10/12/2015 05:57:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The TinyWall Service service failed to start due to the following error:

%%1053

Error: (10/12/2015 05:57:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the TinyWall Service service to connect.

Error: (10/12/2015 05:57:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IE Search Set service failed to start due to the following error:

%%1053

Error: (10/12/2015 05:57:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.

CodeIntegrity:

===================================

Date: 2015-10-13 12:51:07.675

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-13 08:35:42.789

Date: 2015-10-12 23:25:18.831

Date: 2015-10-12 22:44:04.294

Date: 2015-10-12 22:28:20.394

Date: 2015-10-12 22:11:48.563

Date: 2015-10-12 21:55:35.576

Date: 2015-10-12 21:45:07.227

Date: 2015-10-12 21:25:02.491

Date: 2015-10-12 19:58:56.779

==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz

Percentage of memory in use: 74%

Total physical RAM: 8075.27 MB

Available physical RAM: 2044.88 MB

Total Virtual: 11312.85 MB

Available Virtual: 3358.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:189.97 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:536.97 GB) NTFS

Drive e: (musicCompaq) (CDROM) (Total:0.39 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 738B328B)

Partition: GPT.

==================== End of Addition.txt ============================

#4
Essexboy

Posted 13 October 2015 - 11:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi, first things first you have FOUR antivirus programmes and TWO firewalls installed. This is the one time where more is not better, you should only use one at a time.. Which one will it be ? The remainder will need to be uninstalled

360 Total Security
Ad-Aware Antivirus
Avast Free Antivirus
COMODO Internet Security Premium
TinyWall

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Task: {2AECE53C-7DD1-4628-9DC8-5933CE48A4AE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39FE1753-6DD8-410C-BFF4-0C9FC5F0D816} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {45A44E4A-5096-42FF-917D-E5219486A187} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C0D9B01-4390-427A-B013-3B29C6029805} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ACF858CE-822B-494C-9D23-C3511BB23E50} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AE3D1AD4-B5F4-46BF-BEC8-E3343C9642B0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D6A77D48-1A54-4BF3-B666-32895D551193} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D6F246F4-0D3B-45A7-8AE3-0846CDD99E82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DE2BCBA0-EF0D-4FBF-BE73-FD14D725F174} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E9DFB4A5-7892-45F6-BF35-DE99C2AEAB6B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#5
janji

Posted 14 October 2015 - 12:43 PM

Member

Topic Starter
Member
210 posts

Hi essexboy,

I've uninstalled them all except Tiny Wall and Avast which I was told by someone on this forum don't interfere with each other. I was worried about something the other day and tried to see if one of the security programs could fix it, planning to get rid of them again. - Ad aware doesn't let itself uninstall properly.

Chrome is installed on purpose to help me with my website, do you want me to run the fix still as it is?

Thanks for your time

#6
Essexboy

Posted 14 October 2015 - 01:32 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes run the fix as is and then once done run a fresh FRST scan for me so that I can see what remains

#7
janji

Posted 14 October 2015 - 02:13 PM

Member

Topic Starter
Member
210 posts

Hi, I've uninstalled some games earlier on too btw, not going to change anything any more now

here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015

Ran by SitiM (2015-10-14 21:51:46) Run:1

Running from C:\Users\SitiM\Desktop

Loaded Profiles: SitiM (Available Profiles: SitiM)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint: