TechSpot

PUP programs found

By mom26gr8kids
Jan 8, 2016
  1. During my routine SAS scan this week it found two PUP files. Avast came up clean. SAS did not remove the files.
    The computer is also not responding normally. When I click on the Windows Icon nothing happens, so I cannot access the start menu or power off the computer. And the Cortana search bar isn't working, which I only use to find some of my programs, but now I cannot access some of those programs. And every time I minimize a window I can't find it again, which may be due to the unwanted programs, or maybe some default setting was reset on my computer. I upgraded to Windows 10 a few weeks ago, but these programs are on a desktop PC that we don't use very often. Here is the description of the programs from the SAS scan. Other scans will be posted today, just be patient as sometimes I have to actually reopen the program to find the log since it minimizes the text files when I open other windows.

    PUP.DownloadAdmin/Variant
    C:\USERS\HOME\DOWNLOADS\DOROPDFWRITER-SETUP.EXE

    PUP.InstallCore/Variant
    C:\USERS\HOME\DOWNLOADS\PDFCREATORSETUP.EXE
     
  2. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Frst log

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
    Ran by Home (administrator) on DAD (08-01-2016 11:51:37)
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    () C:\Windows\jmesoft\Service.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
    HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
    HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
    HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-10] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-30] (Google)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-27] (AVAST Software)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0a383852-6720-452e-946a-f401b09f8563}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{178a4648-72b6-4db3-a9e9-eea62875d728}: [DhcpNameServer] 192.168.0.1 205.171.2.25

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1634595136-4235292695-661162807-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-12] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
    FF Extension: WOT - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-22]
    FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-04-03] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.google.com/
    CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=agc511"
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
    CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
    CHR HKU\S-1-5-21-1634595136-4235292695-661162807-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-10] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-27] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-04] (COMODO)
    S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237864 2015-03-02] (EasyAntiCheat Ltd)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-21] (Malwarebytes Corporation)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-27] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-27] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-27] (AVAST Software)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
    R1 cmdHlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
    R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-21] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-06-22] (Intel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-08 11:51 - 2016-01-08 11:52 - 00018824 _____ C:\Users\Home\Downloads\FRST.txt
    2016-01-08 11:51 - 2016-01-08 11:51 - 00000000 ____D C:\FRST
    2016-01-08 11:49 - 2016-01-08 11:51 - 02370560 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun
    2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
    2016-01-07 22:17 - 2016-01-07 22:17 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Oracle
    2015-12-28 17:58 - 2015-12-28 17:58 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf
    2015-12-28 17:50 - 2015-12-28 17:50 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2.pdf
    2015-12-24 15:48 - 2016-01-07 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-21 10:37 - 2015-12-21 10:39 - 01134660 _____ C:\WINDOWS\Minidump\122115-15875-01.dmp
    2015-12-21 10:37 - 2015-12-21 10:37 - 00000000 ____D C:\WINDOWS\Minidump
    2015-12-18 09:40 - 2015-12-18 09:40 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-18 09:39 - 2015-12-18 09:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2015-12-18 09:39 - 2015-12-18 09:39 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2015-12-18 09:39 - 2015-12-18 09:39 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2015-12-14 10:14 - 2015-12-14 10:14 - 00021870 _____ C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf
    2015-12-12 18:19 - 2015-12-13 07:34 - 00000000 ____D C:\Users\Home\AppData\Local\MicrosoftEdge
    2015-12-11 17:29 - 2015-12-11 17:29 - 00009832 _____ C:\Users\Home\Downloads\Oct-Nov 2015.csv
    2015-12-11 15:16 - 2015-12-11 15:16 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-09 09:31 - 2015-12-01 00:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2015-12-09 09:31 - 2015-11-24 05:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-12-09 09:31 - 2015-11-24 04:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-12-09 09:31 - 2015-11-24 03:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2015-12-09 09:31 - 2015-11-24 03:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-12-09 09:31 - 2015-11-24 02:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2015-12-09 09:31 - 2015-11-24 02:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-09 09:31 - 2015-11-24 02:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2015-12-09 09:31 - 2015-11-24 02:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2015-12-09 09:31 - 2015-11-24 02:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2015-12-09 09:31 - 2015-11-24 02:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2015-12-09 09:31 - 2015-11-24 02:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2015-12-09 09:31 - 2015-11-24 01:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-12-09 09:31 - 2015-11-24 01:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-09 09:31 - 2015-11-24 01:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2015-12-09 09:31 - 2015-11-24 01:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-12-09 09:31 - 2015-11-24 01:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2015-12-09 09:31 - 2015-11-24 01:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2015-12-09 09:31 - 2015-11-24 01:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-12-09 09:31 - 2015-11-24 00:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-12-09 09:31 - 2015-11-24 00:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2015-12-09 09:31 - 2015-11-24 00:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-09 09:31 - 2015-11-24 00:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-12-09 09:31 - 2015-11-24 00:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-09 09:31 - 2015-11-24 00:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-12-09 09:31 - 2015-11-24 00:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-12-09 09:31 - 2015-11-24 00:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-08 11:51 - 2015-10-29 23:28 - 00000000 ____D C:\Windows
    2016-01-08 11:50 - 2014-04-29 22:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-08 11:43 - 2015-12-07 15:05 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
    2016-01-08 11:43 - 2015-04-08 10:33 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BE98CCC-6E74-4604-A97E-D5BE555F42A5}
    2016-01-08 11:43 - 2014-04-29 22:03 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-07 22:25 - 2014-07-16 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-07 22:19 - 2015-12-07 12:55 - 00000000 ____D C:\Users\Home
    2016-01-07 22:19 - 2014-04-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-07 22:18 - 2015-04-03 20:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-01-07 22:17 - 2014-06-14 23:02 - 00000000 ____D C:\Program Files (x86)\Java
    2016-01-07 22:03 - 2015-07-08 08:52 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job
    2016-01-07 17:38 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-07 16:03 - 2015-07-08 08:52 - 00000870 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job
    2016-01-07 15:44 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 15:44 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-06 19:05 - 2013-12-21 19:30 - 00000000 ____D C:\ProgramData\Temp
    2016-01-05 15:17 - 2013-12-21 19:41 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2015-12-29 09:32 - 2014-06-02 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-12-28 18:25 - 2015-12-07 13:15 - 00881994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-12-28 18:25 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
    2015-12-28 17:53 - 2014-05-08 07:57 - 00000000 ____D C:\Users\Home\Desktop\Full Quiver Contracting
    2015-12-27 14:10 - 2015-10-30 00:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-12-27 14:10 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-21 10:44 - 2014-09-24 20:42 - 00000000 ___RD C:\Users\Home\Google Drive
    2015-12-21 10:44 - 2014-04-30 11:08 - 00000000 ___RD C:\Users\Home\Dropbox
    2015-12-21 10:44 - 2014-04-30 07:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
    2015-12-21 10:41 - 2015-12-07 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2015-12-21 10:40 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-21 10:37 - 2014-05-24 08:25 - 849869029 _____ C:\WINDOWS\MEMORY.DMP
    2015-12-17 08:55 - 2014-04-29 22:15 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-17 08:20 - 2014-04-29 21:01 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
    2015-12-12 03:37 - 2015-12-07 12:49 - 00289720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-12 03:36 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-11 03:30 - 2015-12-07 15:22 - 00002405 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-11 03:30 - 2015-12-07 15:22 - 00000000 ___RD C:\Users\Home\OneDrive
    2015-12-09 13:03 - 2014-04-30 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-12-09 12:59 - 2014-05-03 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-09 12:54 - 2014-04-30 01:17 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-09 09:47 - 2014-04-30 01:17 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-29 09:46

    ==================== End of FRST.txt ============================
     
  3. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
    Ran by Home (2016-01-08 11:53:14)
    Running from C:\Users\Home\Downloads
    Windows 10 Home (X64) (2015-12-07 22:04:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1634595136-4235292695-661162807-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1634595136-4235292695-661162807-503 - Limited - Disabled)
    Guest (S-1-5-21-1634595136-4235292695-661162807-501 - Limited - Disabled)
    Home (S-1-5-21-1634595136-4235292695-661162807-1001 - Administrator - Enabled) => C:\Users\Home
    HomeGroupUser$ (S-1-5-21-1634595136-4235292695-661162807-1005 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - )
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    SPANISH for PC version 1 (HKLM-x32\...\{475EB026-A824-43DF-94FD-856568F70F26}_is1) (Version: 1 - Bilingual Books Inc.)
    Unity Web Player (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {038F647A-BEFC-4279-BE4D-A2D06B84B67E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
    Task: {0723661C-6D21-4B84-BFDD-84CE232DCC23} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
    Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {23236A4B-127D-468C-825B-D961C369547D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {24AC2536-A57C-40F4-AB13-D0BF1A82D34F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
    Task: {256E6778-4A49-423E-8B78-DD58D5832A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {318858A0-5656-4D9C-B48E-4D8B7597E071} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
    Task: {467B75C1-52B1-47DE-8C22-C3ACCD6587D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
    Task: {497A5723-69E9-44F8-AF71-CD08F85F073D} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
    Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9707D51D-67FD-45D2-AAA3-C7F5BCB03EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {9ADCB6B7-DDFC-4A7E-A851-ECFFCD9EEF47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
    Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {A664BE40-F40E-40D9-8EB5-5750B2C9EA5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
    Task: {B9F500CE-F299-410E-8AB0-3085FEC999B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-27] (AVAST Software)
    Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {E139710C-737D-4EC3-9C9C-6C3811999D8B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
    Task: {E854EC01-66F4-4595-9ED5-E2AC3730A614} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
    Task: {EDDE9D99-A2E2-4F0B-8869-307EC4F8E0BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
    Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F17BFED7-7AF4-4BC5-BAA6-017FA950D1D4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)
    Task: {F38486FB-4E2E-474B-B2A1-B03D26502F36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
    Task: {FA026FE9-9E3A-4EEE-8570-26FA781C113A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-21 19:18 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2013-12-21 19:39 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-27 09:14 - 2015-10-27 09:14 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-10-27 09:14 - 2015-10-27 09:14 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-12-19 12:06 - 2015-12-19 12:06 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15121901\algo.dll
    2015-12-21 10:42 - 2015-12-21 10:42 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122102\algo.dll
    2016-01-07 14:44 - 2016-01-07 14:44 - 02809344 _____ () C:\Program Files\AVAST Software\Avast\defs\16010701\algo.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:13AA281B
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
    AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2014-05-20 16:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{9ED2A59A-FF23-47C0-9EA1-302F7A77A498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C022223E-9623-4923-B7B9-EB878A82F67A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59460936-2584-4138-8760-DF83666140A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1AD6E7DF-ABB6-40EE-AF93-9D918D641953}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E565D399-17E6-487F-BCF9-CC0B9CF13171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A78F86F-D9E7-4EBA-9897-660D2965F680}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{755890AD-C191-4A4C-ADFB-80858D26D45E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{8BA6A79D-31D9-483B-AF32-12F602598EC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{0DF81457-4522-40BE-A795-A47407EA9F1A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{09DBECEE-87AE-4D75-B72A-5811AEFB95B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D6227ED5-61EA-4F69-B471-403DC1CEA433}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{8B50CD6D-CE79-4380-AEEF-898B70091D4F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{DDA6A6D7-D7B5-43AC-B943-AF31816AE687}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{7E1A37CD-1DBA-47D0-903C-27F0BD00AC0C}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
    FirewallRules: [{526881A9-F15C-49FF-B104-C34AF9D3F750}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
    FirewallRules: [{99338B9B-FA1C-49D5-9BD8-D51E30CAD4C8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
    FirewallRules: [{F8072951-0395-4864-A63F-5A69A93AD09A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
    FirewallRules: [{6EB9F908-1702-4CD3-9C57-2852EF1AA142}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
    FirewallRules: [{5BC694E3-45D4-4410-AD6F-DE842A162813}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
    FirewallRules: [{AC845AFA-FB8B-4F3B-9F91-B7CC5FC896A9}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{8ABAD0BC-1F9B-44F9-AFEE-DA5A647425D3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{8F8F42F3-B585-4835-BA18-D1967CE18500}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{D2EACD7B-8380-4D6C-A390-FEEA14EABC3E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{A89ADBB7-D4E1-4570-A9DF-A0F107188F90}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{9C590F27-F57C-4F05-BA1A-A8D60DFAF3E5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{49C790C6-9795-4648-AC81-9D76C7F16F94}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{90C7341B-188B-43F6-8F98-9765DF0EEB93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{8F80C1C9-F275-432F-9EAA-04DFEEE121D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{FF24F6EC-55E0-4517-BB9E-C90FF48D1744}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{31FD0D2B-10B6-4ABD-89AD-A8EEA6258A6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{A79D658A-FCF0-4C5C-8E3F-DB950C2CB498}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{94F6C441-E9C4-4ECA-B570-ED0502AF9114}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{83B1602B-F002-431B-8F61-DD7DA68BDE39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [{133D2BAE-8A51-4BE0-84CD-3B9AAEB70371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [{9A54FEE1-DFE9-4422-A0D7-7C162715176B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    18-12-2015 10:47:44 Windows Update
    28-12-2015 18:59:57 Scheduled Checkpoint
    05-01-2016 15:30:59 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============
     
  4. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/08/2016 11:43:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0x1a9c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/07/2016 02:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0xa1c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/07/2016 12:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0x7ac
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/06/2016 05:57:44 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (01/05/2016 03:43:52 PM) (Source: MsiInstaller) (EventID: 11719) (User: Dad)
    Description: Product: Lenovo Solution Center -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

    Error: (01/05/2016 03:31:55 PM) (Source: EventSystem) (EventID: 4622) (User: )
    Description: 800401fb{7E6F0A11-A3C6-4696-BE69-59EFAE6765F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/05/2016 03:31:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (01/05/2016 03:15:04 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (12/28/2015 07:00:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/28/2015 06:39:58 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    System errors:
    =============
    Error: (01/07/2016 10:37:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_16a1b4a1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/07/2016 10:37:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/07/2016 02:23:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/07/2016 02:18:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_169067eb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/07/2016 02:18:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/07/2016 12:47:15 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
    Description: The following service has repeatedly stopped responding to service control requests: Background Tasks Infrastructure Service

    Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

    You may have to restart the computer in safe mode before you can disable the service.

    Error: (01/07/2016 12:46:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

    Error: (01/07/2016 12:46:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

    Error: (01/07/2016 12:45:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

    Error: (01/07/2016 12:45:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.


    CodeIntegrity:
    ===================================
    Date: 2016-01-08 11:46:22.517
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-08 11:43:46.832
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-07 14:22:31.192
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-06 18:48:22.587
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 15:43:49.282
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 15:27:33.492
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 15:17:33.252
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 15:06:57.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 14:53:57.702
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-31 17:21:03.742
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz
    Percentage of memory in use: 49%
    Total physical RAM: 3973.38 MB
    Available physical RAM: 2022.59 MB
    Total Virtual: 4677.38 MB
    Available Virtual: 2567.73 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:813.08 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (The Mystery of H) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 156639CC)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Those two files you mentioned look like false positive.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : Home [Administrator]
    Started from : C:\Users\Home\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 01/09/2016 15:13:27

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 3 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
    --- User ---
    [MBR] a2b3f77455cfd29ccccbd3f5529e7b92
    [BSP] 3945368544f779505ca971688a5e94be : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
    2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
    3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
    4 - Basic data partition | Offset (sectors): 3868672 | Size: 926530 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1901402112 | Size: 450 MB
    6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1902323712 | Size: 25000 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Officejet 6700 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  7. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/9/2016
    Scan Time: 11:10 PM
    Logfile: mbam1.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.09.05
    Rootkit Database: v2016.01.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Home

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 380695
    Time Elapsed: 16 min, 20 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Comboapps, C:\Users\Home\Downloads\PDFCreatorSetup.exe, Quarantined, [d9c0a2958d0c89adb098fbd03bc9dc24],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Start menu, Cortana and task bar are all now working correctly after Mbam scan/restart
     
  9. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    # AdwCleaner v5.028 - Logfile created 09/01/2016 at 23:42:21
    # Updated 04/01/2016 by Xplode
    # Database : 2015-12-30.1 [Local]
    # Operating system : Windows 10 Home (x64)
    # Username : Home - DAD
    # Running from : C:\Users\Home\Downloads\adwcleaner_5.028.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal

    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\OutfoxTV
    Key Found : HKLM\SOFTWARE\OutfoxTV
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

    ***** [ Web browsers ] *****

    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1769 bytes] ##########
     
  10. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Home x64
    Ran by Home (Administrator) on Sun 01/10/2016 at 0:01:39.57
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 1

    Successfully deleted: C:\Users\Home\Start Menu\Programs\pc app store.lnk (Shortcut)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 01/10/2016 at 0:42:32.05
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  12. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
    Ran by Home (2016-01-10 14:52:52)
    Running from C:\Users\Home\Downloads
    Windows 10 Home (X64) (2015-12-07 22:04:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1634595136-4235292695-661162807-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1634595136-4235292695-661162807-503 - Limited - Disabled)
    Guest (S-1-5-21-1634595136-4235292695-661162807-501 - Limited - Disabled)
    Home (S-1-5-21-1634595136-4235292695-661162807-1001 - Administrator - Enabled) => C:\Users\Home
    HomeGroupUser$ (S-1-5-21-1634595136-4235292695-661162807-1005 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - )
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    SPANISH for PC version 1 (HKLM-x32\...\{475EB026-A824-43DF-94FD-856568F70F26}_is1) (Version: 1 - Bilingual Books Inc.)
    Unity Web Player (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {038F647A-BEFC-4279-BE4D-A2D06B84B67E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
    Task: {0723661C-6D21-4B84-BFDD-84CE232DCC23} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
    Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {23236A4B-127D-468C-825B-D961C369547D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {24AC2536-A57C-40F4-AB13-D0BF1A82D34F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
    Task: {256E6778-4A49-423E-8B78-DD58D5832A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {318858A0-5656-4D9C-B48E-4D8B7597E071} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
    Task: {467B75C1-52B1-47DE-8C22-C3ACCD6587D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
    Task: {497A5723-69E9-44F8-AF71-CD08F85F073D} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
    Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9707D51D-67FD-45D2-AAA3-C7F5BCB03EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {9ADCB6B7-DDFC-4A7E-A851-ECFFCD9EEF47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
    Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {A664BE40-F40E-40D9-8EB5-5750B2C9EA5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
    Task: {B9F500CE-F299-410E-8AB0-3085FEC999B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-27] (AVAST Software)
    Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {E139710C-737D-4EC3-9C9C-6C3811999D8B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
    Task: {E854EC01-66F4-4595-9ED5-E2AC3730A614} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
    Task: {EDDE9D99-A2E2-4F0B-8869-307EC4F8E0BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
    Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F17BFED7-7AF4-4BC5-BAA6-017FA950D1D4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)
    Task: {F38486FB-4E2E-474B-B2A1-B03D26502F36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
    Task: {FA026FE9-9E3A-4EEE-8570-26FA781C113A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-21 19:18 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
    2013-12-21 19:39 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2013-12-21 19:18 - 2013-10-25 02:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
    2013-12-21 19:18 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
    2015-12-17 08:21 - 2015-12-17 08:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-10-27 09:14 - 2015-10-27 09:14 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-10-27 09:14 - 2015-10-27 09:14 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-09 13:15 - 2016-01-09 13:15 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs\16010901\algo.dll
    2015-12-11 15:16 - 2015-10-30 17:59 - 00034768 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00019408 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00022848 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00023352 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00042296 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00116688 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2015-12-11 15:16 - 2015-10-30 17:59 - 00093640 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00018376 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\select.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00019760 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00105928 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32api.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00392144 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2015-12-11 15:16 - 2015-12-08 14:36 - 00381752 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00692688 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00020816 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00109520 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 01737032 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00020808 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00020800 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00021840 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00038696 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00024528 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32event.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00020936 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00114640 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32security.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00021320 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00124880 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32file.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00030160 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00043472 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32process.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00175560 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00028616 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00024016 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00048592 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32service.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00024392 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00036296 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\librsync.dll
    2015-12-11 15:16 - 2015-10-30 18:00 - 00024016 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00117056 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00031568 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
    2015-10-01 20:27 - 2015-11-04 17:04 - 00293392 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
    2015-12-11 15:16 - 2015-12-08 14:36 - 00023376 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00134608 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2015-12-11 15:16 - 2015-10-30 17:59 - 00134088 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00240584 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\jpegtran.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00020280 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00052024 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00021304 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00350152 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00084792 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2015-12-11 15:16 - 2015-12-08 14:36 - 01826608 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2015-12-11 15:16 - 2015-10-30 18:00 - 00083912 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\sip.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 03891504 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 01950000 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00519984 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00133936 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00225080 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00207672 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00024904 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00486704 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2015-12-11 15:16 - 2015-12-08 14:36 - 00357680 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2015-11-12 16:11 - 2015-10-30 18:01 - 00019920 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-11-12 16:10 - 2015-10-30 18:00 - 00786904 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-11-12 16:11 - 2015-10-30 18:00 - 00063448 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-11-12 16:11 - 2015-10-30 18:00 - 00019408 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2016-01-10 14:44 - 2016-01-10 14:44 - 00098816 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32api.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00110080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pywintypes27.dll
    2016-01-10 14:44 - 2016-01-10 14:44 - 00364544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pythoncom27.dll
    2016-01-10 14:44 - 2016-01-10 14:44 - 00046080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_socket.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 01208320 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_ssl.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00320512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32com.shell.shell.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00776704 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_hashlib.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 01176576 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._core_.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00806400 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._gdi_.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00816128 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._windows_.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 01067008 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._controls_.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00733184 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._misc_.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00682496 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pysqlite2._sqlite.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00088064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_ctypes.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00119808 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32file.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00108544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32security.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00007168 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\hashobjs_ext.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00017920 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\thumbnails_ext.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00079360 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\usb_ext.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00167936 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32gui.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00018432 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32event.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00128512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_elementtree.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00127488 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pyexpat.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00013824 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\common.time34.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00036864 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_psutil_windows.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00038912 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32inet.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00525640 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\windows._lib_cacheinvalidation.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00011264 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32crypt.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00077312 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._html2.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00027136 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_multiprocessing.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00020480 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_yappi.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00035840 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32process.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00686080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\unicodedata.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00123392 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._wizard.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00024064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32pipe.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00010240 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\select.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00025600 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32pdh.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00017408 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32profile.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00022528 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32ts.pyd
    2016-01-10 14:44 - 2016-01-10 14:44 - 00078848 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._animate.pyd
    2013-12-21 19:18 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
    2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2015-10-27 09:14 - 2015-10-27 09:14 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-12-17 08:21 - 2015-12-17 08:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2015-12-17 08:21 - 2015-12-17 08:21 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
     
  13. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:13AA281B
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
    AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2014-05-20 16:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{9ED2A59A-FF23-47C0-9EA1-302F7A77A498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{C022223E-9623-4923-B7B9-EB878A82F67A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{59460936-2584-4138-8760-DF83666140A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1AD6E7DF-ABB6-40EE-AF93-9D918D641953}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E565D399-17E6-487F-BCF9-CC0B9CF13171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A78F86F-D9E7-4EBA-9897-660D2965F680}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{755890AD-C191-4A4C-ADFB-80858D26D45E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{8BA6A79D-31D9-483B-AF32-12F602598EC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{0DF81457-4522-40BE-A795-A47407EA9F1A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{09DBECEE-87AE-4D75-B72A-5811AEFB95B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D6227ED5-61EA-4F69-B471-403DC1CEA433}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{8B50CD6D-CE79-4380-AEEF-898B70091D4F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{DDA6A6D7-D7B5-43AC-B943-AF31816AE687}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{7E1A37CD-1DBA-47D0-903C-27F0BD00AC0C}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
    FirewallRules: [{526881A9-F15C-49FF-B104-C34AF9D3F750}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
    FirewallRules: [{99338B9B-FA1C-49D5-9BD8-D51E30CAD4C8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
    FirewallRules: [{F8072951-0395-4864-A63F-5A69A93AD09A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
    FirewallRules: [{6EB9F908-1702-4CD3-9C57-2852EF1AA142}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
    FirewallRules: [{5BC694E3-45D4-4410-AD6F-DE842A162813}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
    FirewallRules: [{AC845AFA-FB8B-4F3B-9F91-B7CC5FC896A9}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{8ABAD0BC-1F9B-44F9-AFEE-DA5A647425D3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{8F8F42F3-B585-4835-BA18-D1967CE18500}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{D2EACD7B-8380-4D6C-A390-FEEA14EABC3E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{A89ADBB7-D4E1-4570-A9DF-A0F107188F90}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{9C590F27-F57C-4F05-BA1A-A8D60DFAF3E5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{49C790C6-9795-4648-AC81-9D76C7F16F94}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{90C7341B-188B-43F6-8F98-9765DF0EEB93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{8F80C1C9-F275-432F-9EAA-04DFEEE121D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{FF24F6EC-55E0-4517-BB9E-C90FF48D1744}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{31FD0D2B-10B6-4ABD-89AD-A8EEA6258A6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
    FirewallRules: [{A79D658A-FCF0-4C5C-8E3F-DB950C2CB498}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{94F6C441-E9C4-4ECA-B570-ED0502AF9114}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{83B1602B-F002-431B-8F61-DD7DA68BDE39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [{133D2BAE-8A51-4BE0-84CD-3B9AAEB70371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
    FirewallRules: [{9A54FEE1-DFE9-4422-A0D7-7C162715176B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    18-12-2015 10:47:44 Windows Update
    28-12-2015 18:59:57 Scheduled Checkpoint
    05-01-2016 15:30:59 Scheduled Checkpoint
    08-01-2016 17:11:07 Windows Update
    10-01-2016 00:01:46 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/10/2016 12:02:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (01/09/2016 11:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
    Faulting module name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
    Exception code: 0xc0000005
    Fault offset: 0x001c4130
    Faulting process id: 0x2084
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3
    Faulting package full name: mbam.exe4
    Faulting package-relative application ID: mbam.exe5

    Error: (01/08/2016 05:11:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (01/08/2016 12:26:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1
    Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6
    Exception code: 0x80000003
    Fault offset: 0x0000ed36
    Faulting process id: 0x11e8
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (01/08/2016 12:26:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 43.0.2.5833 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 19c8

    Start Time: 01d14a44a7396537

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: ab00575e-b63d-11e5-bed7-c03fd533053c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (01/08/2016 12:26:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1edc

    Start Time: 01d14a45928d3441

    Termination Time: 4294967295

    Application Path: C:\Users\Home\Downloads\FRST64.exe

    Report Id: a1857b52-b63d-11e5-bed7-c03fd533053c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (01/08/2016 11:43:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0x1a9c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/07/2016 02:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0xa1c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/07/2016 12:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
    Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
    Exception code: 0x80270233
    Fault offset: 0x0000000000166be4
    Faulting process id: 0x7ac
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/06/2016 05:57:44 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8


    System errors:
    =============
    Error: (01/10/2016 02:46:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (01/10/2016 12:46:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_28b9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/10/2016 12:46:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/09/2016 11:54:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

    Error: (01/09/2016 11:50:55 PM) (Source: GeneStor) (EventID: 0) (User: )
    Description: GeneStor driver startedGeneStor driver started (2)

    Error: (01/09/2016 11:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_6b6c9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/09/2016 11:50:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/09/2016 11:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (01/09/2016 11:49:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (01/09/2016 11:49:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-01-10 14:46:59.782
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-10 00:00:53.616
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 23:54:29.109
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 23:48:38.699
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 23:31:23.202
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 23:02:18.138
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 14:42:10.615
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 14:13:33.235
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-09 05:16:20.606
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-08 11:46:22.517
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz
    Percentage of memory in use: 59%
    Total physical RAM: 3973.38 MB
    Available physical RAM: 1627.93 MB
    Total Virtual: 4677.38 MB
    Available Virtual: 2078.61 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:812.78 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (The Mystery of H) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 156639CC)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  14. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
    Ran by Home (administrator) on DAD (10-01-2016 14:50:42)
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
    () C:\Windows\jmesoft\Service.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    () C:\Windows\SysWOW64\UMonit64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Lenovo) C:\Windows\jmesoft\hotkey.exe
    (Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    () C:\Windows\jmesoft\JME_LOAD.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
    HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
    HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
    HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-10] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-30] (Google)
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-27] (AVAST Software)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0a383852-6720-452e-946a-f401b09f8563}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{178a4648-72b6-4db3-a9e9-eea62875d728}: [DhcpNameServer] 192.168.0.1 205.171.2.25

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1634595136-4235292695-661162807-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-12] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
    FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
    FF Extension: WOT - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-22]
    FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-04-03] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.google.com/
    CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=agc511"
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
    CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
    CHR HKU\S-1-5-21-1634595136-4235292695-661162807-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-10] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-27] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-04] (COMODO)
    S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237864 2015-03-02] (EasyAntiCheat Ltd)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-27] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-27] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-27] (AVAST Software)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
    R1 cmdHlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
    R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-06-22] (Intel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-09] ()
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 00:42 - 2016-01-10 00:42 - 00000640 _____ C:\Users\Home\Desktop\JRT.txt
    2016-01-10 00:01 - 2016-01-10 00:01 - 01600184 _____ (Malwarebytes) C:\Users\Home\Downloads\JRT.exe
    2016-01-09 23:42 - 2016-01-09 23:49 - 00000000 ____D C:\AdwCleaner
    2016-01-09 23:39 - 2016-01-09 23:39 - 01749504 _____ C:\Users\Home\Downloads\adwcleaner_5.028.exe
    2016-01-09 23:36 - 2016-01-09 23:36 - 00001128 _____ C:\mbam1.txt
    2016-01-09 22:57 - 2016-01-09 22:57 - 00004580 _____ C:\Users\Home\Downloads\rkiller.txt
    2016-01-09 14:16 - 2016-01-09 14:18 - 20835400 _____ C:\Users\Home\Downloads\RogueKiller.exe
    2016-01-08 11:53 - 2016-01-08 11:54 - 00053193 _____ C:\Users\Home\Downloads\Addition.txt
    2016-01-08 11:51 - 2016-01-10 14:50 - 00019786 _____ C:\Users\Home\Downloads\FRST.txt
    2016-01-08 11:51 - 2016-01-10 14:50 - 00000000 ____D C:\FRST
    2016-01-08 11:49 - 2016-01-08 11:51 - 02370560 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun
    2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
    2016-01-07 22:17 - 2016-01-07 22:17 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Oracle
    2015-12-28 17:58 - 2015-12-28 17:58 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf
    2015-12-28 17:50 - 2015-12-28 17:50 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2.pdf
    2015-12-24 15:48 - 2016-01-09 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-21 10:37 - 2015-12-21 10:39 - 01134660 _____ C:\WINDOWS\Minidump\122115-15875-01.dmp
    2015-12-21 10:37 - 2015-12-21 10:37 - 00000000 ____D C:\WINDOWS\Minidump
    2015-12-18 09:40 - 2015-12-18 09:40 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2015-12-18 09:40 - 2015-12-18 09:40 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-18 09:39 - 2015-12-18 09:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2015-12-18 09:39 - 2015-12-18 09:39 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2015-12-18 09:39 - 2015-12-18 09:39 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-18 09:39 - 2015-12-18 09:39 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2015-12-18 09:39 - 2015-12-18 09:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2015-12-14 10:14 - 2015-12-14 10:14 - 00021870 _____ C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf
    2015-12-12 18:19 - 2015-12-13 07:34 - 00000000 ____D C:\Users\Home\AppData\Local\MicrosoftEdge
    2015-12-11 17:29 - 2015-12-11 17:29 - 00009832 _____ C:\Users\Home\Downloads\Oct-Nov 2015.csv
    2015-12-11 15:16 - 2015-12-11 15:16 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 14:51 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-10 14:50 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-10 14:50 - 2014-04-29 22:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-10 14:47 - 2015-04-08 10:33 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BE98CCC-6E74-4604-A97E-D5BE555F42A5}
    2016-01-10 14:45 - 2014-04-30 11:08 - 00000000 ___RD C:\Users\Home\Dropbox
    2016-01-10 14:45 - 2014-04-30 07:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
    2016-01-10 14:44 - 2014-09-24 20:42 - 00000000 ___RD C:\Users\Home\Google Drive
    2016-01-10 14:43 - 2015-12-07 15:05 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
    2016-01-10 14:43 - 2014-04-29 22:03 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-10 00:25 - 2014-07-16 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-10 00:03 - 2015-07-08 08:52 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job
    2016-01-09 23:57 - 2015-12-07 13:15 - 00881994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-09 23:57 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
    2016-01-09 23:51 - 2015-12-07 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-09 23:50 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-09 23:35 - 2014-05-17 10:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-09 23:29 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\addins
    2016-01-09 23:29 - 2014-06-02 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-09 23:08 - 2014-05-17 10:06 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-09 23:08 - 2014-05-17 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-09 23:08 - 2014-05-17 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-09 23:06 - 2014-05-20 22:17 - 00000000 ____D C:\Users\Home\AppData\Local\CrashDumps
    2016-01-09 23:05 - 2015-03-21 16:58 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-09 16:03 - 2015-07-08 08:52 - 00000870 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job
    2016-01-09 14:18 - 2015-03-21 16:58 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-01-08 17:12 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-08 12:19 - 2014-08-10 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-08 11:53 - 2015-10-29 23:28 - 00000000 ____D C:\Windows
    2016-01-07 22:19 - 2015-12-07 12:55 - 00000000 ____D C:\Users\Home
    2016-01-07 22:19 - 2014-04-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-07 22:18 - 2015-04-03 20:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-01-07 22:17 - 2014-06-14 23:02 - 00000000 ____D C:\Program Files (x86)\Java
    2016-01-06 19:05 - 2013-12-21 19:30 - 00000000 ____D C:\ProgramData\Temp
    2016-01-05 15:17 - 2013-12-21 19:41 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2016-01-02 18:40 - 2015-10-30 00:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 18:40 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-28 17:53 - 2014-05-08 07:57 - 00000000 ____D C:\Users\Home\Desktop\Full Quiver Contracting
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2015-12-21 10:37 - 2014-05-24 08:25 - 849869029 _____ C:\WINDOWS\MEMORY.DMP
    2015-12-17 08:55 - 2014-04-29 22:15 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-17 08:20 - 2014-04-29 21:01 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
    2015-12-12 03:37 - 2015-12-07 12:49 - 00289720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-12 03:36 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-11 03:30 - 2015-12-07 15:22 - 00002405 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-12-11 03:30 - 2015-12-07 15:22 - 00000000 ___RD C:\Users\Home\OneDrive

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-29 09:46

    ==================== End of FRST.txt ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
    Ran by Home (2016-01-11 18:34:25) Run:1
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:13AA281B
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:DDEB08FD
    AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll

    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F1B234-5332-4F45-9E5C-5307DEEE3355}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F1B234-5332-4F45-9E5C-5307DEEE3355}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{184AE782-5353-4714-95B1-01307EF271D2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184AE782-5353-4714-95B1-01307EF271D2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C9DA80-C5C3-49F2-966D-292F77C2081B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C9DA80-C5C3-49F2-966D-292F77C2081B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54E7BF06-B93A-4829-B1CD-D592CBFE7291}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54E7BF06-B93A-4829-B1CD-D592CBFE7291}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68B36AFD-B525-4944-9B7D-6888A21B73AD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68B36AFD-B525-4944-9B7D-6888A21B73AD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{942546D9-BDD5-4CAC-9276-CF21378F05B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942546D9-BDD5-4CAC-9276-CF21378F05B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A46B902F-8C04-442A-8D2D-E20FD0E8353E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A46B902F-8C04-442A-8D2D-E20FD0E8353E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D66858EB-24F5-407C-AC63-13965EBF77AA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66858EB-24F5-407C-AC63-13965EBF77AA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9CE8771-CA1E-4059-BD98-591805D8934B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9CE8771-CA1E-4059-BD98-591805D8934B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0B1EDDA-87A5-4D70-92CB-41BE27061CEC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0B1EDDA-87A5-4D70-92CB-41BE27061CEC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "C:\WINDOWS\system32\ActiveSyncProvider.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\CustomModeApp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\CustomModeAppv2_0.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\dfp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DfpCommon.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\dialserver.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\difx64.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DPTopologyApp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DPTopologyAppv2_0.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\flvprophandler.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\fveapi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\fveapibase.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\GfxUIEx.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Gfxv2_0.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Gfxv4_0.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IccLibDll_x64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\ig7icd64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igd10iumd64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdail64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdbcl64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdde64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdfcl64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdmd64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdrcl64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdumdim64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igdusc64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfx11cmrt64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxcmjit64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxcmrt64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxCoIn_v4276.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxCPL.cpl" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxCUIService.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxCUIServicePS.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDH.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDHLib.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDHLibv2_0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDI.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDILib.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDILibv2_0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxDTCM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxEM.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxEMLib.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxEMLibv2_0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxexps.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxext.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxHK.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxLHM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxLHMLib.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxLHMLibv2_0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxOSP.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\igfxTray.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\iglhcp64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\iglhsip64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\InstallAgent.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelOpenCL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiAAC64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiLogServer64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiMCUMD64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiMux64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiUMS64.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiUtils64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiVAD64.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\KnobsCore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\LicenseManager.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MapConfiguration.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MapsStore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MBMediaManager.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MDEServer.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfasfsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MFCaptureEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfcore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfds.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MFMediaEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfmkvsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfmp4srcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfmpeg2srcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MFPlay.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfps.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfreadwrite.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mfsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mos.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\moshost.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\moshostcore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MSFlacDecoder.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NetSetupApi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NetSetupEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NetSetupSvc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NetworkMobileSettings.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\OpenCL.DLL" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\policymanagerprecheck.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\provdatastore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\provengine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\provhandlers.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\provisioningcsp.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\ProvPluginEng.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\provtool.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SkyDriveTelemetry.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\StorageUsage.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\StoreAgent.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\StorSvc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wcmcsp.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wcmsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wificonnapi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wifinetworkmanager.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wifitask.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\win32kfull.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Windows.Media.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\WpcWebFilter.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\XboxNetApiSvc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\ig7icd32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igd10iumd32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdail32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdbcl32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdde32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdfcl32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdmd32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdrcl32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdumdim32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igdusc32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igfx11cmrt32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igfxcmjit32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igfxcmrt32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\igfxexps32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\iglhcp32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\iglhsip32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\InstallAgent.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\IntelOpenCL32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\LicenseManager.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MapConfiguration.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MFCaptureEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfcore.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfds.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MFMediaEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MFPlay.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfreadwrite.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mfsrcsnk.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mos.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MSFlacDecoder.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\NetSetupApi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\NetSetupEngine.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\OpenCL.DLL" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\StoreAgent.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Windows.Media.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\WpcWebFilter.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\igdkmd64.sys" => ":$CmdTcID" ADS not found.
    C:\ProgramData\Temp => ":13AA281B" ADS removed successfully.
    C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\Temp => ":DDEB08FD" ADS removed successfully.
    C:\Users\Home\Downloads\2015 FI Brackets.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\adwcleaner_5.028.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Home\Downloads\adwcleaner_5.028.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Certificates_Templates1.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\DENVERSCHED v2.docx => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\EducationPacket.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe" => ":$CmdTcID" ADS not found.
    C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
    C:\Users\Home\Downloads\Homeschool Policy 2014.doc => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc" => ":$CmdZnID" ADS not found.
    C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\JRT.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Home\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Oct-Nov 2015.csv => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\PHCblank (1).doc => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\PHCblank (2) 2.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\PHCblank.doc => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\PHCsample.doc => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Sample Transcript.doc => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Sept 2015.csv => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\SPANISH_for_PC.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\tickets (3).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Transcript Form CCU Application.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\WR3076046.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\Downloads\YouArePerishableHere.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll => moved successfully
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll => moved successfully

    ==== End of Fixlog 18:34:28 ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 40
    Java 8 Update 66
    Java version 32-bit out of Date!
    Adobe Flash Player 20.0.0.267
    Mozilla Firefox (43.0.4)
    Google Chrome (47.0.2526.106)
    Google Chrome (47.0.2526.80)
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  19. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Farbar Service Scanner Version: 03-01-2016
    Ran by Home (administrator) on 13-01-2016 at 11:37:24
    Running from "C:\Users\Home\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  20. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Sophos found no threats
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  22. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    After Delfix produced the notepad my desktop went to a black screen with no icons. All I had was the taskbar and I was unable to shut down my computer, I had the spinning wheel for a while and left my computer up for over an hour hoping that whatever was stuck loading would resolve itself and my desktop would reappear, but it did not. I had to shut it down by holding the power button and now my computer is doing the same thing as before. Minimized screens disappear, task bar doesn't work, windows start menu does not function, so I cannot shut computer down. When I shut the computer down it may have reverted to an infected restore point, but like I said the computer was not working anyway. I need to get to Word to get my husband's resume for a job interview he has this week, but Word isn't on my desktop and I cannot access it from the search menu. Any idea on how to get to file explorer so I can access that? Do I need to run all the scans again?
     
  23. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    This is what my SAS found when I ran a scan a few minutes ago.

    PUP.DownloadAdmin/Variant
    C:\USERS\HOME\DOWNLOADS\DOROPDFWRITER-SETUP.EXE
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Probably false positive.

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Repairs tab and click Open Repairs button.

    [​IMG]

    In next window....
    Leave all checkmarks as they're.
    Click on Start Repairs button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  25. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Tweaking.com - Windows Repair v3.8.1
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 10 Home
    OS Architecture: 64-bit
    OS Version: 10.0.10586
    OS Service Pack:
    Computer Name: DAD
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\Home
    Current Profile SID: S-1-5-21-1634595136-4235292695-661162807-1001
    Current Profile Classes: S-1-5-21-1634595136-4235292695-661162807-1001_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Users\Home\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:01:53

    Process Count: 30
    Commit Total: 808.70 MB
    Commit Limit: 4.57 GB
    Commit Peak: 916.07 MB
    Handle Count: 9471
    Kernel Total: 230.73 MB
    Kernel Paged: 179.41 MB
    Kernel Non Paged: 51.32 MB
    System Cache: 421.51 MB
    Thread Count: 441
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.88 GB
    Memory Used: 911.78 MB(22.9473%)
    Memory Avail.: 2.99 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.88 GB
    Memory Used: 757.65 MB(19.0682%)
    Memory Avail.: 3.14 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (1/20/2016 9:55:23 AM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 0

    01 - Reset Registry Permissions
    Restore Windows 7/8/10 Default Registry Permissions
    Start (1/20/2016 9:55:30 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
    Done, 0.36 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
    Done, 5.2 seconds.

    Running Repair Under System Account
    Done (1/20/2016 10:04:42 AM)

    Reset File Permissions: C:
    C: & Sub Folders
    Start (1/20/2016 10:04:42 AM)

    Running Repair Under Current User Account
    Done (1/20/2016 10:20:13 AM)

    Reset File Permissions
    Restore Windows 7/8/10 Default File Permissions
    Start (1/20/2016 10:20:13 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
    Done, 0.17 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
    Done, 0.25 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
    Done, 0.63 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
    Done, 0.17 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
    Done, 0.2 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
    Done, 3.0 seconds.

    Running Repair Under Current User Account
    Done (1/20/2016 10:24:45 AM)

    Reset File Permissions: Cleanup
    Repairing Restricted Folders Permissions To Avoid Infinite Loops
    Start (1/20/2016 10:24:45 AM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:24:47 AM)

    03 - Reset Service Permissions
    Start (1/20/2016 10:24:47 AM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:25:15 AM)

    04 - Register System Files
    Start (1/20/2016 10:25:15 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:26:28 AM)

    05 - Repair WMI
    Start (1/20/2016 10:26:28 AM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Exporting 3rd Party Firewall Info...
    Running Repair Under Current User Account
    Done (1/20/2016 10:30:55 AM)

    06 - Repair Windows Firewall
    Start (1/20/2016 10:30:55 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.2 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:31:33 AM)

    07 - Repair Internet Explorer
    Start (1/20/2016 10:31:33 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:32:10 AM)

    08 - Repair MDAC/MS Jet
    Start (1/20/2016 10:32:10 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:32:21 AM)

    09 - Repair Hosts File
    Start (1/20/2016 10:32:21 AM)
    Running Repair Under System Account
    Done (1/20/2016 10:32:22 AM)

    10 - Remove Policies Set By Infections
    Start (1/20/2016 10:32:22 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:32:27 AM)

    11 - Repair Start Menu Icons Removed By Infections
    Start (1/20/2016 10:32:27 AM)
    Running Repair Under System Account
    Done (1/20/2016 10:32:28 AM)

    12 - Repair Icons
    Start (1/20/2016 10:32:28 AM)
    Running Repair Under Current User Account
    Done (1/20/2016 10:32:29 AM)

    13 - Repair Network
    Start (1/20/2016 10:32:29 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.5 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:33:03 AM)

    14 - Remove Temp Files
    Start (1/20/2016 10:33:03 AM)
    Running Repair Under System Account
    Done (1/20/2016 10:33:04 AM)

    15 - Repair Proxy Settings
    Start (1/20/2016 10:33:04 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:33:06 AM)

    17 - Repair Windows Updates
    Start (1/20/2016 10:33:06 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.2 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (1/20/2016 10:33:57 AM)

    18 - Repair CD/DVD Missing/Not Working
    Start (1/20/2016 10:33:57 AM)
    iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
    Done (1/20/2016 10:33:57 AM)

    19 - Repair Volume Shadow Copy Service
    Start (1/20/2016 10:33:57 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.22 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:34:45 AM)

    20 - Repair Windows Sidebar/Gadgets
    Start (1/20/2016 10:34:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:34:47 AM)

    21 - Repair MSI (Windows Installer)
    Start (1/20/2016 10:34:47 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.27 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:23 AM)

    22 - Repair Windows Snipping Tool
    Start (1/20/2016 10:35:23 AM)
    Done (1/20/2016 10:35:23 AM)

    23.01 - Repair bat Association
    Start (1/20/2016 10:35:23 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:25 AM)

    23.02 - Repair cmd Association
    Start (1/20/2016 10:35:25 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:27 AM)

    23.03 - Repair com Association
    Start (1/20/2016 10:35:28 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:30 AM)

    23.04 - Repair Directory Association
    Start (1/20/2016 10:35:30 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:32 AM)

    23.05 - Repair Drive Association
    Start (1/20/2016 10:35:32 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:34 AM)

    23.06 - Repair exe Association
    Start (1/20/2016 10:35:34 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:36 AM)

    23.07 - Repair Folder Association
    Start (1/20/2016 10:35:36 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:38 AM)

    23.08 - Repair inf Association
    Start (1/20/2016 10:35:38 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:41 AM)

    23.09 - Repair lnk (Shortcuts) Association
    Start (1/20/2016 10:35:41 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:43 AM)

    23.10 - Repair msc Association
    Start (1/20/2016 10:35:43 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:45 AM)

    23.11 - Repair reg Association
    Start (1/20/2016 10:35:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:47 AM)

    23.12 - Repair scr Association
    Start (1/20/2016 10:35:47 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:49 AM)

    24 - Repair Windows Safe Mode
    Start (1/20/2016 10:35:50 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:35:52 AM)

    25 - Repair Print Spooler
    Start (1/20/2016 10:35:52 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.2 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:36:22 AM)

    26 - Restore Important Windows Services
    Start (1/20/2016 10:36:22 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.2 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:36:57 AM)

    27 - Set Windows Services To Default Startup
    Start (1/20/2016 10:36:57 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 10:37:05 AM)

    Skipping Repair.
    Due to a bug in the Windows 10 build 10586 the powershell command used to reinstall the apps and app store instead breaks them and deletes their install folders. Till Microsoft fixes this bug this repair is skipped for this version of Windows.
    Current version: 10.0.10586

    29 - Repair Windows 8/10 Component Store
    Start (1/20/2016 10:37:06 AM)
    Running Repair Under Current User Account
    Done (1/20/2016 11:55:13 AM)

    30 - Restore Windows 8/10 COM+ Unmarshalers
    Start (1/20/2016 11:55:13 AM)
    Running Repair Under System Account
    [X] -----Job Complete----- Items Done: 1
    Done (1/20/2016 11:55:16 AM)

    31 - Repair Windows 'New' Submenu
    Start (1/20/2016 11:55:16 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/20/2016 11:55:19 AM)

    Skipping Repair.
    Repair is for Windows v6 (Windows Vista & Newer) or higher.
    Current version: 10.0.10586

    33 - Repair Performance Counters
    Start (1/20/2016 11:55:19 AM)
    Running Repair Under Current User Account
    Done (1/20/2016 11:55:23 AM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (1/20/2016 11:55:23 AM)
    Total Repair Time: 02:00:02


    ...YOU MUST RESTART YOUR SYSTEM...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...