Solved PUP programs found

mom26gr8kids · Jan 8, 2016

During my routine SAS scan this week it found two PUP files. Avast came up clean. SAS did not remove the files.
The computer is also not responding normally. When I click on the Windows Icon nothing happens, so I cannot access the start menu or power off the computer. And the Cortana search bar isn't working, which I only use to find some of my programs, but now I cannot access some of those programs. And every time I minimize a window I can't find it again, which may be due to the unwanted programs, or maybe some default setting was reset on my computer. I upgraded to Windows 10 a few weeks ago, but these programs are on a desktop PC that we don't use very often. Here is the description of the programs from the SAS scan. Other scans will be posted today, just be patient as sometimes I have to actually reopen the program to find the log since it minimizes the text files when I open other windows.

PUP.DownloadAdmin/Variant
C:\USERS\HOME\DOWNLOADS\DOROPDFWRITER-SETUP.EXE

PUP.InstallCore/Variant
C:\USERS\HOME\DOWNLOADS\PDFCREATORSETUP.EXE

mom26gr8kids · Jan 8, 2016

Frst log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Home (administrator) on DAD (08-01-2016 11:51:37)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Windows\jmesoft\Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-18] (SUPERAntiSpyware)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-30] (Google)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-27] (AVAST Software)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a383852-6720-452e-946a-f401b09f8563}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{178a4648-72b6-4db3-a9e9-eea62875d728}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1634595136-4235292695-661162807-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-12] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
FF Extension: WOT - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-22]
FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-04-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=agc511"
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKU\S-1-5-21-1634595136-4235292695-661162807-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-27] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-04] (COMODO)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237864 2015-03-02] (EasyAntiCheat Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-27] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-21] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-06-22] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 11:51 - 2016-01-08 11:52 - 00018824 _____ C:\Users\Home\Downloads\FRST.txt
2016-01-08 11:51 - 2016-01-08 11:51 - 00000000 ____D C:\FRST
2016-01-08 11:49 - 2016-01-08 11:51 - 02370560 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun
2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
2016-01-07 22:17 - 2016-01-07 22:17 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Oracle
2015-12-28 17:58 - 2015-12-28 17:58 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf
2015-12-28 17:50 - 2015-12-28 17:50 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2.pdf
2015-12-24 15:48 - 2016-01-07 22:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-21 10:37 - 2015-12-21 10:39 - 01134660 _____ C:\WINDOWS\Minidump\122115-15875-01.dmp
2015-12-21 10:37 - 2015-12-21 10:37 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 09:40 - 2015-12-18 09:40 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 09:39 - 2015-12-18 09:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 09:39 - 2015-12-18 09:39 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 09:39 - 2015-12-18 09:39 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-14 10:14 - 2015-12-14 10:14 - 00021870 _____ C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf
2015-12-12 18:19 - 2015-12-13 07:34 - 00000000 ____D C:\Users\Home\AppData\Local\MicrosoftEdge
2015-12-11 17:29 - 2015-12-11 17:29 - 00009832 _____ C:\Users\Home\Downloads\Oct-Nov 2015.csv
2015-12-11 15:16 - 2015-12-11 15:16 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-09 09:31 - 2015-12-01 00:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 09:31 - 2015-11-24 05:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 09:31 - 2015-11-24 04:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 09:31 - 2015-11-24 03:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 09:31 - 2015-11-24 03:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-09 09:31 - 2015-11-24 02:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-09 09:31 - 2015-11-24 02:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 09:31 - 2015-11-24 02:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-09 09:31 - 2015-11-24 02:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 09:31 - 2015-11-24 02:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 09:31 - 2015-11-24 02:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 09:31 - 2015-11-24 02:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 09:31 - 2015-11-24 01:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 09:31 - 2015-11-24 01:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 09:31 - 2015-11-24 01:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-09 09:31 - 2015-11-24 01:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 09:31 - 2015-11-24 01:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 09:31 - 2015-11-24 01:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 09:31 - 2015-11-24 01:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 09:31 - 2015-11-24 00:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 09:31 - 2015-11-24 00:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 09:31 - 2015-11-24 00:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 09:31 - 2015-11-24 00:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 09:31 - 2015-11-24 00:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 09:31 - 2015-11-24 00:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 09:31 - 2015-11-24 00:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 09:31 - 2015-11-24 00:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 11:51 - 2015-10-29 23:28 - 00000000 ____D C:\Windows
2016-01-08 11:50 - 2014-04-29 22:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 11:43 - 2015-12-07 15:05 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
2016-01-08 11:43 - 2015-04-08 10:33 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BE98CCC-6E74-4604-A97E-D5BE555F42A5}
2016-01-08 11:43 - 2014-04-29 22:03 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-07 22:25 - 2014-07-16 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-07 22:19 - 2015-12-07 12:55 - 00000000 ____D C:\Users\Home
2016-01-07 22:19 - 2014-04-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-07 22:18 - 2015-04-03 20:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-07 22:17 - 2014-06-14 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-07 22:03 - 2015-07-08 08:52 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job
2016-01-07 17:38 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 16:03 - 2015-07-08 08:52 - 00000870 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job
2016-01-07 15:44 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 15:44 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-06 19:05 - 2013-12-21 19:30 - 00000000 ____D C:\ProgramData\Temp
2016-01-05 15:17 - 2013-12-21 19:41 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-29 09:32 - 2014-06-02 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-28 18:25 - 2015-12-07 13:15 - 00881994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 18:25 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-28 17:53 - 2014-05-08 07:57 - 00000000 ____D C:\Users\Home\Desktop\Full Quiver Contracting
2015-12-27 14:10 - 2015-10-30 00:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 14:10 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-21 10:44 - 2014-09-24 20:42 - 00000000 ___RD C:\Users\Home\Google Drive
2015-12-21 10:44 - 2014-04-30 11:08 - 00000000 ___RD C:\Users\Home\Dropbox
2015-12-21 10:44 - 2014-04-30 07:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
2015-12-21 10:41 - 2015-12-07 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-21 10:40 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-21 10:37 - 2014-05-24 08:25 - 849869029 _____ C:\WINDOWS\MEMORY.DMP
2015-12-17 08:55 - 2014-04-29 22:15 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 08:20 - 2014-04-29 21:01 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
2015-12-12 03:37 - 2015-12-07 12:49 - 00289720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-12 03:36 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-11 03:30 - 2015-12-07 15:22 - 00002405 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-11 03:30 - 2015-12-07 15:22 - 00000000 ___RD C:\Users\Home\OneDrive
2015-12-09 13:03 - 2014-04-30 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 12:59 - 2014-05-03 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 12:54 - 2014-04-30 01:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 09:47 - 2014-04-30 01:17 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-29 09:46

==================== End of FRST.txt ============================

mom26gr8kids · Jan 8, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Home (2016-01-08 11:53:14)
Running from C:\Users\Home\Downloads
Windows 10 Home (X64) (2015-12-07 22:04:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1634595136-4235292695-661162807-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1634595136-4235292695-661162807-503 - Limited - Disabled)
Guest (S-1-5-21-1634595136-4235292695-661162807-501 - Limited - Disabled)
Home (S-1-5-21-1634595136-4235292695-661162807-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1634595136-4235292695-661162807-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - )
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SPANISH for PC version 1 (HKLM-x32\...\{475EB026-A824-43DF-94FD-856568F70F26}_is1) (Version: 1 - Bilingual Books Inc.)
Unity Web Player (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {038F647A-BEFC-4279-BE4D-A2D06B84B67E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {0723661C-6D21-4B84-BFDD-84CE232DCC23} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {23236A4B-127D-468C-825B-D961C369547D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24AC2536-A57C-40F4-AB13-D0BF1A82D34F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {256E6778-4A49-423E-8B78-DD58D5832A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {318858A0-5656-4D9C-B48E-4D8B7597E071} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {467B75C1-52B1-47DE-8C22-C3ACCD6587D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
Task: {497A5723-69E9-44F8-AF71-CD08F85F073D} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9707D51D-67FD-45D2-AAA3-C7F5BCB03EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9ADCB6B7-DDFC-4A7E-A851-ECFFCD9EEF47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A664BE40-F40E-40D9-8EB5-5750B2C9EA5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {B9F500CE-F299-410E-8AB0-3085FEC999B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-27] (AVAST Software)
Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E139710C-737D-4EC3-9C9C-6C3811999D8B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {E854EC01-66F4-4595-9ED5-E2AC3730A614} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
Task: {EDDE9D99-A2E2-4F0B-8869-307EC4F8E0BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F17BFED7-7AF4-4BC5-BAA6-017FA950D1D4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)
Task: {F38486FB-4E2E-474B-B2A1-B03D26502F36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {FA026FE9-9E3A-4EEE-8570-26FA781C113A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-21 19:18 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-12-21 19:39 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-27 09:14 - 2015-10-27 09:14 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-27 09:14 - 2015-10-27 09:14 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-19 12:06 - 2015-12-19 12:06 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15121901\algo.dll
2015-12-21 10:42 - 2015-12-21 10:42 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122102\algo.dll
2016-01-07 14:44 - 2016-01-07 14:44 - 02809344 _____ () C:\Program Files\AVAST Software\Avast\defs\16010701\algo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:13AA281B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD
AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2014-05-20 16:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9ED2A59A-FF23-47C0-9EA1-302F7A77A498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C022223E-9623-4923-B7B9-EB878A82F67A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59460936-2584-4138-8760-DF83666140A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1AD6E7DF-ABB6-40EE-AF93-9D918D641953}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E565D399-17E6-487F-BCF9-CC0B9CF13171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A78F86F-D9E7-4EBA-9897-660D2965F680}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{755890AD-C191-4A4C-ADFB-80858D26D45E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8BA6A79D-31D9-483B-AF32-12F602598EC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0DF81457-4522-40BE-A795-A47407EA9F1A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{09DBECEE-87AE-4D75-B72A-5811AEFB95B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6227ED5-61EA-4F69-B471-403DC1CEA433}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8B50CD6D-CE79-4380-AEEF-898B70091D4F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DDA6A6D7-D7B5-43AC-B943-AF31816AE687}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7E1A37CD-1DBA-47D0-903C-27F0BD00AC0C}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{526881A9-F15C-49FF-B104-C34AF9D3F750}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{99338B9B-FA1C-49D5-9BD8-D51E30CAD4C8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{F8072951-0395-4864-A63F-5A69A93AD09A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{6EB9F908-1702-4CD3-9C57-2852EF1AA142}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{5BC694E3-45D4-4410-AD6F-DE842A162813}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{AC845AFA-FB8B-4F3B-9F91-B7CC5FC896A9}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8ABAD0BC-1F9B-44F9-AFEE-DA5A647425D3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8F8F42F3-B585-4835-BA18-D1967CE18500}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D2EACD7B-8380-4D6C-A390-FEEA14EABC3E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A89ADBB7-D4E1-4570-A9DF-A0F107188F90}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{9C590F27-F57C-4F05-BA1A-A8D60DFAF3E5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{49C790C6-9795-4648-AC81-9D76C7F16F94}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{90C7341B-188B-43F6-8F98-9765DF0EEB93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F80C1C9-F275-432F-9EAA-04DFEEE121D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF24F6EC-55E0-4517-BB9E-C90FF48D1744}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{31FD0D2B-10B6-4ABD-89AD-A8EEA6258A6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{A79D658A-FCF0-4C5C-8E3F-DB950C2CB498}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{94F6C441-E9C4-4ECA-B570-ED0502AF9114}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{83B1602B-F002-431B-8F61-DD7DA68BDE39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{133D2BAE-8A51-4BE0-84CD-3B9AAEB70371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{9A54FEE1-DFE9-4422-A0D7-7C162715176B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-12-2015 10:47:44 Windows Update
28-12-2015 18:59:57 Scheduled Checkpoint
05-01-2016 15:30:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

mom26gr8kids · Jan 8, 2016

==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2016 11:43:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0x1a9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/07/2016 02:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0xa1c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/07/2016 12:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0x7ac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/06/2016 05:57:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/05/2016 03:43:52 PM) (Source: MsiInstaller) (EventID: 11719) (User: Dad)
Description: Product: Lenovo Solution Center -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/05/2016 03:31:55 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 800401fb{7E6F0A11-A3C6-4696-BE69-59EFAE6765F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/05/2016 03:31:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/05/2016 03:15:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/28/2015 07:00:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/28/2015 06:39:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
=============
Error: (01/07/2016 10:37:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_16a1b4a1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 10:37:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 02:23:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 02:18:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_169067eb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 02:18:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 12:47:15 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: Background Tasks Infrastructure Service

Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

You may have to restart the computer in safe mode before you can disable the service.

Error: (01/07/2016 12:46:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

Error: (01/07/2016 12:46:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (01/07/2016 12:45:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (01/07/2016 12:45:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

CodeIntegrity:
===================================
Date: 2016-01-08 11:46:22.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 11:43:46.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-07 14:22:31.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 18:48:22.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 15:43:49.282
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 15:27:33.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 15:17:33.252
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 15:06:57.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 14:53:57.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 17:21:03.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz
Percentage of memory in use: 49%
Total physical RAM: 3973.38 MB
Available physical RAM: 2022.59 MB
Total Virtual: 4677.38 MB
Available Virtual: 2567.73 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:813.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (The Mystery of H) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 156639CC)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Jan 8, 2016

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Those two files you mentioned look like false positive.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

mom26gr8kids · Jan 10, 2016

RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Home [Administrator]
Started from : C:\Users\Home\Downloads\RogueKiller.exe
Mode : Delete -- Date : 01/09/2016 15:13:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] a2b3f77455cfd29ccccbd3f5529e7b92
[BSP] 3945368544f779505ca971688a5e94be : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 926530 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1901402112 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1902323712 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP Officejet 6700 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

mom26gr8kids · Jan 10, 2016

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/9/2016
Scan Time: 11:10 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.09.05
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380695
Time Elapsed: 16 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Comboapps, C:\Users\Home\Downloads\PDFCreatorSetup.exe, Quarantined, [d9c0a2958d0c89adb098fbd03bc9dc24],

Physical Sectors: 0
(No malicious items detected)

(end)

mom26gr8kids · Jan 10, 2016

Start menu, Cortana and task bar are all now working correctly after Mbam scan/restart

mom26gr8kids · Jan 10, 2016

# AdwCleaner v5.028 - Logfile created 09/01/2016 at 23:42:21
# Updated 04/01/2016 by Xplode
# Database : 2015-12-30.1 [Local]
# Operating system : Windows 10 Home (x64)
# Username : Home - DAD
# Running from : C:\Users\Home\Downloads\adwcleaner_5.028.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\OutfoxTV
Key Found : HKLM\SOFTWARE\OutfoxTV
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.com
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1769 bytes] ##########

mom26gr8kids · Jan 10, 2016

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Home (Administrator) on Sun 01/10/2016 at 0:01:39.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Home\Start Menu\Programs\pc app store.lnk (Shortcut)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/10/2016 at 0:42:32.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jan 10, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

mom26gr8kids · Jan 10, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Home (2016-01-10 14:52:52)
Running from C:\Users\Home\Downloads
Windows 10 Home (X64) (2015-12-07 22:04:25)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1634595136-4235292695-661162807-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1634595136-4235292695-661162807-503 - Limited - Disabled)
Guest (S-1-5-21-1634595136-4235292695-661162807-501 - Limited - Disabled)
Home (S-1-5-21-1634595136-4235292695-661162807-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1634595136-4235292695-661162807-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: - )
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SPANISH for PC version 1 (HKLM-x32\...\{475EB026-A824-43DF-94FD-856568F70F26}_is1) (Version: 1 - Bilingual Books Inc.)
Unity Web Player (HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1634595136-4235292695-661162807-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {038F647A-BEFC-4279-BE4D-A2D06B84B67E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {0723661C-6D21-4B84-BFDD-84CE232DCC23} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {23236A4B-127D-468C-825B-D961C369547D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24AC2536-A57C-40F4-AB13-D0BF1A82D34F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {256E6778-4A49-423E-8B78-DD58D5832A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {318858A0-5656-4D9C-B48E-4D8B7597E071} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {467B75C1-52B1-47DE-8C22-C3ACCD6587D5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
Task: {497A5723-69E9-44F8-AF71-CD08F85F073D} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9707D51D-67FD-45D2-AAA3-C7F5BCB03EA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9ADCB6B7-DDFC-4A7E-A851-ECFFCD9EEF47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A664BE40-F40E-40D9-8EB5-5750B2C9EA5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {B9F500CE-F299-410E-8AB0-3085FEC999B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-27] (AVAST Software)
Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E139710C-737D-4EC3-9C9C-6C3811999D8B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {E854EC01-66F4-4595-9ED5-E2AC3730A614} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-04] (COMODO)
Task: {EDDE9D99-A2E2-4F0B-8869-307EC4F8E0BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F17BFED7-7AF4-4BC5-BAA6-017FA950D1D4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)
Task: {F38486FB-4E2E-474B-B2A1-B03D26502F36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {FA026FE9-9E3A-4EEE-8570-26FA781C113A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-04] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-21 19:18 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-12-21 19:39 - 2013-05-14 11:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 13:43 - 2015-12-07 13:43 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-12-21 19:18 - 2013-10-25 02:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2013-12-21 19:18 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-12-17 08:21 - 2015-12-17 08:21 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-27 09:14 - 2015-10-27 09:14 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-27 09:14 - 2015-10-27 09:14 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-09 13:15 - 2016-01-09 13:15 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs\16010901\algo.dll
2015-12-11 15:16 - 2015-10-30 17:59 - 00034768 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00019408 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00022848 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00023352 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00042296 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00116688 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 15:16 - 2015-10-30 17:59 - 00093640 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00018376 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00019760 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00105928 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00392144 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 15:16 - 2015-12-08 14:36 - 00381752 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00692688 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00020816 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00109520 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 01737032 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00020808 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00020800 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00021840 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00038696 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00024528 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00020936 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00114640 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00021320 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00124880 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00030160 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00043472 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00175560 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00028616 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00024016 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00048592 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00024392 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00036296 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 15:16 - 2015-10-30 18:00 - 00024016 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00117056 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00031568 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2015-10-01 20:27 - 2015-11-04 17:04 - 00293392 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-11 15:16 - 2015-12-08 14:36 - 00023376 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00134608 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 15:16 - 2015-10-30 17:59 - 00134088 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00240584 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00020280 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00052024 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00021304 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00350152 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00084792 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 15:16 - 2015-12-08 14:36 - 01826608 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 15:16 - 2015-10-30 18:00 - 00083912 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 03891504 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 01950000 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00519984 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00133936 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00225080 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00207672 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00024904 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00486704 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 15:16 - 2015-12-08 14:36 - 00357680 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-11-12 16:11 - 2015-10-30 18:01 - 00019920 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-12 16:10 - 2015-10-30 18:00 - 00786904 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 16:11 - 2015-10-30 18:00 - 00063448 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 16:11 - 2015-10-30 18:00 - 00019408 _____ () C:\Users\Home\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2016-01-10 14:44 - 2016-01-10 14:44 - 00098816 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32api.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00110080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pywintypes27.dll
2016-01-10 14:44 - 2016-01-10 14:44 - 00364544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pythoncom27.dll
2016-01-10 14:44 - 2016-01-10 14:44 - 00046080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_socket.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 01208320 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_ssl.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00320512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32com.shell.shell.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00776704 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_hashlib.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 01176576 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._core_.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00806400 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._gdi_.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00816128 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._windows_.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 01067008 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._controls_.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00733184 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._misc_.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00682496 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pysqlite2._sqlite.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00088064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_ctypes.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00119808 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32file.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00108544 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32security.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00007168 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\hashobjs_ext.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00017920 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\thumbnails_ext.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00079360 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\usb_ext.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00167936 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32gui.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00018432 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32event.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00128512 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_elementtree.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00127488 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\pyexpat.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00013824 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\common.time34.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00036864 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_psutil_windows.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00038912 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32inet.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00525640 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\windows._lib_cacheinvalidation.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00011264 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32crypt.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00077312 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._html2.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00027136 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_multiprocessing.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00020480 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\_yappi.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00035840 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32process.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00686080 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\unicodedata.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00123392 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._wizard.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00024064 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32pipe.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00010240 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\select.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00025600 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32pdh.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00017408 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32profile.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00022528 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\win32ts.pyd
2016-01-10 14:44 - 2016-01-10 14:44 - 00078848 _____ () C:\Users\Home\AppData\Local\Temp\_MEI78762\wx._animate.pyd
2013-12-21 19:18 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-10-27 09:14 - 2015-10-27 09:14 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-17 08:21 - 2015-12-17 08:21 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 08:21 - 2015-12-17 08:21 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

mom26gr8kids · Jan 10, 2016

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:13AA281B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD
AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2014-05-20 16:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9ED2A59A-FF23-47C0-9EA1-302F7A77A498}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C022223E-9623-4923-B7B9-EB878A82F67A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59460936-2584-4138-8760-DF83666140A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1AD6E7DF-ABB6-40EE-AF93-9D918D641953}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E565D399-17E6-487F-BCF9-CC0B9CF13171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A78F86F-D9E7-4EBA-9897-660D2965F680}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{755890AD-C191-4A4C-ADFB-80858D26D45E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{8BA6A79D-31D9-483B-AF32-12F602598EC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{0DF81457-4522-40BE-A795-A47407EA9F1A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{09DBECEE-87AE-4D75-B72A-5811AEFB95B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6227ED5-61EA-4F69-B471-403DC1CEA433}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{8B50CD6D-CE79-4380-AEEF-898B70091D4F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DDA6A6D7-D7B5-43AC-B943-AF31816AE687}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7E1A37CD-1DBA-47D0-903C-27F0BD00AC0C}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{526881A9-F15C-49FF-B104-C34AF9D3F750}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{99338B9B-FA1C-49D5-9BD8-D51E30CAD4C8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{F8072951-0395-4864-A63F-5A69A93AD09A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{6EB9F908-1702-4CD3-9C57-2852EF1AA142}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{5BC694E3-45D4-4410-AD6F-DE842A162813}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{AC845AFA-FB8B-4F3B-9F91-B7CC5FC896A9}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8ABAD0BC-1F9B-44F9-AFEE-DA5A647425D3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8F8F42F3-B585-4835-BA18-D1967CE18500}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D2EACD7B-8380-4D6C-A390-FEEA14EABC3E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A89ADBB7-D4E1-4570-A9DF-A0F107188F90}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{9C590F27-F57C-4F05-BA1A-A8D60DFAF3E5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{49C790C6-9795-4648-AC81-9D76C7F16F94}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{90C7341B-188B-43F6-8F98-9765DF0EEB93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F80C1C9-F275-432F-9EAA-04DFEEE121D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF24F6EC-55E0-4517-BB9E-C90FF48D1744}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{31FD0D2B-10B6-4ABD-89AD-A8EEA6258A6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{A79D658A-FCF0-4C5C-8E3F-DB950C2CB498}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{94F6C441-E9C4-4ECA-B570-ED0502AF9114}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{83B1602B-F002-431B-8F61-DD7DA68BDE39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{133D2BAE-8A51-4BE0-84CD-3B9AAEB70371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{9A54FEE1-DFE9-4422-A0D7-7C162715176B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-12-2015 10:47:44 Windows Update
28-12-2015 18:59:57 Scheduled Checkpoint
05-01-2016 15:30:59 Scheduled Checkpoint
08-01-2016 17:11:07 Windows Update
10-01-2016 00:01:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2016 12:02:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/09/2016 11:05:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Faulting module name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Exception code: 0xc0000005
Fault offset: 0x001c4130
Faulting process id: 0x2084
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (01/08/2016 05:11:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/08/2016 12:26:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.2.5833, time stamp: 0x5678a0b1
Faulting module name: mozglue.dll, version: 43.0.2.5833, time stamp: 0x567893a6
Exception code: 0x80000003
Fault offset: 0x0000ed36
Faulting process id: 0x11e8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (01/08/2016 12:26:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.2.5833 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19c8

Start Time: 01d14a44a7396537

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: ab00575e-b63d-11e5-bed7-c03fd533053c

Faulting package full name:

Faulting package-relative application ID:

Error: (01/08/2016 12:26:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1edc

Start Time: 01d14a45928d3441

Termination Time: 4294967295

Application Path: C:\Users\Home\Downloads\FRST64.exe

Report Id: a1857b52-b63d-11e5-bed7-c03fd533053c

Faulting package full name:

Faulting package-relative application ID:

Error: (01/08/2016 11:43:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0x1a9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/07/2016 02:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0xa1c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/07/2016 12:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0x7ac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/06/2016 05:57:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
=============
Error: (01/10/2016 02:46:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/10/2016 12:46:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_28b9b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/10/2016 12:46:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/09/2016 11:54:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/09/2016 11:50:55 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: GeneStor driver startedGeneStor driver started (2)

Error: (01/09/2016 11:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_6b6c9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/09/2016 11:50:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/09/2016 11:49:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/09/2016 11:49:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/09/2016 11:49:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2016-01-10 14:46:59.782
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-10 00:00:53.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 23:54:29.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 23:48:38.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 23:31:23.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 23:02:18.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 14:42:10.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 14:13:33.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 05:16:20.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 11:46:22.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz
Percentage of memory in use: 59%
Total physical RAM: 3973.38 MB
Available physical RAM: 1627.93 MB
Total Virtual: 4677.38 MB
Available Virtual: 2078.61 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:812.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (The Mystery of H) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 156639CC)

Partition: GPT.

==================== End of Addition.txt ============================

mom26gr8kids · Jan 10, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Home (administrator) on DAD (10-01-2016 14:50:42)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
() C:\Windows\jmesoft\Service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-18] (SUPERAntiSpyware)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-30] (Google)
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\...\Run: [Dropbox Update] => C:\Users\Home\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-27] (AVAST Software)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0a383852-6720-452e-946a-f401b09f8563}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{178a4648-72b6-4db3-a9e9-eea62875d728}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1634595136-4235292695-661162807-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1634595136-4235292695-661162807-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-12] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-12] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1634595136-4235292695-661162807-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-07-03] (Pando Networks)
FF Extension: WOT - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-22]
FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\b89dudjq.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2015-04-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=agc511"
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKU\S-1-5-21-1634595136-4235292695-661162807-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-27] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-04] (COMODO)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [237864 2015-03-02] (EasyAntiCheat Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-27] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-06-22] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-09] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 00:42 - 2016-01-10 00:42 - 00000640 _____ C:\Users\Home\Desktop\JRT.txt
2016-01-10 00:01 - 2016-01-10 00:01 - 01600184 _____ (Malwarebytes) C:\Users\Home\Downloads\JRT.exe
2016-01-09 23:42 - 2016-01-09 23:49 - 00000000 ____D C:\AdwCleaner
2016-01-09 23:39 - 2016-01-09 23:39 - 01749504 _____ C:\Users\Home\Downloads\adwcleaner_5.028.exe
2016-01-09 23:36 - 2016-01-09 23:36 - 00001128 _____ C:\mbam1.txt
2016-01-09 22:57 - 2016-01-09 22:57 - 00004580 _____ C:\Users\Home\Downloads\rkiller.txt
2016-01-09 14:16 - 2016-01-09 14:18 - 20835400 _____ C:\Users\Home\Downloads\RogueKiller.exe
2016-01-08 11:53 - 2016-01-08 11:54 - 00053193 _____ C:\Users\Home\Downloads\Addition.txt
2016-01-08 11:51 - 2016-01-10 14:50 - 00019786 _____ C:\Users\Home\Downloads\FRST.txt
2016-01-08 11:51 - 2016-01-10 14:50 - 00000000 ____D C:\FRST
2016-01-08 11:49 - 2016-01-08 11:51 - 02370560 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun
2016-01-07 22:19 - 2016-01-07 22:19 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
2016-01-07 22:17 - 2016-01-07 22:17 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Oracle
2015-12-28 17:58 - 2015-12-28 17:58 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf
2015-12-28 17:50 - 2015-12-28 17:50 - 00192086 _____ C:\Users\Home\Downloads\PHCblank (2) 2.pdf
2015-12-24 15:48 - 2016-01-09 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-21 10:37 - 2015-12-21 10:39 - 01134660 _____ C:\WINDOWS\Minidump\122115-15875-01.dmp
2015-12-21 10:37 - 2015-12-21 10:37 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 09:40 - 2015-12-18 09:40 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 09:40 - 2015-12-18 09:40 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 09:39 - 2015-12-18 09:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 09:39 - 2015-12-18 09:39 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 09:39 - 2015-12-18 09:39 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 09:39 - 2015-12-18 09:39 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 09:39 - 2015-12-18 09:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-14 10:14 - 2015-12-14 10:14 - 00021870 _____ C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf
2015-12-12 18:19 - 2015-12-13 07:34 - 00000000 ____D C:\Users\Home\AppData\Local\MicrosoftEdge
2015-12-11 17:29 - 2015-12-11 17:29 - 00009832 _____ C:\Users\Home\Downloads\Oct-Nov 2015.csv
2015-12-11 15:16 - 2015-12-11 15:16 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 14:51 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-10 14:50 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-10 14:50 - 2014-04-29 22:03 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 14:47 - 2015-04-08 10:33 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BE98CCC-6E74-4604-A97E-D5BE555F42A5}
2016-01-10 14:45 - 2014-04-30 11:08 - 00000000 ___RD C:\Users\Home\Dropbox
2016-01-10 14:45 - 2014-04-30 07:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Dropbox
2016-01-10 14:44 - 2014-09-24 20:42 - 00000000 ___RD C:\Users\Home\Google Drive
2016-01-10 14:43 - 2015-12-07 15:05 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
2016-01-10 14:43 - 2014-04-29 22:03 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 00:25 - 2014-07-16 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 00:03 - 2015-07-08 08:52 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001UA.job
2016-01-09 23:57 - 2015-12-07 13:15 - 00881994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-09 23:57 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-09 23:51 - 2015-12-07 13:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-09 23:50 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-09 23:35 - 2014-05-17 10:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 23:29 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\addins
2016-01-09 23:29 - 2014-06-02 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 23:08 - 2014-05-17 10:06 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-09 23:08 - 2014-05-17 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-09 23:08 - 2014-05-17 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-09 23:06 - 2014-05-20 22:17 - 00000000 ____D C:\Users\Home\AppData\Local\CrashDumps
2016-01-09 23:05 - 2015-03-21 16:58 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-09 16:03 - 2015-07-08 08:52 - 00000870 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1634595136-4235292695-661162807-1001Core.job
2016-01-09 14:18 - 2015-03-21 16:58 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-08 17:12 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-08 12:19 - 2014-08-10 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-08 11:53 - 2015-10-29 23:28 - 00000000 ____D C:\Windows
2016-01-07 22:19 - 2015-12-07 12:55 - 00000000 ____D C:\Users\Home
2016-01-07 22:19 - 2014-04-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-07 22:18 - 2015-04-03 20:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-07 22:17 - 2014-06-14 23:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-06 19:05 - 2013-12-21 19:30 - 00000000 ____D C:\ProgramData\Temp
2016-01-05 15:17 - 2013-12-21 19:41 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-01-02 18:40 - 2015-10-30 00:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 18:40 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 17:53 - 2014-05-08 07:57 - 00000000 ____D C:\Users\Home\Desktop\Full Quiver Contracting
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-21 10:40 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-21 10:37 - 2014-05-24 08:25 - 849869029 _____ C:\WINDOWS\MEMORY.DMP
2015-12-17 08:55 - 2014-04-29 22:15 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 08:20 - 2014-04-29 21:01 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
2015-12-12 03:37 - 2015-12-07 12:49 - 00289720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 03:37 - 2014-05-03 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-12 03:36 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-11 03:30 - 2015-12-07 15:22 - 00002405 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-11 03:30 - 2015-12-07 15:22 - 00000000 ___RD C:\Users\Home\OneDrive

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll
C:\Users\Home\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-29 09:46

==================== End of FRST.txt ============================

Broni · Jan 10, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

mom26gr8kids · Jan 11, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Home (2016-01-11 18:34:25) Run:1
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {01F1B234-5332-4F45-9E5C-5307DEEE3355} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {184AE782-5353-4714-95B1-01307EF271D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {23C9DA80-C5C3-49F2-966D-292F77C2081B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {54E7BF06-B93A-4829-B1CD-D592CBFE7291} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {68B36AFD-B525-4944-9B7D-6888A21B73AD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {942546D9-BDD5-4CAC-9276-CF21378F05B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A46B902F-8C04-442A-8D2D-E20FD0E8353E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D66858EB-24F5-407C-AC63-13965EBF77AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D9CE8771-CA1E-4059-BD98-591805D8934B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F0B1EDDA-87A5-4D70-92CB-41BE27061CEC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ig7icd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4276.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAAC64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCUMD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMux64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig7icd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:13AA281B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD
AlternateDataStreams: C:\Users\Home\Downloads\2015 FI Brackets.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\adwcleaner_5.028.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Certificates_Templates1.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\DENVERSCHED v2.docx:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\EducationPacket.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Homeschool Policy 2014.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Oct-Nov 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank (2) 2.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCblank.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\PHCsample.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sample Transcript.doc:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sept 2015.csv:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\SPANISH_for_PC.zip:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets (3).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Transcript Form CCU Application.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\WR3076046.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Home\Downloads\YouArePerishableHere.jpg:$CmdZnID
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll
C:\Users\Home\AppData\Local\Temp\sqlite3.dll

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F1B234-5332-4F45-9E5C-5307DEEE3355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F1B234-5332-4F45-9E5C-5307DEEE3355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{184AE782-5353-4714-95B1-01307EF271D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184AE782-5353-4714-95B1-01307EF271D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C9DA80-C5C3-49F2-966D-292F77C2081B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C9DA80-C5C3-49F2-966D-292F77C2081B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54E7BF06-B93A-4829-B1CD-D592CBFE7291}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54E7BF06-B93A-4829-B1CD-D592CBFE7291}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68B36AFD-B525-4944-9B7D-6888A21B73AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68B36AFD-B525-4944-9B7D-6888A21B73AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{942546D9-BDD5-4CAC-9276-CF21378F05B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942546D9-BDD5-4CAC-9276-CF21378F05B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF65BA6-F8E2-45EB-A8C4-A4DD2A53897E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A46B902F-8C04-442A-8D2D-E20FD0E8353E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A46B902F-8C04-442A-8D2D-E20FD0E8353E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D66858EB-24F5-407C-AC63-13965EBF77AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66858EB-24F5-407C-AC63-13965EBF77AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9CE8771-CA1E-4059-BD98-591805D8934B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9CE8771-CA1E-4059-BD98-591805D8934B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0B1EDDA-87A5-4D70-92CB-41BE27061CEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0B1EDDA-87A5-4D70-92CB-41BE27061CEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"C:\WINDOWS\system32\ActiveSyncProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CustomModeApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CustomModeAppv2_0.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dfp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DfpCommon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dialserver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\difx64.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DPTopologyApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\DPTopologyAppv2_0.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\flvprophandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\fveapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\fveapibase.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\GfxUIEx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Gfxv2_0.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Gfxv4_0.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IccLibDll_x64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ig7icd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igd10iumd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdail64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdbcl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdde64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdfcl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdmd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdrcl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdumdim64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igdusc64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfx11cmrt64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxcmjit64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxcmrt64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxCoIn_v4276.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxCPL.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxCUIService.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxCUIServicePS.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDH.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDHLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDHLibv2_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDILib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDILibv2_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxDTCM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxEM.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxEMLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxEMLibv2_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxexps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxext.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxHK.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxLHM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxLHMLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxLHMLibv2_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxOSP.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\igfxTray.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iglhcp64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iglhsip64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\InstallAgent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelOpenCL64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiAAC64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiLogServer64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiMCUMD64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiMux64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiUMS64.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiUtils64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiVAD64.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\KnobsCore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\LicenseManager.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MapConfiguration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MapsStore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MBMediaManager.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MDEServer.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfasfsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MFCaptureEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfcore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MFMediaEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfmkvsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfmp4srcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfmpeg2srcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MFPlay.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfreadwrite.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mfsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\moshost.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\moshostcore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MSFlacDecoder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NetSetupApi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NetSetupEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NetSetupSvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\NetworkMobileSettings.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\OpenCL.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\policymanagerprecheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\provdatastore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\provengine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\provhandlers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\provisioningcsp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ProvPluginEng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\provtool.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\SkyDriveTelemetry.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\StorageUsage.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\StoreAgent.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\StorSvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wcmcsp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wcmsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wificonnapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wifinetworkmanager.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wifitask.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\win32kfull.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.Media.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WpcWebFilter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\XboxNetApiSvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ig7icd32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igd10iumd32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdail32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdbcl32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdde32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdfcl32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdmd32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdrcl32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdumdim32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igdusc32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igfx11cmrt32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igfxcmjit32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igfxcmrt32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\igfxexps32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iglhcp32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iglhsip32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\InstallAgent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\IntelOpenCL32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\LicenseManager.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MapConfiguration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MFCaptureEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfcore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MFMediaEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MFPlay.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfreadwrite.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mfsrcsnk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MSFlacDecoder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\NetSetupApi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\NetSetupEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\OpenCL.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\StoreAgent.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.Media.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\WpcWebFilter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\igdkmd64.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\Temp => ":13AA281B" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => "

DEB08FD" ADS removed successfully.
C:\Users\Home\Downloads\2015 FI Brackets.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\2015-05-10 mother's day gift.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\20150330_ResignationAcknowledgment.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\ableton_live_lite_9.1.8_32.zip => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\adwcleaner_5.028.exe" => ":$CmdTcID" ADS not found.
C:\Users\Home\Downloads\adwcleaner_5.028.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Attendance Calendar 2014 2015 (2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Attendance Calendar 2014 2015.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Attendance Calendar 2015 2016.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Baseball Tournaments 12 U (1).docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Baseball Tournaments 12 U Revised.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Baseball Tournaments 12 U.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Certificates_Templates1.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\DE HS Basketball Schedule 2015-16.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Deck Supervisor Self Evaluation.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\DENVERSCHED v2.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\EducationPacket.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Firefox Setup Stub 37.0.1.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
C:\Users\Home\Downloads\Homeschool Policy 2014.doc => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\Jan 20 -2015 - Home School Day Registration Form.doc" => ":$CmdZnID" ADS not found.
C:\Users\Home\Downloads\jre-8u40-windows-i586-iftw.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\JRT.exe" => ":$CmdTcID" ADS not found.
C:\Users\Home\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf" => ":$CmdTcID" ADS not found.
C:\Users\Home\Downloads\Kilgore_ niel's program - Sheet1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\MakeLaughterYourChocolate.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\NoPersonalChoiceThatMuddiedYourLife[1].jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Oct-Nov 2015.csv => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\PHCblank (1).doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\PHCblank (2) 2 (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\PHCblank (2) 2.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\PHCblank.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\PHCsample.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Sample Transcript.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Sept 2015.csv => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Songer, Kendra 1110B.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Sophos Virus Removal Tool.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\SPANISH_for_PC.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Statement1_from_Colorado_ACTS4468.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\tickets (3).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\tickets-4E9E05452D71B1470614.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Transcript Form CCU Application (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Transcript Form CCU Application.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Whooping Cough Notification Document (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\Whooping Cough Notification Document.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\WR3076046.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\Downloads\YouArePerishableHere.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqm0x.dll => moved successfully
C:\Users\Home\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 18:34:28 ====

Broni · Jan 11, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

mom26gr8kids · Jan 13, 2016

Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 40
Java 8 Update 66
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.267
Mozilla Firefox (43.0.4)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

mom26gr8kids · Jan 13, 2016

Farbar Service Scanner Version: 03-01-2016
Ran by Home (administrator) on 13-01-2016 at 11:37:24
Running from "C:\Users\Home\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

mom26gr8kids · Jan 13, 2016

Sophos found no threats

Broni · Jan 13, 2016

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

mom26gr8kids · Jan 18, 2016

After Delfix produced the notepad my desktop went to a black screen with no icons. All I had was the taskbar and I was unable to shut down my computer, I had the spinning wheel for a while and left my computer up for over an hour hoping that whatever was stuck loading would resolve itself and my desktop would reappear, but it did not. I had to shut it down by holding the power button and now my computer is doing the same thing as before. Minimized screens disappear, task bar doesn't work, windows start menu does not function, so I cannot shut computer down. When I shut the computer down it may have reverted to an infected restore point, but like I said the computer was not working anyway. I need to get to Word to get my husband's resume for a job interview he has this week, but Word isn't on my desktop and I cannot access it from the search menu. Any idea on how to get to file explorer so I can access that? Do I need to run all the scans again?

mom26gr8kids · Jan 18, 2016

This is what my SAS found when I ran a scan a few minutes ago.

PUP.DownloadAdmin/Variant
C:\USERS\HOME\DOWNLOADS\DOROPDFWRITER-SETUP.EXE

Broni · Jan 18, 2016

Probably false positive.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

mom26gr8kids · Jan 20, 2016

Tweaking.com - Windows Repair v3.8.1
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.10586
OS Service Pack:
Computer Name: DAD
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Home
Current Profile SID: S-1-5-21-1634595136-4235292695-661162807-1001
Current Profile Classes: S-1-5-21-1634595136-4235292695-661162807-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Home\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:01:53

Process Count: 30
Commit Total: 808.70 MB
Commit Limit: 4.57 GB
Commit Peak: 916.07 MB
Handle Count: 9471
Kernel Total: 230.73 MB
Kernel Paged: 179.41 MB
Kernel Non Paged: 51.32 MB
System Cache: 421.51 MB
Thread Count: 441
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.88 GB
Memory Used: 911.78 MB(22.9473%)
Memory Avail.: 2.99 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.88 GB
Memory Used: 757.65 MB(19.0682%)
Memory Avail.: 3.14 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (1/20/2016 9:55:23 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0

01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (1/20/2016 9:55:30 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done, 0.36 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done, 5.2 seconds.

Running Repair Under System Account
Done (1/20/2016 10:04:42 AM)

Reset File Permissions: C:
C: & Sub Folders
Start (1/20/2016 10:04:42 AM)

Running Repair Under Current User Account
Done (1/20/2016 10:20:13 AM)

Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (1/20/2016 10:20:13 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done, 0.17 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done, 0.25 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done, 0.63 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done, 0.17 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done, 0.2 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done, 3.0 seconds.

Running Repair Under Current User Account
Done (1/20/2016 10:24:45 AM)

Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (1/20/2016 10:24:45 AM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:24:47 AM)

03 - Reset Service Permissions
Start (1/20/2016 10:24:47 AM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:25:15 AM)

04 - Register System Files
Start (1/20/2016 10:25:15 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:26:28 AM)

05 - Repair WMI
Start (1/20/2016 10:26:28 AM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Exporting 3rd Party Firewall Info...
Running Repair Under Current User Account
Done (1/20/2016 10:30:55 AM)

06 - Repair Windows Firewall
Start (1/20/2016 10:30:55 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.2 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:31:33 AM)

07 - Repair Internet Explorer
Start (1/20/2016 10:31:33 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:32:10 AM)

08 - Repair MDAC/MS Jet
Start (1/20/2016 10:32:10 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:32:21 AM)

09 - Repair Hosts File
Start (1/20/2016 10:32:21 AM)
Running Repair Under System Account
Done (1/20/2016 10:32:22 AM)

10 - Remove Policies Set By Infections
Start (1/20/2016 10:32:22 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:32:27 AM)

11 - Repair Start Menu Icons Removed By Infections
Start (1/20/2016 10:32:27 AM)
Running Repair Under System Account
Done (1/20/2016 10:32:28 AM)

12 - Repair Icons
Start (1/20/2016 10:32:28 AM)
Running Repair Under Current User Account
Done (1/20/2016 10:32:29 AM)

13 - Repair Network
Start (1/20/2016 10:32:29 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.5 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:33:03 AM)

14 - Remove Temp Files
Start (1/20/2016 10:33:03 AM)
Running Repair Under System Account
Done (1/20/2016 10:33:04 AM)

15 - Repair Proxy Settings
Start (1/20/2016 10:33:04 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:33:06 AM)

17 - Repair Windows Updates
Start (1/20/2016 10:33:06 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.2 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (1/20/2016 10:33:57 AM)

18 - Repair CD/DVD Missing/Not Working
Start (1/20/2016 10:33:57 AM)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (1/20/2016 10:33:57 AM)

19 - Repair Volume Shadow Copy Service
Start (1/20/2016 10:33:57 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.22 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:34:45 AM)

20 - Repair Windows Sidebar/Gadgets
Start (1/20/2016 10:34:45 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:34:47 AM)

21 - Repair MSI (Windows Installer)
Start (1/20/2016 10:34:47 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.27 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:23 AM)

22 - Repair Windows Snipping Tool
Start (1/20/2016 10:35:23 AM)
Done (1/20/2016 10:35:23 AM)

23.01 - Repair bat Association
Start (1/20/2016 10:35:23 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:25 AM)

23.02 - Repair cmd Association
Start (1/20/2016 10:35:25 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:27 AM)

23.03 - Repair com Association
Start (1/20/2016 10:35:28 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:30 AM)

23.04 - Repair Directory Association
Start (1/20/2016 10:35:30 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:32 AM)

23.05 - Repair Drive Association
Start (1/20/2016 10:35:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:34 AM)

23.06 - Repair exe Association
Start (1/20/2016 10:35:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:36 AM)

23.07 - Repair Folder Association
Start (1/20/2016 10:35:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:38 AM)

23.08 - Repair inf Association
Start (1/20/2016 10:35:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:41 AM)

23.09 - Repair lnk (Shortcuts) Association
Start (1/20/2016 10:35:41 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:43 AM)

23.10 - Repair msc Association
Start (1/20/2016 10:35:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:45 AM)

23.11 - Repair reg Association
Start (1/20/2016 10:35:45 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:47 AM)

23.12 - Repair scr Association
Start (1/20/2016 10:35:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:49 AM)

24 - Repair Windows Safe Mode
Start (1/20/2016 10:35:50 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:35:52 AM)

25 - Repair Print Spooler
Start (1/20/2016 10:35:52 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.2 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:36:22 AM)

26 - Restore Important Windows Services
Start (1/20/2016 10:36:22 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done, 0.2 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:36:57 AM)

27 - Set Windows Services To Default Startup
Start (1/20/2016 10:36:57 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 10:37:05 AM)

Skipping Repair.
Due to a bug in the Windows 10 build 10586 the powershell command used to reinstall the apps and app store instead breaks them and deletes their install folders. Till Microsoft fixes this bug this repair is skipped for this version of Windows.
Current version: 10.0.10586

29 - Repair Windows 8/10 Component Store
Start (1/20/2016 10:37:06 AM)
Running Repair Under Current User Account
Done (1/20/2016 11:55:13 AM)

30 - Restore Windows 8/10 COM+ Unmarshalers
Start (1/20/2016 11:55:13 AM)
Running Repair Under System Account
[X] -----Job Complete----- Items Done: 1
Done (1/20/2016 11:55:16 AM)

31 - Repair Windows 'New' Submenu
Start (1/20/2016 11:55:16 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/20/2016 11:55:19 AM)

Skipping Repair.
Repair is for Windows v6 (Windows Vista & Newer) or higher.
Current version: 10.0.10586

33 - Repair Performance Counters
Start (1/20/2016 11:55:19 AM)
Running Repair Under Current User Account
Done (1/20/2016 11:55:23 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (1/20/2016 11:55:23 AM)
Total Repair Time: 02:00:02

...YOU MUST RESTART YOUR SYSTEM...

Solved PUP programs found

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Attachments

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Similar threads