jdhoward

Members
  • Content count

    114
  • Joined

  • Last visited

  • Time Online

    4d 20h 43m 43s

About jdhoward

  • Rank
    $$ Supporting Member

Profile Information

  • Gender
    Male
  • Location
    Roswell, NM
  • OS
    Windows 7
  • Computer specs
    Dell Inspiron 530,
    2.33 Gb Intel Core Duo processor,
    2Gb Memory
    XP3 fully updated

Profile Fields

  • Country
  1. Mornin' Everything seems to be normal!! You are a wizard. A couple of things: A few months ago Firefox decided WOT was dangerous so blocked from their browser...too bad because I relied on lot. Can you give me a thumbnail of the problem(s) you found ? Thanks again JD
  2. Good morning Broni: Security Check Log: Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avast Antivirus Malwarebytes Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 24.0.0.194 Adobe Reader XI Mozilla Firefox (51.0.1) Mozilla Thunderbird 31.3.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` FSS Log: Farbar Service Scanner Version: 27-01-2016 Ran by JDH (administrator) on 18-02-2017 at 06:16:05 Running from "C:\Users\JDH\Desktop\Downloaded\Infection" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****] TFC Ran OK Sophos said Clean. Thanks again.
  3. Here you are, sir. Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02 Ran by JDH (17-02-2017 20:49:32) Run:1 Running from C:\Users\JDH\Desktop\New folder Loaded Profiles: JDH (Available Profiles: JDH) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] S2 HPSLPSVC; C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll [X] <==== ATTENTION S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2016-05-06 13:58 - 2016-05-06 13:54 - 0002095 _____ () C:\Program Files\Instant_Restore_Point.vbs 2016-05-23 13:48 - 2016-05-23 13:44 - 0004107 _____ () C:\Program Files (x86)\0x0409.ini 2016-05-23 13:48 - 2016-05-23 13:45 - 21244416 _____ () C:\Program Files (x86)\Ancestral Quest 14.msi 2016-05-06 08:44 - 2014-07-11 12:09 - 0001786 _____ () C:\Program Files (x86)\Instant_Restore_Point.zip 2016-05-27 04:53 - 2016-05-27 04:53 - 0001181 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt 2016-05-27 04:53 - 2016-05-27 04:53 - 0000000 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2016-05-03 17:29 - 2017-02-15 05:55 - 0009288 _____ () C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 ____H () C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 _____ () C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} 2016-05-04 08:26 - 2016-05-19 15:08 - 0001100 _____ () C:\ProgramData\hpzinstall.log Task: {1A07B1E0-2F83-4F87-ABC5-E5FC9C8D2632} - \Seagate_Install_Launch -> No File <==== ATTENTION AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [130] AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\_MSRSTRT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPBMINI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lvcod64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUI64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUIRC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BDEADMIN.CPL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatImap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatMHT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lvcodec2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2RC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSFLXGRD.OCX:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\skype4com.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Tutil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DellProf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvrs64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvuvc64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\TEMP:631CA307 [280] ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key removed successfully HKLM\System\CurrentControlSet\Services\HPSLPSVC => key removed successfully HPSLPSVC => service removed successfully HKLM\System\CurrentControlSet\Services\catchme => key removed successfully catchme => service removed successfully C:\Program Files\Instant_Restore_Point.vbs => moved successfully C:\Program Files (x86)\0x0409.ini => moved successfully C:\Program Files (x86)\Ancestral Quest 14.msi => moved successfully C:\Program Files (x86)\Instant_Restore_Point.zip => moved successfully C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt => moved successfully C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully C:\Users\JDH\AppData\Roaming\wklnhst.dat => moved successfully C:\Users\JDH\AppData\Local\BIT88ED.tmp => moved successfully C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} => moved successfully C:\ProgramData\hpzinstall.log => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A07B1E0-2F83-4F87-ABC5-E5FC9C8D2632} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A07B1E0-2F83-4F87-ABC5-E5FC9C8D2632} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Seagate_Install_Launch => key removed successfully C:\Windows\avastSS.scr => ":$CmdTcID" ADS could not remove. C:\Windows\winhlp32.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\_MSRSTRT.EXE => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\acmigration.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\adsmsext.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\adtschema.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\advapi32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\aeinv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\aepic.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\apisetschema.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appidapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appidcertstorecheck.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appidpolicyconverter.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appidsvc.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appinfo.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\appraiser.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\asycfilt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\atmfd.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\atmlib.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\auditpol.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\authui.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\bcdedit.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\bcrypt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\bcryptprimitives.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\centel.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\certcli.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\chajei.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\cintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\CompatTelRunner.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\conhost.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\credssp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\crypt32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\cryptbase.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\cryptnet.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\cryptsvc.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\csrsrv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\D3DCompiler_41.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx10_41.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx11_42.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\D3DX9_40.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\D3DX9_42.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\davclnt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\dciman32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\devinv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\DevManagerCore.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\diagtrack.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\DWrite.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\dxtmsft.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\dxtrans.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\FntCache.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\fontsub.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ftlx0411.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ftlx041e.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ftsrch.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\FwRemoteSvr.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\generaltel.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\gpapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\gpsvc.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\HPBMINI.DLL => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\HPZ3LLHN.DLL => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ie4uinit.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieapfltr.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieetwcollector.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieetwcollectorres.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieetwproxystub.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\iernonce.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\iertutil.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\iesetup.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieui.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ieUnatt.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\IMJP10.IME => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\IMJP10K.DLL => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\imkr80.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\inetcomm.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\inetcpl.cpl => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\inetpp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\inetppui.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\INETRES.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\input.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\inseng.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\invagent.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\IPSECSVC.DLL => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\JavaScriptCollectionAgent.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\jscript.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\jscript9diag.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\jsproxy.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\kerberos.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\kernel32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\KernelBase.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\LogiDPP.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\LogiDPPApp.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\lpk.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\lsasrv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\lsass.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\lvcod64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\LVUI64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\LVUIRC64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\MpSigStub.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msaudite.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msctf.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msfeeds.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\MshtmlDac.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\mshtmled.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\mshtmlmedia.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msiexec.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msihnd.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msimsg.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msobjs.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msrating.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\MsSpellCheckingFacility.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\msv1_0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\MSVidCtl.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\mswsock.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ncrypt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\netbtugc.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\nlsbres.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ntdll.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ntprint.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ntprint.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ntvdm64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\occache.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\oleaut32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\phon.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\pintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\polstore.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\poqexec.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\qintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\quick.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\rpchttp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\rpcrt4.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\rstrui.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\schannel.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\secur32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\setbcdlocale.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\smss.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\srclient.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\srcore.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\sspicli.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\sspisrv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\StructuredQuery.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\tintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\TSpkg.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\tzres.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\UIAnimation.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\UtcResources.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\vbscript.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wdigest.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\webcheck.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\WebClnt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\win32spl.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winhttp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winipsec.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winload.efi => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winload.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winresume.efi => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\WinSetupUI.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\winsrv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wintrust.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wow64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wow64cpu.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wow64win.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wpnpinst.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\ws2_32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wuapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wuapp.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wuauclt.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wuaueng.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wucltux.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wudriver.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wups.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wups2.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\wuwebv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\X3DAudio1_5.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\X3DAudio1_6.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\X3DAudio1_7.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\xactengine3_3.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\xactengine3_4.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\xactengine3_7.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAPOFX1_2.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAPOFX1_3.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAPOFX1_4.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAudio2_3.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAudio2_5.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\XAudio2_6.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\adtschema.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\advapi32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\apisetschema.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\appidapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\asycfilt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\atmfd.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\atmlib.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\auditpol.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\authui.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\bcryptprimitives.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\BDEADMIN.CPL => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\certcli.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\chajei.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ChilkatImap.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ChilkatMHT.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\cintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\credssp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\crypt32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\cryptbase.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\cryptnet.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\cryptsvc.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\D3DCompiler_43.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx10_42.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\d3dx11_43.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\davclnt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\dciman32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\DevManagerCore.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\DWrite.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\dxtmsft.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\dxtrans.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\fontsub.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ftlx0411.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ftlx041e.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ftsrch.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\FwRemoteSvr.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\gdi32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\gpapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\hlink.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ieapfltr.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ieetwproxystub.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\iernonce.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\iertutil.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\iesetup.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ieui.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ieUnatt.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\IMJP10.IME => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\IMJP10K.DLL => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\imkr80.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\inetcpl.cpl => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\INETRES.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\input.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\inseng.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\instnm.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\jscript.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\jsproxy.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\kerberos.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\kernel32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\LogiDPP.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\LogiDPPApp.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\lpk.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\lvcodec2.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\LVUI2.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\LVUI2RC.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msaudite.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msctf.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msfeeds.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\MSFLXGRD.OCX => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\MshtmlDac.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\mshtmled.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\mshtmlmedia.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msiexec.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msihnd.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msimsg.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msobjs.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msrating.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\mswsock.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ncrypt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\netbtugc.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\nlsbres.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntdll.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntkrnlpa.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntprint.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntprint.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ntvdm64.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\occache.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\oleaut32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\olepro32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\phon.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\pintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\polstore.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\poqexec.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\qintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\quick.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\rpchttp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\schannel.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\secman.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\secur32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\setup16.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\skype4com.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\srclient.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\sspicli.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\StructuredQuery.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\tintlgnt.ime => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\Tutil32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\tzres.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\user.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\user32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\usp10.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\vbscript.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wdigest.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\webcheck.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\WebClnt.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\win32spl.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\winhttp.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\winipsec.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wintrust.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wow32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wuapi.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wuapp.exe => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wudriver.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wups.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\wuwebv.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\XAPOFX1_5.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\SysWOW64\XAudio2_7.dll => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\appid.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\bowser.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\DDDriver64Dcsa.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\DellProf.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\FWPKCLNT.SYS => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\lvrs64.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\lvuvc64.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\netbt.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\netio.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\ssudbus.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\ssudmdm.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\tcpip.sys => ":$CmdTcID" ADS removed successfully. C:\Windows\system32\Drivers\tcpipreg.sys => ":$CmdTcID" ADS removed successfully. C:\ProgramData\TEMP => ":631CA307" ADS removed successfully. ==== End of Fixlog 20:49:34 ====
  4. FRST ran but: as it started to run Addition I got this message: "Failed to update", I told it to continue. As it completed the scan "There is no disk in the drive. Please insert a disk into the drive \Device\Harddisk\DR2" :3 boxes Cacel Try Again Continue. None worked. I had to use Task manager to close it. I have run it 3 times same result I had to use Task Manager to close the message box. Finally I tried Safe Mode. Here are both logs. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02 Ran by JDH (administrator) on JDH-PC (17-02-2017 06:07:29) Running from C:\Users\JDH\Desktop\Downloaded Loaded Profiles: JDH (Available Profiles: JDH) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\JDH\Desktop\Downloaded\FRST64_2.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [TaskPlus] => C:\Program Files (x86)\TaskPlus\taskplus0.exe [4653056 2006-10-26] (Contact Plus Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2016-08-06] (Logitech Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [Toggler] => C:\Users\JDH\Desktop\Look Here\togglr10\toggler.exe [32256 2001-01-20] (Aestas Software) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-08] (SUPERAntiSpyware) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-23] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2016-05-08] ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Instant_Restore_Point.vbs [2016-05-06] () Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher Pro.lnk [2016-04-28] ShortcutTarget: MailWasher Pro.lnk -> C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe - Shortcut.lnk [2014-11-17] ShortcutTarget: Printkey.exe - Shortcut.lnk -> C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe (Fred's Software Company) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vws - Shortcut.lnk [2016-05-03] ShortcutTarget: vws - Shortcut.lnk -> C:\vws\vws.exe (Ambient, LLC) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WallMaster.lnk [2016-10-23] ShortcutTarget: WallMaster.lnk -> C:\Program Files (x86)\WallMaster\wallmast.exe (Tropical Wares) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E8F065C6-4355-457F-AC81-08B433728AE7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) Handler: WSISVCUchrome - No CLSID Value FireFox: ======== FF DefaultProfile: lylj0gt4.default FF ProfilePath: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default [2017-02-17] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo! FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.yahoo.com?fr=fp-comodo FF Keyword.URL: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Extension: (Simple Popup Blocker) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\@simplepopupblocker.xpi [2016-02-07] FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2016-05-13] FF Extension: (Email This! Bookmarklet Extension) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\gmailthis@lazyrussian.com.xpi [2016-04-27] FF Extension: (RememberPass) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\rememberpass@teesoft.info.xpi [2016-08-03] FF Extension: (Saved Password Editor) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-30] FF Extension: (Show Password) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\showpassword@pratikpoddar.xpi [2016-04-27] FF Extension: (Show Password Field) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2016-04-27] FF Extension: (Show/hide passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\shpassword@shpassword.fr.xpi [2016-04-27] FF Extension: (uBlock Origin) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-26] FF Extension: (Unhide Passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2016-04-27] FF Extension: (WOT) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-02] FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF SearchPlugin: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\searchplugins\google-lavasoft.xml [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 [2017-02-17] [not signed] FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2004-09-08] (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-23] (AVAST Software) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-25] (Paramount Software UK Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed] S2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [14696 2015-02-21] (Traysoft Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S2 HPSLPSVC; C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-23] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-23] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-23] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-23] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-23] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software) S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-11-12] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-11-12] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-10-22] (Samsung Electronics Co., Ltd.) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-02-15] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes) S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2016-05-02] (CACE Technologies, Inc.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-10-22] (Samsung Electronics Co., Ltd.) S3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2016-05-27] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-14] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-15 18:03 - 2017-02-16 05:29 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026.job 2017-02-15 18:03 - 2017-02-15 18:03 - 00003298 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026 2017-02-15 09:01 - 2017-02-15 09:01 - 00000000 ____D C:\Users\JDH\Desktop\Tools 2017-02-15 06:21 - 2017-02-15 06:21 - 00028473 _____ C:\ComboFix.txt 2017-02-15 06:03 - 2017-02-15 06:22 - 00000000 ____D C:\ComboFix 2017-02-15 06:03 - 2017-02-15 06:21 - 00000000 ____D C:\Qoobox 2017-02-15 06:03 - 2017-02-15 06:19 - 00000000 ____D C:\Windows\erdnt 2017-02-15 06:03 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe 2017-02-15 06:03 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe 2017-02-15 06:03 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe 2017-02-14 10:49 - 2017-02-14 10:49 - 00000000 ____D C:\Users\JDH\AppData\Roaming\HPPSDr 2017-02-14 10:20 - 2017-02-14 10:20 - 00000000 ____D C:\Users\JDH\AppData\Local\HP_Development_Company,_L 2017-02-14 08:47 - 2017-02-16 06:15 - 00000000 ____D C:\Users\JDH\Desktop\For Broni 2017-02-14 07:12 - 2017-02-14 07:12 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-14 07:12 - 2017-02-14 07:12 - 00001869 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2017-02-14 06:07 - 2017-02-14 13:25 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForJDH.job 2017-02-14 06:07 - 2017-02-14 10:20 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJDH 2017-02-13 18:17 - 2017-02-13 18:17 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Hewlett-Packard 2017-02-13 06:47 - 2017-02-13 06:47 - 00000000 ____D C:\Users\JDH\AppData\Local\Adobe 2017-02-13 06:13 - 2017-02-16 05:49 - 00000000 ____D C:\FRST 2017-02-08 06:32 - 2017-02-08 06:32 - 00001256 _____ C:\Users\JDH\Desktop\Contacts - Shortcut.lnk 2017-02-06 11:33 - 2017-02-06 11:39 - 00000000 ____D C:\Users\JDH\AppData\Roaming\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\ProgramData\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2017-02-05 09:01 - 2017-02-13 06:32 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2016 al 2017-02-05 08:17 - 2017-02-06 09:33 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2015 all 2017-02-03 09:13 - 2017-02-16 10:54 - 00000000 ____D C:\Users\JDH\Desktop\New taxfolder 2017-02-03 09:11 - 2017-02-15 18:01 - 00000000 ____D C:\Users\JDH\Desktop\Taxes all 2017-02-02 18:27 - 2017-02-16 10:54 - 00000000 ____D C:\Users\JDH\Desktop\Tax 16 first 2017-02-02 18:25 - 2017-02-16 10:50 - 00000049 _____ C:\Windows\TaxAct16.ini 2017-02-02 18:25 - 2017-02-05 08:13 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2016 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\Users\Public\Desktop\TaxAct 2016.lnk 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\ProgramData\Desktop\TaxAct 2016.lnk 2017-02-02 18:07 - 2017-02-16 10:06 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job 2017-02-02 18:07 - 2017-02-06 06:16 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job 2017-02-02 18:07 - 2017-02-02 18:07 - 00003502 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b 2017-02-02 18:07 - 2017-02-02 18:07 - 00003298 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4 2017-02-02 17:53 - 2017-02-02 17:53 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-02-02 14:33 - 2017-02-02 14:33 - 00000000 ____D C:\Users\JDH\AppData\Local\PDFCreator 2017-02-02 12:54 - 2016-08-23 14:37 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-01 15:29 - 2017-02-14 10:48 - 00000000 ____D C:\Users\JDH\Downloads\HP Downloads 2017-02-01 06:25 - 2017-02-01 06:26 - 00000000 ____D C:\Users\JDH\New folder 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\Users\Public\Documents\Thumbs.db 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\ProgramData\Documents\Thumbs.db 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Broderbund 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\ProgramData\Broderbund 2017-01-31 15:00 - 2017-02-02 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\Users\Public\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\ProgramData\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00000000 ____D C:\Program Files (x86)\Broderbund 2017-01-27 08:57 - 2017-02-15 06:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-27 08:56 - 2017-02-17 06:06 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-27 08:56 - 2017-02-17 06:06 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-27 08:56 - 2017-02-17 06:06 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-27 08:56 - 2017-02-17 06:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-27 08:56 - 2017-02-14 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-27 08:56 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-26 17:25 - 2017-01-26 17:25 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-26 07:41 - 2016-10-17 08:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2017-01-26 06:20 - 2017-01-26 06:20 - 00003156 _____ C:\Windows\System32\Tasks\{AB593C68-8660-4707-B8E7-32BCD60B4C29} 2017-01-21 10:50 - 2017-01-21 10:50 - 00003524 _____ C:\Windows\System32\Tasks\{2CC25046-AA9B-4949-82CA-8712B8B445C2} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-17 06:07 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Downloaded 2017-02-17 06:06 - 2016-05-29 14:45 - 02309776 _____ C:\Windows\ntbtlog.txt 2017-02-17 06:04 - 2016-11-21 06:09 - 00000000 ____D C:\Users\JDH\AppData\LocalLow\Mozilla 2017-02-17 06:04 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\DMCache 2017-02-17 05:52 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-17 05:52 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-17 05:48 - 2009-07-13 22:13 - 00848886 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-17 05:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2017-02-17 05:45 - 2016-05-03 08:05 - 00000000 ____D C:\Users\JDH\AppData\Roaming\MailWasherPro 2017-02-17 05:33 - 2016-05-02 22:03 - 00000000 __SHD C:\Users\JDH\IntelGraphicsProfiles 2017-02-17 05:32 - 2016-05-04 08:33 - 00000000 ____D C:\ProgramData\TEMP 2017-02-17 05:31 - 2016-05-04 04:49 - 00000000 ____D C:\Users\Public\Documents\PhoneTray 2017-02-17 05:31 - 2016-05-04 04:49 - 00000000 ____D C:\ProgramData\Documents\PhoneTray 2017-02-17 05:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-17 05:30 - 2016-05-02 17:40 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2017-02-16 10:46 - 2017-01-08 06:04 - 00000258 _____ C:\Users\JDH\Desktop\cd.txt 2017-02-16 09:35 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job 2017-02-15 06:16 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini 2017-02-15 05:55 - 2016-05-03 17:29 - 00009288 _____ C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-02-14 13:24 - 2016-05-30 10:45 - 00000000 ____D C:\Windows\pss 2017-02-14 10:56 - 2016-05-02 17:19 - 00000000 ___RD C:\Users\JDH\Desktop\Look Here 2017-02-14 10:43 - 2016-05-02 14:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2017-02-14 10:33 - 2016-05-02 14:22 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2017-02-14 10:20 - 2016-05-02 12:37 - 00000000 ____D C:\Users\JDH 2017-02-14 10:16 - 2016-05-02 18:38 - 00000000 ____D C:\Users\JDH\AppData\Local\ElevatedDiagnostics 2017-02-14 10:06 - 2016-08-23 14:40 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-02-14 09:56 - 2016-05-30 07:23 - 00000000 ____D C:\ProgramData\Comodo 2017-02-14 08:42 - 2016-04-16 08:00 - 00000000 ____D C:\AdwCleaner 2017-02-14 06:41 - 2016-12-25 06:17 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-02-14 06:41 - 2016-12-25 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-02-14 06:41 - 2016-12-25 06:16 - 00000000 ____D C:\Program Files\RogueKiller 2017-02-14 06:19 - 2016-05-02 17:21 - 00000000 ____D C:\Users\JDH\Desktop\MP3A 2017-02-13 18:17 - 2016-05-02 14:27 - 00000000 ____D C:\Users\JDH\AppData\Local\Hewlett-Packard 2017-02-13 18:10 - 2016-05-02 12:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-13 14:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-09 05:36 - 2016-05-06 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-02-06 10:43 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job 2017-02-06 10:33 - 2016-11-22 06:06 - 00000046 _____ C:\Windows\TaxAct15.ini 2017-02-06 09:42 - 2016-11-22 06:07 - 00000050 _____ C:\Windows\SysWOW64\msxkwn.vxp 2017-02-06 09:42 - 2016-10-08 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT 2017-02-06 06:16 - 2016-05-02 17:22 - 00000000 ____D C:\Users\JDH\Desktop\Trial Authors 2017-02-05 18:04 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Icons 2017-02-05 08:24 - 2016-05-05 13:41 - 00000000 ____D C:\Users\JDH\AppData\Roaming\vlc 2017-02-04 09:49 - 2016-05-04 14:14 - 00000000 ____D C:\Program Files (x86)\ACCUCHEF6 2017-02-04 06:29 - 2017-01-03 06:06 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2015 2017-02-03 09:14 - 2014-10-04 17:34 - 00000000 ____D C:\TaxACT 2017-02-02 18:06 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2017-02-02 18:05 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-02-02 17:59 - 2016-05-02 21:46 - 00000000 ____D C:\Windows\system32\MRT 2017-02-02 17:54 - 2016-05-02 21:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-02 16:03 - 2016-05-02 18:29 - 00003880 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462238943 2017-02-02 14:44 - 2016-05-02 22:03 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Adobe 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ____D C:\ProgramData\Skype 2017-02-02 12:53 - 2016-12-08 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2017-02-02 12:53 - 2016-05-24 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 2017-02-02 12:53 - 2016-05-07 08:01 - 00000000 ____D C:\Program Files\PDFCreator 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\Users\Public\Documents\Downloaded 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\ProgramData\Documents\Downloaded 2017-02-02 12:52 - 2016-11-11 11:37 - 00000000 ____D C:\ProgramData\PCDr 2017-02-02 12:52 - 2016-10-11 08:23 - 00000000 ____D C:\ProgramData\Macrium 2017-02-02 12:52 - 2016-10-08 08:31 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IrfanView 2017-02-02 12:52 - 2016-05-24 05:13 - 00000000 ____D C:\Program Files\Tracker Software 2017-02-02 12:52 - 2016-05-20 09:40 - 00000000 ____D C:\Users\JDH\AppData\Local\QuickenWindow 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\ProgramData\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-10 17:32 - 00000000 ____D C:\Program Files (x86)\Kyodai Mahjongg 2017-02-02 12:52 - 2016-05-08 14:45 - 00000000 ____D C:\Users\JDH\AppData\Local\Traysoft_Inc 2017-02-02 12:52 - 2016-05-06 17:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-02-02 12:52 - 2016-05-05 16:32 - 00000000 ____D C:\Program Files (x86)\On This Day 2017-02-02 12:52 - 2016-05-05 16:30 - 00000000 ____D C:\Program Files (x86)\Second Site 2017-02-02 12:52 - 2016-05-05 05:25 - 00000000 ____D C:\ProgramData\Logitech 2017-02-02 12:52 - 2016-05-04 08:29 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2017-02-02 12:52 - 2016-05-04 05:12 - 00000000 ____D C:\ProgramData\Adobe 2017-02-02 12:52 - 2016-05-03 12:24 - 00000000 ____D C:\ProgramData\Intuit 2017-02-02 12:52 - 2016-05-03 12:15 - 00000000 ____D C:\ProgramData\LogiShrd 2017-02-02 12:52 - 2016-05-02 21:29 - 00000000 ____D C:\Program Files (x86)\WallMaster 2017-02-02 12:52 - 2016-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Password Corral v4.0 2017-02-02 12:52 - 2016-05-02 18:19 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-02-02 12:52 - 2016-05-02 13:41 - 00000000 ____D C:\ProgramData\HP 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Users\JDH\AppData\Local\NETGEARGenie 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie 2017-02-02 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2017-02-01 15:44 - 2016-12-26 18:08 - 00000000 ____D C:\Users\JDH\AppData\Local\CrashDumps 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\Users\Public\Documents\Track 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\ProgramData\Documents\Track 2017-01-31 16:26 - 2016-05-08 07:40 - 00114424 _____ C:\Users\JDH\AppData\Roaming\GDIPFONTCACHEV1.DAT 2017-01-29 06:09 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IDM 2017-01-28 05:30 - 2016-05-02 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-27 18:31 - 2016-11-21 06:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-26 06:19 - 2016-05-04 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2017-01-24 06:23 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Hold 2017-01-24 05:58 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Geneology programs 2016 2017-01-23 05:52 - 2016-05-14 17:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-23 05:52 - 2016-05-14 17:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-23 05:52 - 2016-05-14 17:16 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-23 05:52 - 2016-05-04 14:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-21 10:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME 2017-01-21 10:50 - 2016-12-30 08:50 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo 2017-01-21 10:50 - 2016-06-11 04:50 - 00000000 ____D C:\Users\JDH\AppData\Local\Deployment ==================== Files in the root of some directories ======= 2016-05-06 13:58 - 2016-05-06 13:54 - 0002095 _____ () C:\Program Files\Instant_Restore_Point.vbs 2016-05-23 13:48 - 2016-05-23 13:44 - 0004107 _____ () C:\Program Files (x86)\0x0409.ini 2016-05-23 13:48 - 2016-05-23 13:45 - 21244416 _____ () C:\Program Files (x86)\Ancestral Quest 14.msi 2016-05-06 08:44 - 2014-07-11 12:09 - 0001786 _____ () C:\Program Files (x86)\Instant_Restore_Point.zip 2016-05-27 04:53 - 2016-05-27 04:53 - 0001181 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt 2016-05-27 04:53 - 2016-05-27 04:53 - 0000000 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2016-05-03 17:29 - 2017-02-15 05:55 - 0009288 _____ () C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 ____H () C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 _____ () C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} 2016-05-04 08:26 - 2016-05-19 15:08 - 0001100 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-31 11:42 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02 Ran by JDH (17-02-2017 06:08:15) Running from C:\Users\JDH\Desktop\Downloaded Windows 7 Home Premium Service Pack 1 (X64) (2016-05-02 19:37:43) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2061720530-3619408701-3326269976-500 - Administrator - Disabled) ASPNET (S-1-5-21-2061720530-3619408701-3326269976-1002 - Limited - Enabled) Guest (S-1-5-21-2061720530-3619408701-3326269976-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2061720530-3619408701-3326269976-1005 - Limited - Enabled) JDH (S-1-5-21-2061720530-3619408701-3326269976-1000 - Administrator - Enabled) => C:\Users\JDH ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3MCloudLibrary PC (QML) 1.38 (HKLM-x32\...\3MCloudLibrary PC (QML)) (Version: 1.38 - 3M) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) AccuChef (HKLM-x32\...\AccuChef) (Version: - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe PhotoDeluxe Home Edition 4.0 (HKLM-x32\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Ancestral Quest 14 (HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\InstallShield_{9D8D4F74-CB30-4DCD-8FAA-C3F2FA31112D}) (Version: 14.00.0033 - Incline Software, LC) Ancestral Quest 14 (x32 Version: 14.00.0033 - Incline Software, LC) Hidden Angel Sound (HKLM-x32\...\{8C8FC4CE-542B-48AA-9804-539A0018C419}) (Version: 5.08.03 - ) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell) Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.50 - NCH Software) Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) GenSmarts (HKLM-x32\...\GenSmarts_is1) (Version: - Underwood Innovations, LLC) Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\{7F1C9E82-84D4-4EBC-BA12-B0BA927D9DD7}) (Version: 1.1.1 - Encore Software, Inc.) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Kazoo Player (HKLM-x32\...\Kazoo Player) (Version: - ) Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version: - Rene-Gilles Deberdt) Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Logitech Camera Diagnostic (HKLM-x32\...\LogiUCDiagnostic) (Version: 1.1.74.0 - Logitech Europe S.A.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version: - ) MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mavis Beacon Teaches Typing 18 (HKLM-x32\...\{5B049B61-0684-460E-A5F2-5EC314590344}) (Version: 18.00.0000 - Broderbund) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8260 - MyHeritage.com) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.) On This Day (HKLM-x32\...\On This Day) (Version: - ) OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.) PaperPort 7.0 (HKLM-x32\...\PaperPort 7.0) (Version: - ) Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version: - Cygnus Productions) PCIe Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCIE_HSF) (Version: 7.80.5.0 - Conexant Systems) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH) PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version: - Traysoft Inc.) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.80 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Second Site (HKLM-x32\...\Second Site) (Version: - ) Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games) Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - ) Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version: - ) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.08 - NCH Software) Task Plus 3.9.9.6 (HKLM-x32\...\Task Plus 3.9.9.6) (Version: - ) TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 0.90 - TaxACT, Inc.) TaxAct 2015 1040 Edition (HKLM-x32\...\TaxAct 2015 1040 Edition) (Version: 1.09 - TaxAct, Inc.) TaxAct 2015 New Mexico (HKLM-x32\...\TaxAct 2015 New Mexico) (Version: 1.0 - TaxAct, Inc.) TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.02 - TaxAct, Inc.) TaxAct 2016 New Mexico (HKLM-x32\...\TaxAct 2016 New Mexico) (Version: 1.0 - TaxAct, Inc.) The Master Genealogist (for JDH) (HKLM-x32\...\The Master Genealogist (for JDH)) (Version: 6.x - Wholly Genes Software) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.20 - Tweaking.com) Virtual Weather Station (HKLM-x32\...\{0F5E3399-70D0-4816-BDD7-17376BFD076C}) (Version: 6.0.90 - Ambient Weather) Virtual Weather Station (HKLM-x32\...\{CD4215A0-AAF4-11D5-8879-0800460222F0}) (Version: 1.0.0 - Ambient, LLC) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WallMaster (HKLM-x32\...\WallMaster) (Version: 2.4a - Tropical Wares) WeatherLink 6.0.3 (HKLM-x32\...\{E344C807-7DE0-4CC2-81BB-1F895CF8CBDF}) (Version: 6.0.3 - Davis Instruments Corp.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Works Suite OS Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works Synchronization (x32 Version: 1.0.0.0000 - Your Company Name) Hidden Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04AEBCEB-A396-454F-B34A-4EC54E171EF1} - System32\Tasks\{EED08AEF-5C42-4101-A7D3-99CB11BBA175} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {0D0DF84B-2AEC-4E12-94F9-59ED465E50BE} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2016-10-21] (SUPERAdBlocker.com) Task: {0FC8E73E-0BE2-4D70-8628-88D7CDBA5FA1} - System32\Tasks\{F5381A97-016C-462D-8CD8-398B10122A66} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Task: {1175E6B0-0DA4-4888-A5E0-F1CA103559F6} - System32\Tasks\{8270E849-7D4F-4477-A3A2-12AEBA5EB83F} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {1223A4C1-8777-492C-B035-041CEBFBF681} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {19CC3F09-AE20-472A-9046-760CCBB1BEE6} - System32\Tasks\{41CF331B-CF44-442B-86AD-FD69FA233841} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {1A07B1E0-2F83-4F87-ABC5-E5FC9C8D2632} - \Seagate_Install_Launch -> No File <==== ATTENTION Task: {1A8BE35F-E161-45E4-BE13-6C3E05C992FE} - System32\Tasks\{2CC25046-AA9B-4949-82CA-8712B8B445C2} => pcalua.exe -a C:\Users\JDH\AppData\Local\Apps\2.0\6OG1TXNR.BJV\N4NBWEA4.AB4\lsb...tion_2d7b41b05b24775e_0001.0006_4bceeba4eec9b58a\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=2d7b41b05b24775e, processorArchitecture=msil" Task: {249A49D9-CBE5-4CB3-B496-65E9697DE523} - System32\Tasks\{8C87EA47-6027-4549-BEE5-4378179BB340} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-01-23] (Skype Technologies S.A.) Task: {2887828A-EE17-49D8-99FA-EC7574318D91} - System32\Tasks\{98ADB776-4ECF-4AC8-A9E2-2F58595F7155} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {31E144DD-C3E8-4FA1-B668-87E93C4D9454} - System32\Tasks\{AFF8E77B-EA56-45C4-BCEF-32E4EF6D1B2B} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {32B3A1AD-F321-4516-98C3-473DCDE945DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-23] (AVAST Software) Task: {3CF0E9A9-45B6-4B8D-881C-AE6D0C5F212D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {40794810-9B99-446C-A1D7-687432ABC0D8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe Task: {4206A202-E25C-4B71-802F-69EBF547FE26} - System32\Tasks\{EAEA4D46-7A05-4EAF-862E-F5A42B6192C2} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\irfanview_plugins_442_setup.exe -d C:\Users\JDH\AppData\Roaming\IDM Task: {44B12EF7-586B-41F9-94D3-88DE06C9E5B1} - System32\Tasks\{095EB12E-B5D9-442C-9D22-F1639B0C3C03} => G:\Installed 1-28-2014\cfw_installer.exe Task: {45B44890-5B57-4F3E-8917-F78EEC7B1D14} - System32\Tasks\{06C03EDC-0947-4C59-A1AD-06A3D039F5EF} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {498FBA70-3B72-42D5-83FE-2AF578B5C2CA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {56B52C21-559F-4C84-890C-A84FBCA9FB41} - System32\Tasks\HPCeeScheduleForJDH => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {57F15C39-9C2C-4359-8587-2B67A02D60A5} - System32\Tasks\{AB593C68-8660-4707-B8E7-32BCD60B4C29} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\iview444_setup.exe -d C:\Users\JDH\Desktop\Downloaded Task: {586DCD05-05E3-47AD-B817-4195A8257965} - System32\Tasks\Amazon Music Helper => C:\Users\JDH\AppData\Local\Amazon Music\Amazon Music Helper.exe Task: {6360D140-A708-449A-AD07-D2099DAA1D8A} - System32\Tasks\{1BD2978F-AD8C-4B6D-90DF-AD5FF6ADB2CE} => G:\Installed 1-28-2014\cfw_installer.exe Task: {671BE522-F588-4924-AA3E-251130B62C6B} - System32\Tasks\{453B52F3-ABE7-48BC-8040-65A962F2C3EE} => C:\Users\JDH\Desktop\Downloaded\ReflectDL.exe Task: {679C6681-B021-4B74-8799-CEA044DE0A6D} - System32\Tasks\{62A5050D-2305-4418-BF15-E8BA27E76897} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {6CBC10B1-EDFB-43D9-980E-6DF3ABFA282E} - System32\Tasks\{081F98BF-76A8-432E-A483-EF4C64418D52} => C:\Users\JDH\Desktop\Downloaded\cmd_fw_installer_6113_c7.exe Task: {718BF64F-B02B-4E69-8956-919F799E19C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.) Task: {75E940AC-997A-4DB1-8957-5D17CB630C6A} - System32\Tasks\{0CEF0028-8057-4F93-93C6-9AB49871E957} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {77F483C9-89DD-49D0-94FA-9216B2F112A0} - System32\Tasks\{CAAFE37D-ADE4-4539-A348-1F7BF5B43408} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {78E7F8E4-47BD-401A-8756-548FA46E394B} - System32\Tasks\{0767326D-7D28-4922-882F-BFE72176711E} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {7E5E60F5-62BE-40AA-BD6A-E2B816DB08AC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {7F781B12-D64E-4D82-95C0-BF4619C46092} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {8252D636-70CC-4EBD-92F6-E27A395B5218} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {829FE975-7CED-44FB-ACBA-32FD78672B11} - System32\Tasks\{764CCB02-3217-4EED-B7BC-6A94A8AE451A} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {8C4B9790-466E-4A35-81A6-AE5B42A90171} - System32\Tasks\SafeZone scheduled Autoupdate 1462238943 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {8C646C2E-7544-4E7C-A965-250D30479C0B} - System32\Tasks\{CAE1FBF1-67E7-4137-B590-456AA4A48B5F} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {92CBF185-3762-47C8-98D8-2135CCE1823F} - System32\Tasks\{3BAFCCF7-0EA2-45AC-A769-08B13AA1E5DF} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {98DA179C-60D7-4C33-941A-3BDA3FD34D74} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {994D232C-E8CD-439C-A74A-7B8A40C04AB4} - System32\Tasks\{EFFB50B4-47E6-46CB-8538-A9431F71837C} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\prodemo.exe -d C:\Users\JDH\Desktop\Downloaded Task: {9DD27CD6-8EE0-419B-B4D7-CF2086FF2E92} - System32\Tasks\{CEA11EB9-58BB-4F94-A9FC-4D6E9DE98734} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {A1F1C10D-0B75-41C1-BABA-A56CBD77D1AA} - System32\Tasks\Instant Restore Point => C:\Users\JDH\Desktop\Enable_System_Restore.reg Task: {A4234BB1-898D-4E2F-B107-E2F11F25FC8C} - System32\Tasks\{DDE60B7D-BBE9-4EA4-9827-8FFED1E38D53} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\sp76302.exe -d C:\Users\JDH\AppData\Roaming\IDM Task: {A650D7C9-19EE-46A6-97F8-459D855A18AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {A7C610A6-22C8-4AEC-8898-3040DD3E15F4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {AAE2FDBD-7A49-40F8-AC94-B55B03AB73DC} - System32\Tasks\{806FBC91-4D78-4FA8-981C-FE76CBB89812} => J:\Seagate Dashboard Installer.exe Task: {AE46E20A-C51A-4DB5-8400-CA83D6CBF400} - System32\Tasks\{09E56518-161F-4049-A8B8-84F1258F4010} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {B2FA4A26-19FA-4CF4-B14E-2A3EF51C35EB} - System32\Tasks\{ADF3114F-34E7-4005-8E43-68AE2E98BC89} => C:\vws\vws.exe [2014-01-31] (Ambient, LLC) Task: {B5FCC42F-4AC5-48BF-B543-4683709CA593} - System32\Tasks\{7D8C7752-565E-4428-9309-ED15B3736612} => C:\Program Files\HP PhotoSmart\Photo Printing\Hpi_Print.exe [2000-01-28] () Task: {B9E9EA9F-6928-49C2-B0CC-B34890336F78} - System32\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2016-10-21] (SUPERAdBlocker.com) Task: {BDC9665C-316D-4575-BB40-FD8D7004A23C} - System32\Tasks\{E627E7B8-A902-473C-90CE-BC831A7F2133} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {C0F7C841-9B56-4117-B3C1-AF82CFF82CB2} - System32\Tasks\{AB49E33D-2BE3-4A67-8E9E-00B6214A9210} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {C4436F99-6091-4470-922A-D6412EF446B1} - System32\Tasks\{75890868-D4B2-4A1D-8440-C9F543A297A9} => C:\Users\JDH\Desktop\Downloaded\VueMinder_Lite_Setup.exe Task: {C5DA29B4-D0A1-43A0-B05B-AD7DF8FAC6A9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {C6D8D6FA-37CB-4F28-AA23-BE0D030D9AC3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2016-10-21] (SUPERAdBlocker.com) Task: {C9983F33-34B9-4E6B-94AF-5E7E3952CB9F} - System32\Tasks\{C9D6417A-B312-4958-A00E-2A0EF6D0B142} => G:\Installed 1-28-2014\cfw_installer.exe Task: {CD0CEF0F-427F-4BD6-AE4F-AEA2C2A857E9} - System32\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4} => C:\program files\macrium\reflect\Reflect.exe [2016-12-25] (Paramount Software UK Ltd) Task: {D0068933-101A-40B7-BABA-0E4879545361} - System32\Tasks\{40D7A763-9FB1-4C46-AA5F-BBBDCA820EE6} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {DB8479F0-DA7F-46EA-AD2D-4440E2632C17} - System32\Tasks\{95C90735-7BA6-425F-A88C-E10955A5479F} => C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\Hoyle Puzzle Games.exe [2011-11-14] (Encore Software, Inc.) Task: {DDCF9169-B3D8-4A51-8E46-8DA1553161B2} - System32\Tasks\{B8DBF594-3073-4700-BB11-6B728A98FF57} => C:\Users\JDH\Desktop\Downloaded\ReflectDL.exe Task: {E094EEFD-3622-4A83-9584-86B447D57328} - System32\Tasks\{0BE401E4-322F-494D-8FB0-EE9849E2D159} => pcalua.exe -a "G:\Installed 1-28-2014\Accuchef\quick66.exe" -d "G:\Installed 1-28-2014\Accuchef" Task: {E1C388DF-B7E6-4EA8-8AC6-97BDD35195EA} - System32\Tasks\{20057952-9B11-4BB9-8771-579F10484968} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {E89EF427-C383-45F0-98B7-75CACE68E44C} - System32\Tasks\{7B0CC61C-9C93-4FF7-AB7D-1252FEE4E99A} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {E9B96CA7-0938-4256-A54D-ED12A272C0A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.) Task: {EB336520-5095-4791-BCFA-1E63593275BB} - System32\Tasks\{4498D62C-2EE8-4C76-9378-C499F2ECFFC8} => J:\Seagate Dashboard Installer.exe Task: {EDF3B622-DABB-4D0D-9115-F5AF1D39ED34} - System32\Tasks\{C3B22D8C-C3AB-4514-A42F-FC050475CAE4} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {F02284C6-8774-43AA-AD8C-95290888D65F} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {F1649E90-22B3-46B1-8BF3-0B0A8A056C9F} - System32\Tasks\{55A96AC1-A544-4F10-BFF0-E8E40990504A} => C:\Program Files (x86)\Firaxis Games\Sid Meier's Pirates!\Pirates!.exe [2005-09-17] (Firaxis Games) Task: {F26291AF-4BA0-4D9F-B97C-84AB9E952B71} - System32\Tasks\{4D7DD50A-9807-4BF6-B39A-DC0888EB8A99} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {FB30624B-11EA-4D1B-AC42-1F1355AC36E0} - System32\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6} => C:\program files\macrium\reflect\Reflect.exe [2016-12-25] (Paramount Software UK Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForJDH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job => C:\program files\macrium\reflect\Reflect.exe _-e -w -dp F:\Macrium Backups\JDH new 1-5.xml Task: C:\Windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job => C:\program files\macrium\reflect\Reflect.exe _-e -w -dp F:\Macrium Backups\JDH new 1-5.xml Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\JDH\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\JDH\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============== 2017-01-26 17:25 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-27 08:56 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-26 17:25 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [130] AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\_MSRSTRT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPBMINI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lvcod64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUI64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUIRC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BDEADMIN.CPL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatImap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatMHT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lvcodec2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2RC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSFLXGRD.OCX:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\skype4com.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Tutil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DellProf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvrs64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvuvc64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\TEMP:631CA307 [280] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2017-02-15 06:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\WallMaster\WallMaster Wallpaper.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{7C0C0D20-DD74-4DB1-8F72-6262601547BE}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{2A031FD4-7307-42AD-B899-A66075C3845C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{E39E9A6C-D92A-4A03-A603-5A2E236DD45E}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{3BB2D049-875C-4437-8B03-7DBF0722E0BA}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{50680A4C-A432-47FD-AA31-F05719DFBAEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0DA73C0E-77F4-430B-9FBB-FD9A71A7F151}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD55F771-09A1-4D76-AFF5-377AA0E457FA}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe FirewallRules: [{1169E2F7-1B48-4EC6-BF86-AB95CF300A74}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe FirewallRules: [{0E9F4DFC-A289-46B9-97A9-8F6901D4EA62}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe FirewallRules: [{0C89D318-0CF4-4A21-B1A2-7A9ABC353F60}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{10F61D4A-F6DC-4D6C-8EF2-26FB0E8F3161}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{21044246-F344-40F1-96A4-2EA44016A80C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{249625FF-8D9D-424E-A833-B4DEE9ED59B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{72A0CDED-E5F9-4C1A-81E6-3D99A9CA8B65}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{DD7128F4-79E8-42B2-A5C9-9A3F0A9DC4D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{6AB1B723-A3EB-4BDB-81E4-315FBD35DE66}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{3DD061BA-3004-4025-99C8-27DC70A410F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{DEF4E321-6BB0-43B1-A6C3-3EDD5456D2CD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{504C4659-5212-45CE-A1F2-7731F363F8AB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{4064A8FB-565D-4515-9309-29036B715791}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe FirewallRules: [{1FBE00E4-D7E5-4EB9-BB3C-3339B5DA6A1C}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe FirewallRules: [{08849F06-E964-4062-BA6F-ACB0F582D16F}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe FirewallRules: [{7D073FE9-5DD5-4B0F-8078-77BFD2491D33}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe FirewallRules: [{307F277F-1D96-4ABE-9E91-027B417320F2}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe FirewallRules: [{B25BF34D-DAA5-4776-80C9-8D3187F63D76}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{B2A3F07A-E2FD-4380-85CC-BB73E33950D9}C:\program files (x86)\kyodai mahjongg\kmj.exe] => (Allow) C:\program files (x86)\kyodai mahjongg\kmj.exe FirewallRules: [UDP Query User{3FCF231A-8DDF-45BE-A51A-B2D83B0640A0}C:\program files (x86)\kyodai mahjongg\kmj.exe] => (Allow) C:\program files (x86)\kyodai mahjongg\kmj.exe FirewallRules: [{2B6AE878-7ECC-4A71-803F-19B5EFC013A9}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe FirewallRules: [{DF6ABE72-A16E-4B93-A617-E6045ABB6181}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe FirewallRules: [{2CAAB260-1994-4BA6-B047-C23875657B7D}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe FirewallRules: [{50953EB0-3EFE-49F1-941B-A907F800D53C}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe FirewallRules: [{2FA51DA4-322E-49A1-B2FD-E3B7FCC347BB}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe FirewallRules: [{CB010687-4C6E-4580-80E7-949DC48230A1}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe FirewallRules: [{6BCE6265-AFA4-44AC-9C82-FD3781158E96}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe FirewallRules: [{BFB6B92C-A56C-42C2-BFC6-4823E10BCB74}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe FirewallRules: [{1D7D6F58-2DFA-477D-802B-4AD99FC29554}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe FirewallRules: [{29A948D2-B545-41B1-9B7C-B7A354C6B98B}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe FirewallRules: [{1B7A3E61-3009-4A5B-B0E2-9F6844A2F25B}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe FirewallRules: [{C0378B7E-E50A-4864-BD7A-C35EE4F884A8}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe FirewallRules: [{85C3C47E-5916-438D-83B3-3D5C90CFA32A}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe FirewallRules: [{547A1488-7577-40E6-92B5-41ACC17D7017}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe FirewallRules: [{BA96B2B8-9EFC-43FE-9140-74D728A1D711}] => (Allow) LPort=8888 FirewallRules: [{EE6F7FB9-6AB8-4A33-89CB-17629D341C2F}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS25D9\HPDiagnosticCoreUI.exe FirewallRules: [{BD487495-9B3F-42D1-B6F2-1DC927F0B063}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS25D9\HPDiagnosticCoreUI.exe FirewallRules: [{5A492A9E-4F1F-4705-A7A5-C2998B4A150D}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4C2C\HPDiagnosticCoreUI.exe FirewallRules: [{979591F1-3692-4D13-BF08-0AFF0013A54D}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS4C2C\HPDiagnosticCoreUI.exe FirewallRules: [{81F3A426-84A4-4DEE-95E3-08A6F80BF140}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS0E63\HPDiagnosticCoreUI.exe FirewallRules: [{D3BD2701-2134-4A56-B5EC-CAFAD0E5B115}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS0E63\HPDiagnosticCoreUI.exe FirewallRules: [{3450CB1F-6D09-43D6-ACA1-A8A70A01E43B}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS1D8E\HPDiagnosticCoreUI.exe FirewallRules: [{33BABE38-5E1A-42FD-A99A-49643008A559}] => (Allow) C:\Users\JDH\AppData\Local\Temp\7zS1D8E\HPDiagnosticCoreUI.exe ==================== Restore Points ========================= 12-02-2017 12:29:58 Instant Restore Point 13-02-2017 02:35:31 Instant Restore Point 13-02-2017 06:45:45 Instant Restore Point 13-02-2017 07:21:43 Instant Restore Point 13-02-2017 09:36:36 Instant Restore Point 13-02-2017 09:51:33 Instant Restore Point 13-02-2017 09:57:30 Instant Restore Point 13-02-2017 14:05:30 Instant Restore Point 13-02-2017 18:15:20 Instant Restore Point 14-02-2017 05:52:43 Instant Restore Point 14-02-2017 09:16:10 Instant Restore Point 14-02-2017 10:32:16 Removed HP Support Solutions Framework 14-02-2017 10:32:51 Removed HP Support Assistant. 14-02-2017 10:42:05 Revo Uninstaller's restore point - HP Support Solutions Framework 14-02-2017 10:42:24 Removed HP Support Solutions Framework 14-02-2017 13:27:13 Instant Restore Point 15-02-2017 05:29:59 Instant Restore Point 15-02-2017 06:16:36 Instant Restore Point 15-02-2017 06:29:51 Instant Restore Point 16-02-2017 05:31:52 Instant Restore Point 17-02-2017 05:33:40 Instant Restore Point ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Deskjet 6980 series Description: Deskjet 6980 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2017 06:00:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 15.2.2017.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b98 Start Time: 01d2891d3e22d397 Termination Time: 8430 Application Path: C:\Users\JDH\Desktop\Downloaded\FRST64.exe Report Id: fcb07f6a-f510-11e6-8f43-c1573169b9a4 Error: (02/17/2017 05:52:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 15.2.2017.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d24 Start Time: 01d2891c86e9d49a Termination Time: 6604 Application Path: C:\Users\JDH\Desktop\Downloaded\FRST64.exe Report Id: f504e8cf-f50f-11e6-8f43-c1573169b9a4 Error: (02/17/2017 05:33:19 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/16/2017 06:16:14 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 12.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 160c Start Time: 01d28856318cfc51 Termination Time: 14033 Application Path: C:\Users\JDH\Desktop\Downloaded\Infection\FRST64.exe Report Id: 0ac36352-f44a-11e6-b0ff-91a08106cca5 Error: (02/16/2017 06:04:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 15.2.2017.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 87c Start Time: 01d2885507221527 Termination Time: 12898 Application Path: C:\Users\JDH\Desktop\Downloaded\FRST64.exe Report Id: Error: (02/16/2017 05:56:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 12.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1628 Start Time: 01d2885379a6b096 Termination Time: 46301 Application Path: C:\Users\JDH\Desktop\FRST64.exe Report Id: 3ba65e93-f447-11e6-b0ff-91a08106cca5 Error: (02/16/2017 05:51:20 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 12.2.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15ac Start Time: 01d28853157ad3fa Termination Time: 2768 Application Path: C:\Users\JDH\Desktop\Downloaded\Infection\FRST64.exe Report Id: 95d5ce17-f446-11e6-b0ff-91a08106cca5 Error: (02/16/2017 05:31:48 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/15/2017 06:28:07 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/15/2017 06:16:25 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (02/17/2017 06:06:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. Error: (02/17/2017 06:06:40 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (02/17/2017 06:06:40 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/17/2017 06:06:39 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (02/17/2017 06:06:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21 Error: (02/17/2017 06:06:23 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/17/2017 06:06:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache ESProtectionDriver SASDIFSV SASKUTIL spldr Wanarpv6 Error: (02/17/2017 06:06:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. Error: (02/17/2017 05:34:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/17/2017 05:34:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect. CodeIntegrity: =================================== Date: 2017-02-15 06:12:48.163 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-15 06:12:48.106 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-08-23 15:22:32.452 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:08.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:07.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:06.680 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:41.648 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:13.911 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:13.677 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:11.961 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz Percentage of memory in use: 19% Total physical RAM: 8063.52 MB Available physical RAM: 6512.96 MB Total Virtual: 16125.21 MB Available Virtual: 14607.38 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:205.05 GB) (Free:70.88 GB) NTFS Drive d: (Storage) (Fixed) (Total:704.75 GB) (Free:336.3 GB) NTFS Drive h: (Big Backup) (Fixed) (Total:285.74 GB) (Free:151.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24764200) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.7 GB) - (Type=27) Partition 3: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=704.8 GB) - (Type=05) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 180F76C0) Partition 1: (Active) - (Size=285.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Hope that got it. Thanks again
  5. FRST ran but: as it started to run Addition I got this message: "Failed to update", I told it to continue. As it completed the scan "There is no disk in the drive. Please insert a disk into the drive \Device\Harddisk\DR2" I had to use Task Manager to close the message box. There are 2 logs however; Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017 Ran by JDH (administrator) on JDH-PC (16-02-2017 05:52:17) Running from C:\Users\JDH\Desktop Loaded Profiles: JDH (Available Profiles: JDH) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Aestas Software) C:\Users\JDH\Desktop\Look Here\togglr10\toggler.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Contact Plus Corporation) C:\Program Files (x86)\TaskPlus\taskplus0.exe (Firetrust Ltd) C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Fred's Software Company) C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Ambient, LLC) C:\vws\vws.exe (Tropical Wares) C:\Program Files (x86)\WallMaster\wallmast.exe () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [TaskPlus] => C:\Program Files (x86)\TaskPlus\taskplus0.exe [4653056 2006-10-26] (Contact Plus Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2016-08-06] (Logitech Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [Toggler] => C:\Users\JDH\Desktop\Look Here\togglr10\toggler.exe [32256 2001-01-20] (Aestas Software) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-08] (SUPERAntiSpyware) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-23] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2016-05-08] ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Instant_Restore_Point.vbs [2016-05-06] () Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher Pro.lnk [2016-04-28] ShortcutTarget: MailWasher Pro.lnk -> C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe - Shortcut.lnk [2014-11-17] ShortcutTarget: Printkey.exe - Shortcut.lnk -> C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe (Fred's Software Company) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vws - Shortcut.lnk [2016-05-03] ShortcutTarget: vws - Shortcut.lnk -> C:\vws\vws.exe (Ambient, LLC) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WallMaster.lnk [2016-10-23] ShortcutTarget: WallMaster.lnk -> C:\Program Files (x86)\WallMaster\wallmast.exe (Tropical Wares) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E8F065C6-4355-457F-AC81-08B433728AE7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) Handler: WSISVCUchrome - No CLSID Value FireFox: ======== FF DefaultProfile: lylj0gt4.default FF ProfilePath: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default [2017-02-15] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo! FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.yahoo.com?fr=fp-comodo FF Keyword.URL: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Extension: (Simple Popup Blocker) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\@simplepopupblocker.xpi [2016-02-07] FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2016-05-13] FF Extension: (Email This! Bookmarklet Extension) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\gmailthis@lazyrussian.com.xpi [2016-04-27] FF Extension: (RememberPass) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\rememberpass@teesoft.info.xpi [2016-08-03] FF Extension: (Saved Password Editor) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-30] FF Extension: (Show Password) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\showpassword@pratikpoddar.xpi [2016-04-27] FF Extension: (Show Password Field) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2016-04-27] FF Extension: (Show/hide passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\shpassword@shpassword.fr.xpi [2016-04-27] FF Extension: (uBlock Origin) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-26] FF Extension: (Unhide Passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2016-04-27] FF Extension: (WOT) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-02] FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF SearchPlugin: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\searchplugins\google-lavasoft.xml [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 [2017-02-16] [not signed] FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2004-09-08] (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-23] (AVAST Software) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-25] (Paramount Software UK Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed] R2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [14696 2015-02-21] (Traysoft Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S2 HPSLPSVC; C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-23] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-23] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-23] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software) R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-11-12] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-11-12] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-10-22] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-02-15] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-16] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-16] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-16] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-16] (Malwarebytes) R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2016-05-02] (CACE Technologies, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-10-22] (Samsung Electronics Co., Ltd.) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2016-05-27] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-14] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-16 05:52 - 2017-02-16 05:52 - 00020913 _____ C:\Users\JDH\Desktop\FRST.txt 2017-02-16 05:52 - 2017-02-13 06:12 - 02421248 _____ (Farbar) C:\Users\JDH\Desktop\FRST64.exe 2017-02-15 18:03 - 2017-02-16 05:29 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026.job 2017-02-15 18:03 - 2017-02-15 18:03 - 00003298 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 35b3990c-735e-4404-97c4-57e2c1237026 2017-02-15 09:01 - 2017-02-15 09:01 - 00000000 ____D C:\Users\JDH\Desktop\Tools 2017-02-15 06:21 - 2017-02-15 06:21 - 00028473 _____ C:\ComboFix.txt 2017-02-15 06:03 - 2017-02-15 06:22 - 00000000 ____D C:\ComboFix 2017-02-15 06:03 - 2017-02-15 06:21 - 00000000 ____D C:\Qoobox 2017-02-15 06:03 - 2017-02-15 06:19 - 00000000 ____D C:\Windows\erdnt 2017-02-15 06:03 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe 2017-02-15 06:03 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe 2017-02-15 06:03 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe 2017-02-15 06:03 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe 2017-02-14 10:49 - 2017-02-14 10:49 - 00000000 ____D C:\Users\JDH\AppData\Roaming\HPPSDr 2017-02-14 10:20 - 2017-02-14 10:20 - 00000000 ____D C:\Users\JDH\AppData\Local\HP_Development_Company,_L 2017-02-14 08:47 - 2017-02-15 09:04 - 00000000 ____D C:\Users\JDH\Desktop\For Broni 2017-02-14 07:12 - 2017-02-14 07:12 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-14 07:12 - 2017-02-14 07:12 - 00001869 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2017-02-14 06:07 - 2017-02-14 13:25 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForJDH.job 2017-02-14 06:07 - 2017-02-14 10:20 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJDH 2017-02-13 18:17 - 2017-02-13 18:17 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Hewlett-Packard 2017-02-13 06:47 - 2017-02-13 06:47 - 00000000 ____D C:\Users\JDH\AppData\Local\Adobe 2017-02-13 06:13 - 2017-02-16 05:49 - 00000000 ____D C:\FRST 2017-02-08 06:32 - 2017-02-08 06:32 - 00001256 _____ C:\Users\JDH\Desktop\Contacts - Shortcut.lnk 2017-02-06 11:33 - 2017-02-06 11:39 - 00000000 ____D C:\Users\JDH\AppData\Roaming\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\ProgramData\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2017-02-05 09:01 - 2017-02-13 06:32 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2016 al 2017-02-05 08:17 - 2017-02-06 09:33 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2015 all 2017-02-03 09:13 - 2017-02-15 18:01 - 00000000 ____D C:\Users\JDH\Desktop\New folder 2017-02-03 09:11 - 2017-02-15 18:01 - 00000000 ____D C:\Users\JDH\Desktop\Taxes all 2017-02-02 18:27 - 2017-02-05 09:06 - 00000000 ____D C:\Users\JDH\Desktop\Tax 16 first 2017-02-02 18:25 - 2017-02-05 09:06 - 00000046 _____ C:\Windows\TaxAct16.ini 2017-02-02 18:25 - 2017-02-05 08:13 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2016 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\Users\Public\Desktop\TaxAct 2016.lnk 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\ProgramData\Desktop\TaxAct 2016.lnk 2017-02-02 18:07 - 2017-02-15 10:06 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job 2017-02-02 18:07 - 2017-02-06 06:16 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job 2017-02-02 18:07 - 2017-02-02 18:07 - 00003502 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b 2017-02-02 18:07 - 2017-02-02 18:07 - 00003298 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4 2017-02-02 17:53 - 2017-02-02 17:53 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-02-02 14:33 - 2017-02-02 14:33 - 00000000 ____D C:\Users\JDH\AppData\Local\PDFCreator 2017-02-02 12:54 - 2016-08-23 14:37 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-01 15:29 - 2017-02-14 10:48 - 00000000 ____D C:\Users\JDH\Downloads\HP Downloads 2017-02-01 06:25 - 2017-02-01 06:26 - 00000000 ____D C:\Users\JDH\New folder 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\Users\Public\Documents\Thumbs.db 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\ProgramData\Documents\Thumbs.db 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Broderbund 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\ProgramData\Broderbund 2017-01-31 15:00 - 2017-02-02 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\Users\Public\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\ProgramData\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00000000 ____D C:\Program Files (x86)\Broderbund 2017-01-27 08:57 - 2017-02-15 06:16 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-27 08:56 - 2017-02-16 05:37 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-27 08:56 - 2017-02-16 05:31 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-27 08:56 - 2017-02-16 05:31 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-27 08:56 - 2017-02-16 05:31 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-27 08:56 - 2017-02-14 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-27 08:56 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-26 17:25 - 2017-01-26 17:25 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-26 07:41 - 2016-10-17 08:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2017-01-26 06:20 - 2017-01-26 06:20 - 00003156 _____ C:\Windows\System32\Tasks\{AB593C68-8660-4707-B8E7-32BCD60B4C29} 2017-01-21 10:50 - 2017-01-21 10:50 - 00003524 _____ C:\Windows\System32\Tasks\{2CC25046-AA9B-4949-82CA-8712B8B445C2} 2017-01-17 05:54 - 2017-01-17 05:54 - 00000000 ____H C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 00000000 _____ C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-16 05:48 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Downloaded 2017-02-16 05:45 - 2016-05-03 08:05 - 00000000 ____D C:\Users\JDH\AppData\Roaming\MailWasherPro 2017-02-16 05:41 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-16 05:41 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-16 05:34 - 2009-07-13 22:13 - 00848886 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-16 05:34 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2017-02-16 05:31 - 2016-05-04 08:33 - 00000000 ____D C:\ProgramData\TEMP 2017-02-16 05:31 - 2016-05-02 22:03 - 00000000 __SHD C:\Users\JDH\IntelGraphicsProfiles 2017-02-16 05:30 - 2016-05-04 04:49 - 00000000 ____D C:\Users\Public\Documents\PhoneTray 2017-02-16 05:30 - 2016-05-04 04:49 - 00000000 ____D C:\ProgramData\Documents\PhoneTray 2017-02-16 05:29 - 2016-05-02 17:40 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2017-02-16 05:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-15 18:04 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\DMCache 2017-02-15 15:17 - 2016-11-21 06:09 - 00000000 ____D C:\Users\JDH\AppData\LocalLow\Mozilla 2017-02-15 06:24 - 2016-05-29 14:45 - 02238460 _____ C:\Windows\ntbtlog.txt 2017-02-15 06:16 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini 2017-02-15 05:55 - 2016-05-03 17:29 - 00009288 _____ C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-02-14 13:24 - 2016-05-30 10:45 - 00000000 ____D C:\Windows\pss 2017-02-14 10:56 - 2016-05-02 17:19 - 00000000 ___RD C:\Users\JDH\Desktop\Look Here 2017-02-14 10:43 - 2016-05-02 14:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2017-02-14 10:33 - 2016-05-02 14:22 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2017-02-14 10:20 - 2016-05-02 12:37 - 00000000 ____D C:\Users\JDH 2017-02-14 10:16 - 2016-05-02 18:38 - 00000000 ____D C:\Users\JDH\AppData\Local\ElevatedDiagnostics 2017-02-14 10:06 - 2016-08-23 14:40 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-02-14 09:56 - 2016-05-30 07:23 - 00000000 ____D C:\ProgramData\Comodo 2017-02-14 08:42 - 2016-04-16 08:00 - 00000000 ____D C:\AdwCleaner 2017-02-14 06:41 - 2016-12-25 06:17 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-02-14 06:41 - 2016-12-25 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-02-14 06:41 - 2016-12-25 06:16 - 00000000 ____D C:\Program Files\RogueKiller 2017-02-14 06:19 - 2016-05-02 17:21 - 00000000 ____D C:\Users\JDH\Desktop\MP3A 2017-02-13 18:17 - 2016-05-02 14:27 - 00000000 ____D C:\Users\JDH\AppData\Local\Hewlett-Packard 2017-02-13 18:10 - 2016-05-02 12:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-13 14:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-12 12:26 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job 2017-02-09 05:36 - 2016-05-06 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-02-06 10:43 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job 2017-02-06 10:33 - 2016-11-22 06:06 - 00000046 _____ C:\Windows\TaxAct15.ini 2017-02-06 09:42 - 2016-11-22 06:07 - 00000050 _____ C:\Windows\SysWOW64\msxkwn.vxp 2017-02-06 09:42 - 2016-10-08 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT 2017-02-06 06:16 - 2016-05-02 17:22 - 00000000 ____D C:\Users\JDH\Desktop\Trial Authors 2017-02-05 18:04 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Icons 2017-02-05 08:24 - 2016-05-05 13:41 - 00000000 ____D C:\Users\JDH\AppData\Roaming\vlc 2017-02-04 09:49 - 2016-05-04 14:14 - 00000000 ____D C:\Program Files (x86)\ACCUCHEF6 2017-02-04 06:29 - 2017-01-03 06:06 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2015 2017-02-03 09:14 - 2014-10-04 17:34 - 00000000 ____D C:\TaxACT 2017-02-02 18:06 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2017-02-02 18:05 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-02-02 17:59 - 2016-05-02 21:46 - 00000000 ____D C:\Windows\system32\MRT 2017-02-02 17:54 - 2016-05-02 21:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-02 16:03 - 2016-05-02 18:29 - 00003880 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462238943 2017-02-02 14:44 - 2016-05-02 22:03 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Adobe 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ____D C:\ProgramData\Skype 2017-02-02 12:53 - 2016-12-08 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2017-02-02 12:53 - 2016-05-24 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 2017-02-02 12:53 - 2016-05-07 08:01 - 00000000 ____D C:\Program Files\PDFCreator 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\Users\Public\Documents\Downloaded 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\ProgramData\Documents\Downloaded 2017-02-02 12:52 - 2016-11-11 11:37 - 00000000 ____D C:\ProgramData\PCDr 2017-02-02 12:52 - 2016-10-11 08:23 - 00000000 ____D C:\ProgramData\Macrium 2017-02-02 12:52 - 2016-10-08 08:31 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IrfanView 2017-02-02 12:52 - 2016-05-24 05:13 - 00000000 ____D C:\Program Files\Tracker Software 2017-02-02 12:52 - 2016-05-20 09:40 - 00000000 ____D C:\Users\JDH\AppData\Local\QuickenWindow 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\ProgramData\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-10 17:32 - 00000000 ____D C:\Program Files (x86)\Kyodai Mahjongg 2017-02-02 12:52 - 2016-05-08 14:45 - 00000000 ____D C:\Users\JDH\AppData\Local\Traysoft_Inc 2017-02-02 12:52 - 2016-05-06 17:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-02-02 12:52 - 2016-05-05 16:32 - 00000000 ____D C:\Program Files (x86)\On This Day 2017-02-02 12:52 - 2016-05-05 16:30 - 00000000 ____D C:\Program Files (x86)\Second Site 2017-02-02 12:52 - 2016-05-05 05:25 - 00000000 ____D C:\ProgramData\Logitech 2017-02-02 12:52 - 2016-05-04 08:29 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2017-02-02 12:52 - 2016-05-04 05:12 - 00000000 ____D C:\ProgramData\Adobe 2017-02-02 12:52 - 2016-05-03 12:24 - 00000000 ____D C:\ProgramData\Intuit 2017-02-02 12:52 - 2016-05-03 12:15 - 00000000 ____D C:\ProgramData\LogiShrd 2017-02-02 12:52 - 2016-05-02 21:29 - 00000000 ____D C:\Program Files (x86)\WallMaster 2017-02-02 12:52 - 2016-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Password Corral v4.0 2017-02-02 12:52 - 2016-05-02 18:19 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-02-02 12:52 - 2016-05-02 13:41 - 00000000 ____D C:\ProgramData\HP 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Users\JDH\AppData\Local\NETGEARGenie 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie 2017-02-02 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2017-02-01 15:44 - 2016-12-26 18:08 - 00000000 ____D C:\Users\JDH\AppData\Local\CrashDumps 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\Users\Public\Documents\Track 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\ProgramData\Documents\Track 2017-01-31 16:26 - 2016-05-08 07:40 - 00114424 _____ C:\Users\JDH\AppData\Roaming\GDIPFONTCACHEV1.DAT 2017-01-29 06:09 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IDM 2017-01-28 05:30 - 2016-05-02 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-27 18:31 - 2016-11-21 06:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-26 06:19 - 2016-05-04 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2017-01-24 06:23 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Hold 2017-01-24 05:58 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Geneology programs 2016 2017-01-23 05:52 - 2016-05-14 17:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-23 05:52 - 2016-05-14 17:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-23 05:52 - 2016-05-14 17:16 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-23 05:52 - 2016-05-04 14:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-21 10:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME 2017-01-21 10:50 - 2016-12-30 08:50 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo 2017-01-21 10:50 - 2016-06-11 04:50 - 00000000 ____D C:\Users\JDH\AppData\Local\Deployment ==================== Files in the root of some directories ======= 2016-05-06 13:58 - 2016-05-06 13:54 - 0002095 _____ () C:\Program Files\Instant_Restore_Point.vbs 2016-05-23 13:48 - 2016-05-23 13:44 - 0004107 _____ () C:\Program Files (x86)\0x0409.ini 2016-05-23 13:48 - 2016-05-23 13:45 - 21244416 _____ () C:\Program Files (x86)\Ancestral Quest 14.msi 2016-05-06 08:44 - 2014-07-11 12:09 - 0001786 _____ () C:\Program Files (x86)\Instant_Restore_Point.zip 2016-05-27 04:53 - 2016-05-27 04:53 - 0001181 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt 2016-05-27 04:53 - 2016-05-27 04:53 - 0000000 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2016-05-03 17:29 - 2017-02-15 05:55 - 0009288 _____ () C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 ____H () C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 _____ () C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} 2016-05-04 08:26 - 2016-05-19 15:08 - 0001100 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017 Ran by JDH (16-02-2017 05:52:43) Running from C:\Users\JDH\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-05-02 19:37:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2061720530-3619408701-3326269976-500 - Administrator - Disabled) ASPNET (S-1-5-21-2061720530-3619408701-3326269976-1002 - Limited - Enabled) Guest (S-1-5-21-2061720530-3619408701-3326269976-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2061720530-3619408701-3326269976-1005 - Limited - Enabled) JDH (S-1-5-21-2061720530-3619408701-3326269976-1000 - Administrator - Enabled) => C:\Users\JDH ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3MCloudLibrary PC (QML) 1.38 (HKLM-x32\...\3MCloudLibrary PC (QML)) (Version: 1.38 - 3M) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) AccuChef (HKLM-x32\...\AccuChef) (Version: - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe PhotoDeluxe Home Edition 4.0 (HKLM-x32\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Ancestral Quest 14 (HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\InstallShield_{9D8D4F74-CB30-4DCD-8FAA-C3F2FA31112D}) (Version: 14.00.0033 - Incline Software, LC) Ancestral Quest 14 (x32 Version: 14.00.0033 - Incline Software, LC) Hidden Angel Sound (HKLM-x32\...\{8C8FC4CE-542B-48AA-9804-539A0018C419}) (Version: 5.08.03 - ) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell) Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.50 - NCH Software) Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) GenSmarts (HKLM-x32\...\GenSmarts_is1) (Version: - Underwood Innovations, LLC) Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\{7F1C9E82-84D4-4EBC-BA12-B0BA927D9DD7}) (Version: 1.1.1 - Encore Software, Inc.) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Kazoo Player (HKLM-x32\...\Kazoo Player) (Version: - ) Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version: - Rene-Gilles Deberdt) Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Logitech Camera Diagnostic (HKLM-x32\...\LogiUCDiagnostic) (Version: 1.1.74.0 - Logitech Europe S.A.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version: - ) MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mavis Beacon Teaches Typing 18 (HKLM-x32\...\{5B049B61-0684-460E-A5F2-5EC314590344}) (Version: 18.00.0000 - Broderbund) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8260 - MyHeritage.com) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.) On This Day (HKLM-x32\...\On This Day) (Version: - ) OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.) PaperPort 7.0 (HKLM-x32\...\PaperPort 7.0) (Version: - ) Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version: - Cygnus Productions) PCIe Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCIE_HSF) (Version: 7.80.5.0 - Conexant Systems) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH) PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version: - Traysoft Inc.) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.80 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Second Site (HKLM-x32\...\Second Site) (Version: - ) Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games) Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - ) Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version: - ) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.08 - NCH Software) Task Plus 3.9.9.6 (HKLM-x32\...\Task Plus 3.9.9.6) (Version: - ) TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 0.90 - TaxACT, Inc.) TaxAct 2015 1040 Edition (HKLM-x32\...\TaxAct 2015 1040 Edition) (Version: 1.09 - TaxAct, Inc.) TaxAct 2015 New Mexico (HKLM-x32\...\TaxAct 2015 New Mexico) (Version: 1.0 - TaxAct, Inc.) TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.02 - TaxAct, Inc.) TaxAct 2016 New Mexico (HKLM-x32\...\TaxAct 2016 New Mexico) (Version: 1.0 - TaxAct, Inc.) The Master Genealogist (for JDH) (HKLM-x32\...\The Master Genealogist (for JDH)) (Version: 6.x - Wholly Genes Software) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.20 - Tweaking.com) Virtual Weather Station (HKLM-x32\...\{0F5E3399-70D0-4816-BDD7-17376BFD076C}) (Version: 6.0.90 - Ambient Weather) Virtual Weather Station (HKLM-x32\...\{CD4215A0-AAF4-11D5-8879-0800460222F0}) (Version: 1.0.0 - Ambient, LLC) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WallMaster (HKLM-x32\...\WallMaster) (Version: 2.4a - Tropical Wares) WeatherLink 6.0.3 (HKLM-x32\...\{E344C807-7DE0-4CC2-81BB-1F895CF8CBDF}) (Version: 6.0.3 - Davis Instruments Corp.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Works Suite OS Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works Synchronization (x32 Version: 1.0.0.0000 - Your Company Name) Hidden Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  6. OK I am in normal mode with networking and my orinter Here's the combofix log: ComboFix 17-01-29.01 - JDH 02/15/2017 6:05.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8064.6054 [GMT -7:00] Running from: c:\users\JDH\Desktop\ComboFix.exe AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Microsoft c:\users\Public\Documents\pre_fileassoc.tmp c:\windows\SysWow64\ChilkatMail_v7_9.dll c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\wpcap.dll D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2017-01-15 to 2017-02-15 ))))))))))))))))))))))))))))))) . . 2017-02-15 13:15 . 2017-02-15 13:15 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-02-14 20:24 . 2016-05-06 20:54 2095 ----a-w- c:\users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Instant_Restore_Point.vbs 2017-02-14 17:49 . 2017-02-14 17:49 -------- d-----w- c:\users\JDH\AppData\Roaming\HPPSDr 2017-02-14 17:20 . 2017-02-14 17:20 -------- d-----w- c:\users\JDH\AppData\Local\HP_Development_Company,_L 2017-02-14 01:17 . 2017-02-14 01:17 -------- d-----w- c:\users\JDH\AppData\Roaming\Hewlett-Packard 2017-02-13 13:47 . 2017-02-13 13:47 -------- d-----w- c:\users\JDH\AppData\Local\Adobe 2017-02-13 13:13 . 2017-02-13 13:14 -------- d-----w- C:\FRST 2017-02-06 18:33 . 2017-02-06 18:39 -------- d-----w- c:\users\JDH\AppData\Roaming\ImgBurn 2017-02-06 18:32 . 2017-02-06 18:32 -------- d-----w- c:\program files (x86)\ImgBurn 2017-02-02 21:33 . 2017-02-02 21:33 -------- d-----w- c:\users\JDH\AppData\Local\PDFCreator 2017-02-02 20:03 . 2017-02-02 20:03 -------- d-----w- c:\program files (x86)\Common Files\Skype 2017-02-02 19:54 . 2016-08-23 21:37 391496 ----a-w- c:\windows\system32\aswBoot.exe 2017-02-02 18:11 . 2017-02-08 12:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps 2017-02-01 13:25 . 2017-02-01 13:26 -------- d-----w- c:\users\JDH\New folder 2017-01-31 22:01 . 2017-01-31 22:01 -------- d-----w- c:\users\JDH\AppData\Roaming\Broderbund 2017-01-31 22:01 . 2017-01-31 22:01 -------- d-----w- c:\programdata\Broderbund 2017-01-31 22:00 . 2017-01-31 22:00 -------- d-----w- c:\program files (x86)\Broderbund 2017-01-27 15:57 . 2017-02-15 13:16 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys 2017-01-27 15:56 . 2017-02-15 13:16 110536 ----a-w- c:\windows\system32\drivers\farflt.sys 2017-01-27 15:56 . 2017-02-15 13:16 81696 ----a-w- c:\windows\system32\drivers\mwac.sys 2017-01-27 15:56 . 2017-02-15 13:16 43968 ----a-w- c:\windows\system32\drivers\mbam.sys 2017-01-27 15:56 . 2017-02-15 13:16 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2017-01-27 15:56 . 2017-01-20 14:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys 2017-01-27 00:25 . 2017-01-27 00:25 -------- d-----w- c:\program files\Malwarebytes 2017-01-26 14:41 . 2016-10-17 15:35 223464 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2017-01-17 12:54 . 2017-01-17 12:54 0 ---ha-w- c:\users\JDH\AppData\Local\BIT88ED.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-02-14 13:41 . 2016-12-25 13:17 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2017-02-03 00:54 . 2016-05-03 04:46 135657872 -c--a-w- c:\windows\system32\MRT.exe 2017-01-23 12:52 . 2016-05-15 00:16 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-01-23 12:52 . 2016-05-15 00:16 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-01-06 00:37 . 2012-07-17 20:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2016-12-26 13:15 . 2016-12-26 13:14 627712 ----a-w- c:\windows\SysWow64\usp10.dll 2016-12-26 13:15 . 2016-12-26 13:14 84992 ----a-w- c:\windows\SysWow64\hlink.dll 2016-12-26 13:15 . 2016-12-26 13:14 833024 ----a-w- c:\windows\SysWow64\user32.dll 2016-12-26 13:15 . 2016-12-26 13:14 312832 ----a-w- c:\windows\SysWow64\gdi32.dll 2016-12-26 13:15 . 2016-12-26 13:14 817664 ----a-w- c:\windows\system32\jscript.dll 2016-12-26 13:15 . 2016-12-26 13:14 806912 ----a-w- c:\windows\system32\msfeeds.dll 2016-12-26 13:15 . 2016-12-26 13:14 576000 ----a-w- c:\windows\system32\vbscript.dll 2016-12-26 13:15 . 2016-12-26 13:14 498688 ----a-w- c:\windows\SysWow64\vbscript.dll 2016-12-26 13:15 . 2016-12-26 13:14 2896384 ----a-w- c:\windows\system32\iertutil.dll 2016-12-26 13:15 . 2016-12-26 13:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2016-12-26 13:15 . 2016-12-26 13:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2016-12-26 13:15 . 2016-12-26 13:14 2131456 ----a-w- c:\windows\system32\inetcpl.cpl 2016-12-26 13:15 . 2016-12-26 13:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2016-12-26 13:15 . 2016-12-26 13:14 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2016-12-26 13:15 . 2016-12-26 13:14 128512 ----a-w- c:\windows\system32\msiexec.exe 2016-12-26 13:15 . 2016-12-26 13:14 615936 ----a-w- c:\windows\system32\ieui.dll 2016-12-26 13:15 . 2016-12-26 13:14 1941504 ----a-w- c:\windows\system32\authui.dll 2016-12-26 13:15 . 2016-12-26 13:14 73216 ----a-w- c:\windows\SysWow64\msiexec.exe 2016-12-26 13:15 . 2016-12-26 13:14 504320 ----a-w- c:\windows\system32\msihnd.dll 2016-12-26 13:15 . 2016-12-26 13:14 92160 ----a-w- c:\windows\system32\mshtmled.dll 2016-12-26 13:15 . 2016-12-26 13:14 489984 ----a-w- c:\windows\system32\dxtmsft.dll 2016-12-26 13:15 . 2016-12-26 13:14 315392 ----a-w- c:\windows\system32\dxtrans.dll 2016-12-26 13:15 . 2016-12-26 13:14 262144 ----a-w- c:\windows\system32\webcheck.dll 2016-12-26 13:14 . 2016-12-26 13:14 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2016-12-26 13:14 . 2016-12-26 13:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2016-12-26 13:14 . 2016-12-26 13:14 70144 ----a-w- c:\windows\system32\appinfo.dll 2016-12-26 13:14 . 2016-12-26 13:14 54784 ----a-w- c:\windows\system32\jsproxy.dll 2016-12-26 13:14 . 2016-12-26 13:14 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2016-12-26 13:14 . 2016-12-26 13:14 199680 ----a-w- c:\windows\system32\msrating.dll 2016-12-26 13:14 . 2016-12-26 13:14 1806848 ----a-w- c:\windows\SysWow64\authui.dll 2016-12-26 13:14 . 2016-12-26 13:14 152064 ----a-w- c:\windows\system32\occache.dll 2016-12-26 13:14 . 2016-12-26 13:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2016-12-26 13:14 . 2016-12-26 13:14 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2016-12-26 13:14 . 2016-12-26 13:14 107520 ----a-w- c:\windows\system32\inseng.dll 2016-12-26 13:14 . 2016-12-26 13:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2016-12-26 13:14 . 2016-12-26 13:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2016-12-26 13:14 . 2016-12-26 13:14 66560 ----a-w- c:\windows\system32\iesetup.dll 2016-12-26 13:14 . 2016-12-26 13:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2016-12-26 13:14 . 2016-12-26 13:14 725504 ----a-w- c:\windows\system32\ie4uinit.exe 2016-12-26 13:14 . 2016-12-26 13:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2016-12-26 13:14 . 2016-12-26 13:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2016-12-26 13:14 . 2016-12-26 13:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2016-12-26 13:14 . 2016-12-26 13:14 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2016-12-26 13:14 . 2016-12-26 13:14 34304 ----a-w- c:\windows\system32\iernonce.dll 2016-12-26 13:14 . 2016-12-26 13:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2016-12-26 13:14 . 2016-12-26 13:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2016-12-26 13:14 . 2016-12-26 13:14 25088 ----a-w- c:\windows\SysWow64\msimsg.dll 2016-12-26 13:14 . 2016-12-26 13:14 25088 ----a-w- c:\windows\system32\msimsg.dll 2016-12-26 13:14 . 2016-12-26 13:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2016-12-26 13:14 . 2016-12-26 13:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-12-26 13:14 . 2016-12-26 13:14 2048 ----a-w- c:\windows\system32\tzres.dll 2016-12-08 13:20 . 2016-05-11 16:17 115200 ----a-w- c:\windows\system32\pdfcmon.dll 2016-12-02 13:02 . 2016-12-02 13:02 5547752 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-12-02 13:02 . 2016-12-02 13:02 1732864 ----a-w- c:\windows\system32\ntdll.dll 2016-12-02 13:02 . 2016-12-02 13:02 1483264 ----a-w- c:\windows\system32\crypt32.dll 2016-12-02 13:02 . 2016-12-02 13:02 706792 ----a-w- c:\windows\system32\winload.efi 2016-12-02 13:02 . 2016-12-02 13:02 633296 ----a-w- c:\windows\system32\winload.exe 2016-12-02 13:02 . 2016-12-02 13:02 631176 ----a-w- c:\windows\system32\winresume.efi 2016-12-02 13:02 . 2016-12-02 13:02 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll 2016-12-02 13:02 . 2016-12-02 13:02 4000488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2016-12-02 13:02 . 2016-12-02 13:02 3944680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2016-12-02 13:02 . 2016-12-02 13:02 346112 ----a-w- c:\windows\system32\bcdedit.exe 2016-12-02 13:02 . 2016-12-02 13:02 229376 ----a-w- c:\windows\system32\wintrust.dll 2016-12-02 13:02 . 2016-12-02 13:02 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2016-12-02 13:02 . 2016-12-02 13:02 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll 2016-12-02 13:02 . 2016-12-02 13:02 880640 ----a-w- c:\windows\system32\advapi32.dll 2016-12-02 13:02 . 2016-12-02 13:02 1163264 ----a-w- c:\windows\system32\kernel32.dll 2016-12-02 13:02 . 2016-12-02 13:02 112640 ----a-w- c:\windows\system32\smss.exe 2016-12-02 13:02 . 2016-12-02 13:02 644096 ----a-w- c:\windows\SysWow64\advapi32.dll 2016-12-02 13:02 . 2016-12-02 13:02 503808 ----a-w- c:\windows\system32\srcore.dll 2016-12-02 13:02 . 2016-12-02 13:02 419840 ----a-w- c:\windows\system32\KernelBase.dll 2016-12-02 13:02 . 2016-12-02 13:02 362496 ----a-w- c:\windows\system32\wow64win.dll 2016-12-02 13:02 . 2016-12-02 13:02 215552 ----a-w- c:\windows\system32\winsrv.dll 2016-12-02 13:02 . 2016-12-02 13:02 190976 ----a-w- c:\windows\system32\cryptsvc.dll 2016-12-02 13:02 . 2016-12-02 13:02 141824 ----a-w- c:\windows\system32\cryptnet.dll 2016-12-02 13:02 . 2016-12-02 13:02 62464 ----a-w- c:\windows\system32\drivers\appid.sys 2016-12-02 13:02 . 2016-12-02 13:02 59904 ----a-w- c:\windows\system32\appidapi.dll 2016-12-02 13:02 . 2016-12-02 13:02 50176 ----a-w- c:\windows\system32\srclient.dll 2016-12-02 13:02 . 2016-12-02 13:02 44032 ----a-w- c:\windows\system32\csrsrv.dll 2016-12-02 13:02 . 2016-12-02 13:02 338432 ----a-w- c:\windows\system32\conhost.exe 2016-12-02 13:02 . 2016-12-02 13:02 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll 2016-12-02 13:02 . 2016-12-02 13:02 243712 ----a-w- c:\windows\system32\wow64.dll 2016-12-02 13:02 . 2016-12-02 13:02 145920 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2016-12-02 13:02 . 2016-12-02 13:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2016-12-02 13:02 . 2016-12-02 13:02 106496 ----a-w- c:\windows\SysWow64\cryptnet.dll 2016-12-02 13:02 . 2016-12-02 13:02 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2016-12-02 13:02 . 2016-12-02 13:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2016-12-02 13:02 . 2016-12-02 13:02 50688 ----a-w- c:\windows\SysWow64\appidapi.dll 2016-12-02 13:02 . 2016-12-02 13:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-12-02 13:02 . 2016-12-02 13:02 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2016-12-02 13:02 . 2016-12-02 13:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2016-12-02 13:02 . 2016-12-02 13:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-12-02 13:02 . 2016-12-02 13:02 34816 ----a-w- c:\windows\system32\appidsvc.dll 2016-12-02 13:02 . 2016-12-02 13:02 296960 ----a-w- c:\windows\system32\rstrui.exe 2016-12-02 13:02 . 2016-12-02 13:02 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2009-07-14 01:14 396800 --sha-w- c:\windows\IME\IMETC10\DICTS\Windows Mail\WinMail(1086).exe 2009-07-14 01:39 398848 --sha-w- c:\windows\IME\IMETC10\Windows Mail\WinMail(1566).exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-06-11 596480] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-12-15 4015216] "Toggler"="c:\users\JDH\Desktop\Look Here\togglr10\toggler.exe" [2001-01-20 32256] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2017-02-09 7946144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768] "TaskPlus"="c:\program files (x86)\TaskPlus\taskplus0.exe" [2006-10-26 4653056] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2016-08-06 205336] . c:\users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Instant_Restore_Point.vbs [2016-5-6 2095] MailWasher Pro.lnk - c:\program files (x86)\FireTrust\MailWasher Pro\MailWasher.exe [2016-5-3 19384088] Printkey.exe - Shortcut.lnk - c:\users\JDH\Desktop\Look Here\Stuff\Printkey.exe [2016-5-2 589824] vws - Shortcut.lnk - c:\vws\vws.exe [2014-1-31 21330432] WallMaster.lnk - c:\program files (x86)\WallMaster\wallmast.exe [2016-10-23 288256] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PhoneTray.lnk - c:\program files (x86)\PhoneTray\PhoneTray.exe [2015-2-21 863064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x] R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 SrvHsfPCIe;SrvHsfPCIe;c:\windows\system32\DRIVERS\VSTBS36.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS36.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 MacriumService;Macrium Service;c:\program files\Macrium\Common\MacriumService.exe;c:\program files\Macrium\Common\MacriumService.exe [x] S2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x] S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x] S2 PhoneTrayService;PhoneTray Service;c:\program files (x86)\PhoneTray\PhoneTrayService.exe;c:\program files (x86)\PhoneTray\PhoneTrayService.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x] S3 CAXHWBS3;CAXHWBS3;c:\windows\system32\DRIVERS\CAXHWBS3.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS3.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x] S3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys;c:\windows\SYSNATIVE\drivers\NPF.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x] S3 stdriver;SoundTap Filter Driver v6.08.01;c:\windows\system32\DRIVERS\stdriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriverx64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ESPROTECTIONDRIVER *NewlyCreated* - MBAMCHAMELEON *NewlyCreated* - MBAMFARFLT *NewlyCreated* - MBAMPROTECTION *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBPROTECTION *NewlyCreated* - NPF . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2017-02-14 c:\windows\Tasks\HPCeeScheduleForJDH.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12 22:40] . 2017-02-12 c:\windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job - c:\program files\macrium\reflect\Reflect.exe [2016-12-12 18:13] . 2017-02-06 c:\windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job - c:\program files\macrium\reflect\Reflect.exe [2016-12-12 18:13] . 2017-02-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 16:34] . 2017-02-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 16:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 14:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-08-23 21:37 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - Trusted Zone: localhost TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= . - - - - ORPHANS REMOVED - - - - . SafeBoot-AppXSvc SafeBoot-ClipSvc SafeBoot-SophosVirusRemovalTool SafeBoot-TweakingRemoveSafeBoot SafeBoot-WSService HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cistray.exe AddRemove-ExpressBurn - c:\program files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe AddRemove-ExpressRip - c:\program files (x86)\NCH Software\ExpressRip\expressrip.exe AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE AddRemove-SIUSBXP&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\SIUSBXP&10C4&EA61 AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 AddRemove-SoundTap - c:\program files (x86)\NCH Software\SoundTap\soundtap.exe AddRemove-Tweaking.com - Windows Repair - c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe AddRemove-Amazon Amazon Music - c:\users\JDH\AppData\Local\Amazon Music\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):3e,1e,28,31,cf,e2,26,31,41,d9,e4,1a,c3,6d,dc,fb,2c,a9,a7,1b,97, 34,cb,77,88,20,30,f2,3a,e8,75,2e,57,ff,22,83,97,72,c1,32,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000_Classes\Wow6432Node\CLSID\{cf05cdc2-42b7-4f7a-94ab-892bd523f6a5}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000f8 "Therad"=dword:0000001d "MData"=hex(0):6c,ad,00,7b,63,e8,0f,1b,e4,03,00,3d,ae,41,d7,9f,fd,5d,1e,41,88, ed,a6,87,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="35-MPV2-DHVZ-HHZ9-NC8B-BANQ-RNNJZX9" "Activated"="Y" . [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet006\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files (x86)\NETGEAR Genie\bin\genie2_tray.exe c:\windows\SysWOW64\DllHost.exe . ************************************************************************** . Completion time: 2017-02-15 06:21:50 - machine was rebooted ComboFix-quarantined-files.txt 2017-02-15 13:21 . Pre-Run: 82,123,612,160 bytes free Post-Run: 80,746,737,664 bytes free . - - End Of File - - 7E94EFBAB97A7DBB640233F46C08D732 A36C5E4F47E84449FF07ED3517B43A31 Thanks again
  7. Once again thank you Broni! Since my 1st post: I am still in Safe Mode in order to access the internet.. I have lost my network and printer. Here are the logs. RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : JDH [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 02/14/2017 06:41:34 (Duration : 00:16:19) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 80 ¤¤¤ [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{42F2CA19-AAA6-4CC1-99DA-AC4E0D89F508} (C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\magpie.dll) -> Deleted [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{5B06364D-FF00-4BD5-9D01-4379952513F2} (C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll) -> Deleted [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{8E0DF3C3-BA52-47F7-B601-307E5CB207EF} (C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\scriptservice.dll) -> Deleted [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{D6FE8115-1CBA-40D7-B763-FF0DA33CEB6A} (C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll) -> Deleted [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} (C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll) -> Deleted [PUP.Conduit|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Deleted [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\APN PIP -> Deleted [PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Conduit -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\APN PIP -> Deleted [PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Conduit -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | HPService : (C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll) [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPSLPSVC (C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll) -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPSLPSVC (C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll) -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPSLPSVC (C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll) -> Deleted [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell.com -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dell.com -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AD55F771-09A1-4D76-AFF5-377AA0E457FA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1169E2F7-1B48-4EC6-BF86-AB95CF300A74} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0E9F4DFC-A289-46B9-97A9-8F6901D4EA62} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0C89D318-0CF4-4A21-B1A2-7A9ABC353F60} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AD55F771-09A1-4D76-AFF5-377AA0E457FA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1169E2F7-1B48-4EC6-BF86-AB95CF300A74} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0E9F4DFC-A289-46B9-97A9-8F6901D4EA62} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0C89D318-0CF4-4A21-B1A2-7A9ABC353F60} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4064A8FB-565D-4515-9309-29036B715791} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FBE00E4-D7E5-4EB9-BB3C-3339B5DA6A1C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {08849F06-E964-4062-BA6F-ACB0F582D16F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D073FE9-5DD5-4B0F-8078-77BFD2491D33} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {307F277F-1D96-4ABE-9E91-027B417320F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B25BF34D-DAA5-4776-80C9-8D3187F63D76} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2B6AE878-7ECC-4A71-803F-19B5EFC013A9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DF6ABE72-A16E-4B93-A617-E6045ABB6181} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2CAAB260-1994-4BA6-B047-C23875657B7D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50953EB0-3EFE-49F1-941B-A907F800D53C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FA51DA4-322E-49A1-B2FD-E3B7FCC347BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB010687-4C6E-4580-80E7-949DC48230A1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6BCE6265-AFA4-44AC-9C82-FD3781158E96} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BFB6B92C-A56C-42C2-BFC6-4823E10BCB74} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D7D6F58-2DFA-477D-802B-4AD99FC29554} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {29A948D2-B545-41B1-9B7C-B7A354C6B98B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1B7A3E61-3009-4A5B-B0E2-9F6844A2F25B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C0378B7E-E50A-4864-BD7A-C35EE4F884A8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {85C3C47E-5916-438D-83B3-3D5C90CFA32A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {547A1488-7577-40E6-92B5-41ACC17D7017} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AD55F771-09A1-4D76-AFF5-377AA0E457FA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1169E2F7-1B48-4EC6-BF86-AB95CF300A74} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0E9F4DFC-A289-46B9-97A9-8F6901D4EA62} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0C89D318-0CF4-4A21-B1A2-7A9ABC353F60} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4064A8FB-565D-4515-9309-29036B715791} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FBE00E4-D7E5-4EB9-BB3C-3339B5DA6A1C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {08849F06-E964-4062-BA6F-ACB0F582D16F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D073FE9-5DD5-4B0F-8078-77BFD2491D33} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {307F277F-1D96-4ABE-9E91-027B417320F2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B25BF34D-DAA5-4776-80C9-8D3187F63D76} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2B6AE878-7ECC-4A71-803F-19B5EFC013A9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DF6ABE72-A16E-4B93-A617-E6045ABB6181} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2CAAB260-1994-4BA6-B047-C23875657B7D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50953EB0-3EFE-49F1-941B-A907F800D53C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FA51DA4-322E-49A1-B2FD-E3B7FCC347BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CB010687-4C6E-4580-80E7-949DC48230A1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6BCE6265-AFA4-44AC-9C82-FD3781158E96} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BFB6B92C-A56C-42C2-BFC6-4823E10BCB74} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1D7D6F58-2DFA-477D-802B-4AD99FC29554} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {29A948D2-B545-41B1-9B7C-B7A354C6B98B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1B7A3E61-3009-4A5B-B0E2-9F6844A2F25B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C0378B7E-E50A-4864-BD7A-C35EE4F884A8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe|Name=HP Printer Install Wizard| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {85C3C47E-5916-438D-83B3-3D5C90CFA32A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {547A1488-7577-40E6-92B5-41ACC17D7017} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2) [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Replaced (1) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.NewTab][Firefox:Config] lylj0gt4.default : user_pref("browser.newtab.url", "https://www.malwarebytes.org/restorebrowser/yhp-ff|https://www.malwarebytes.org/restorebrowser//?f=1&a=plk_rsprck_15_50&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtBtCyBtDzyyB0F0ByD0EtN0D0Tzu0StCyEtAyCtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByE0F0D0EtD0ByBtGtA0AtD0AtG0BtB0BtCtGyByD0BtDtGyC0A0DzzyCtByDtC0F0AtA0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0F0FtBtBzz0FtG0C0CtC0BtGyEtAtA0BtG0B0EtAzytGzzyEzztAzztCyE0CyD0A0AyD2QtN0A0LzutB&cr=2133537768&ir="); -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] aa43417db02f28e1c8718a4368628b16 [BSP] c1c5064f71c13ae06abe3cd18c8772e1 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 209971 MB [Windows Vista/7/8 Bootstrap | Unknown Bootloader] 3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 475543550 | Size: 721668 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: ST500DM0 02-1BD142 USB Device +++++ --- User --- [MBR] 629353dcfbd2f6ad6726720c6fce89e1 [BSP] a1488ea8db25e3bd9d82285845819086 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 292593 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/14/17 Scan Time: 7:13 AM Logfile: MBAM3.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1260 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JDH-PC\JDH -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 360530 Time Elapsed: 6 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TVNCONTROL, Delete-on-Reboot, [2245], [342276],1.0.1260 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.GeekBuddy, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\START GEEKBUDDY.LNK, Delete-on-Reboot, [2245], [342280],1.0.1260 Physical Sector: 0 (No malicious items detected) (end) # AdwCleaner v6.043 - Logfile created 14/02/2017 at 08:42:14 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : JDH - JDH-PC # Running from : C:\Users\JDH\Desktop\Downloaded\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll [-] File deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini [-] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll [-] File deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} [-] Key deleted: HKLM\SOFTWARE\Auslogics [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1842 Bytes] - [16/04/2016 08:02:53] C:\AdwCleaner\AdwCleaner[C2].txt - [4798 Bytes] - [14/02/2017 08:42:14] C:\AdwCleaner\AdwCleaner[S1].txt - [1620 Bytes] - [16/04/2016 08:01:07] C:\AdwCleaner\AdwCleaner[S2].txt - [918 Bytes] - [25/04/2016 17:06:29] C:\AdwCleaner\AdwCleaner[S3].txt - [4934 Bytes] - [14/02/2017 08:36:47] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5089 Bytes] ########## (JRT was unable to create a Restore Point.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 7 Home Premium x64 Ran by JDH (Administrator) on Tue 02/14/2017 at 8:48:55.82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Successfully deleted: C:\Users\JDH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ODNSUGU (Temporary Internet Files Folder) Successfully deleted: C:\Users\JDH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DMD7PUI (Temporary Internet Files Folder) Successfully deleted: C:\Users\JDH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9L7X8N3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\JDH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U537BQFT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ODNSUGU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DMD7PUI (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9L7X8N3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U537BQFT (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 02/14/2017 at 8:50:06.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. When my computer starts it's something else. MBAM will not start, Network will not connect, Phone Tray(caller ID) won't start, Virtual Weather Station starts but won't connect to Weather Link Yesterday I tried to open an E-card from Jacquie Lawson (I have used for years) in Firefox and it starts to play but is jerky and the picture jerks and only part is there. Sometimes a restore point is created. If I restart it is usually OK. Now MBAM will not Protect the Web. I' m in Safe mode only way to get to the internet Here are the logs, Thank you Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017 Ran by JDH (administrator) on JDH-PC (13-02-2017 06:13:18) Running from C:\Users\JDH\Desktop\Downloaded Loaded Profiles: JDH (Available Profiles: JDH) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-12-31] (COMODO) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [TaskPlus] => C:\Program Files (x86)\TaskPlus\taskplus0.exe [4653056 2006-10-26] (Contact Plus Corporation) HKLM\...\RunOnce: [GrpConv] => grpconv -o HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [Toggler] => C:\Users\JDH\Desktop\Look Here\togglr10\toggler.exe [32256 2001-01-20] (Aestas Software) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-08] (SUPERAntiSpyware) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\MountPoints2: {05fba22a-5800-11e6-a1ef-92338c9a9eb2} - H:\TL_Bootstrap.exe HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-23] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2016-05-08] ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Instant_Restore_Point.vbs [2016-05-06] () Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher Pro.lnk [2016-04-28] ShortcutTarget: MailWasher Pro.lnk -> C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe - Shortcut.lnk [2014-11-17] ShortcutTarget: Printkey.exe - Shortcut.lnk -> C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe (Fred's Software Company) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vws - Shortcut.lnk [2016-05-03] ShortcutTarget: vws - Shortcut.lnk -> C:\vws\vws.exe (Ambient, LLC) Startup: C:\Users\JDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WallMaster.lnk [2016-10-23] ShortcutTarget: WallMaster.lnk -> C:\Program Files (x86)\WallMaster\wallmast.exe (Tropical Wares) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E8F065C6-4355-457F-AC81-08B433728AE7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) Handler: WSISVCUchrome - No CLSID Value FireFox: ======== FF DefaultProfile: lylj0gt4.default FF ProfilePath: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default [2017-02-13] FF NewTab: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff hxxps://www.malwarebytes.org/restorebrowser//?f=1&a=plk_rsprck_15_50&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtBtCyBtDzyyB0F0ByD0EtN0D0Tzu0StCyEtAyCtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByE0F0D0EtD0ByBtGtA0AtD0AtG0BtB0BtCtGyByD0BtDtGyC0A0DzzyCtByDtC0F0AtA0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0F0FtBtBzz0FtG0C0CtC0BtGyEtAtA0BtG0B0EtAzytGzzyEzztAzztCyE0CyD0A0AyD2QtN0A0LzutB&cr=2133537768&ir= FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo! FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lylj0gt4.default -> Yahoo FF Homepage: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.yahoo.com?fr=fp-comodo FF Keyword.URL: Mozilla\Firefox\Profiles\lylj0gt4.default -> hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF Extension: (Simple Popup Blocker) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\@simplepopupblocker.xpi [2016-02-07] FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2016-05-13] FF Extension: (Email This! Bookmarklet Extension) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\gmailthis@lazyrussian.com.xpi [2016-04-27] FF Extension: (RememberPass) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\rememberpass@teesoft.info.xpi [2016-08-03] FF Extension: (Saved Password Editor) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2016-11-30] FF Extension: (Show Password) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\showpassword@pratikpoddar.xpi [2016-04-27] FF Extension: (Show Password Field) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\ShowPasswordField@danilo.treffiletti.it.xpi [2016-04-27] FF Extension: (Show/hide passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\shpassword@shpassword.fr.xpi [2016-04-27] FF Extension: (uBlock Origin) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\uBlock0@raymondhill.net.xpi [2017-01-26] FF Extension: (Unhide Passwords) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2016-04-27] FF Extension: (WOT) - C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-02] FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF SearchPlugin: C:\Users\JDH\AppData\Roaming\Mozilla\Firefox\Profiles\lylj0gt4.default\searchplugins\google-lavasoft.xml [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\JDH\AppData\Roaming\IDM\idmmzcc5 [2017-02-13] [not signed] FF HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-23] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2004-09-08] (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-23] (AVAST Software) S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-12-31] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-12-31] (COMODO) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-25] (Paramount Software UK Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed] S2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [14696 2015-02-21] (Traysoft Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] S2 HPSLPSVC; C:\Users\JDH\AppData\Local\Temp\7zS4926\hpslpsvc64.dll [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-23] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-23] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-23] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-23] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-23] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software) S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-11-12] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-11-12] (Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-10-22] (Samsung Electronics Co., Ltd.) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2017-02-13] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes) S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-02] (CACE Technologies, Inc.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-10-22] (Samsung Electronics Co., Ltd.) S3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2016-05-27] () ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys FCE5C79717A487BDC71F3DEC78A684CA C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys 9B480B472D6826E7257C90E2D0EE2954 C:\Windows\system32\drivers\aswKbd.sys 06362BBA1347CBA0996F4B39BB1D8353 C:\Windows\system32\drivers\aswMonFlt.sys 1BB00571CC2C78463ABD7E9C32970758 C:\Windows\system32\drivers\aswRdr2.sys 7010B57D708DA5C9686A5923EE621776 C:\Windows\System32\Drivers\aswRvrt.sys 937885085BFE5BD08EC1BC0245DD203B C:\Windows\system32\drivers\aswSnx.sys 0B6352251C5D84130DF4252D33D266C2 C:\Windows\system32\drivers\aswSP.sys 28213B34725B18387CC1B8C3D73858A1 C:\Windows\system32\drivers\aswStm.sys 9C58B6E9663D0A76D00D83E43C765BDF C:\Windows\System32\Drivers\aswVmm.sys D60D9201739400F0FBDB9E36A3212D91 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys 7D0398396727195CC73D703001D3CFF4 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CAXHWBS3.sys 9999C3A1B6A489725276FECE9E591BBA C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573 C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cmderd.sys 35A080F85AFD87DBB8FC46A71F1BB64F C:\Windows\System32\DRIVERS\cmdguard.sys FF4E219188E82223859CDD792A9984D0 C:\Windows\System32\DRIVERS\cmdhlp.sys 424F5C28BEED375E168ABAB5A9421966 C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4 C:\Windows\System32\drivers\CHDRT64.sys 1635CED9C1FB6182B11BD62AA4F744B6 C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\DDDriver64Dcsa.sys 3802CBF4BDDE6F99974B27EE1782E5F9 C:\Windows\System32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F C:\Windows\System32\DRIVERS\ssudbus.sys 9593475FBC857A05D93BFF4FA7323C2B C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\system32\drivers\mbae64.sys BE8117569CAA36E03683CC1BACEA1347 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CAX_DPV.sys F6AC1087A131FBB385400667BEA64FBE C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\idmwfp.sys 0EF1E8299F58E1369B067F7B65D9F773 C:\Windows\System32\DRIVERS\igdkmd64.sys CEFA6BDB4789F3DA003ACBDCC64F5877 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\inspect.sys 656AF6A95CF04D5CCFBE4F32986627F2 C:\Windows\System32\DRIVERS\IntcDAud.sys 87871AB7AC797F922A6F3D4C874CED96 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 6F5F0C6160EF237F0243C1E416EEBA98 C:\Windows\System32\Drivers\ksecpkg.sys 05529E53B286FD60E7EF04EF138CABFD C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860 C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8 C:\Windows\System32\drivers\MBAMChameleon.sys 3BEC6134F1E45AEF5E971F69F0D38510 C:\Windows\system32\drivers\mbam.sys 88BD122C3A35DE63D75D382DF75554CE C:\Windows\system32\drivers\MBAMSwissArmy.sys BDE2FC7213C0897524C1357BAAE30239 C:\Windows\System32\DRIVERS\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\drivers\MODEMCSA.sys E38AEF079CD3BCFA19F2072A214F829D C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F C:\Windows\System32\DRIVERS\mrxsmb.sys 632E8A00090E4F85F304E152C92C7F2C C:\Windows\System32\DRIVERS\mrxsmb10.sys 0D9C05484F2F4BD9D33A615D5DBE67EA C:\Windows\System32\DRIVERS\mrxsmb20.sys 6123E6FECC1C164022868FB1982271BE C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\drivers\npf.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694 C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\drivers\SiUSBXp.sys 55C26C510199730D3EB87DB9CB77ED29 C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495 C:\Windows\System32\DRIVERS\VSTBS36.SYS A42B22601CC2754428B5F82E040FD1C7 C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04 C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396 C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225 C:\Windows\System32\DRIVERS\ssudmdm.sys 592FF34A2FD6C6351B8A3AA76B2C0A9E C:\Windows\System32\DRIVERS\stdriverx64.sys 85ED16A3FEC14DADEE42938FEA34BF8E C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201 C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201 C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736 C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C C:\Windows\System32\DRIVERS\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43 C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CAX_CNXT.sys 1EDBBF412A382550AF6EB35F5E46928E C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 06:13 - 2017-02-13 06:13 - 00000000 ____D C:\FRST 2017-02-13 05:56 - 2017-02-13 05:56 - 00002008 _____ C:\Users\JDH\Desktop\JRT.txt 2017-02-12 16:03 - 2017-02-12 16:03 - 00000045 _____ C:\Users\JDH\Desktop\1.txt 2017-02-08 06:32 - 2017-02-08 06:32 - 00001256 _____ C:\Users\JDH\Desktop\Contacts - Shortcut.lnk 2017-02-06 11:33 - 2017-02-06 11:39 - 00000000 ____D C:\Users\JDH\AppData\Roaming\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00001871 _____ C:\ProgramData\Desktop\ImgBurn.lnk 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2017-02-06 11:32 - 2017-02-06 11:32 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2017-02-06 06:00 - 2017-02-06 06:00 - 00001589 _____ C:\Users\JDH\Desktop\mbam - Shortcut.lnk 2017-02-05 09:01 - 2017-02-05 09:01 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2016 al 2017-02-05 08:17 - 2017-02-06 09:33 - 00000000 ____D C:\Users\JDH\Desktop\Taxact 2015 all 2017-02-03 09:13 - 2017-02-03 09:19 - 00000000 ____D C:\Users\JDH\Desktop\New folder 2017-02-03 09:11 - 2017-02-04 06:26 - 00000000 ____D C:\Users\JDH\Desktop\Taxes all 2017-02-02 18:27 - 2017-02-05 09:06 - 00000000 ____D C:\Users\JDH\Desktop\Tax 16 first 2017-02-02 18:25 - 2017-02-05 09:06 - 00000046 _____ C:\Windows\TaxAct16.ini 2017-02-02 18:25 - 2017-02-05 08:13 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2016 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\Users\Public\Desktop\TaxAct 2016.lnk 2017-02-02 18:25 - 2017-02-02 18:25 - 00001598 _____ C:\ProgramData\Desktop\TaxAct 2016.lnk 2017-02-02 18:07 - 2017-02-08 18:06 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job 2017-02-02 18:07 - 2017-02-06 06:16 - 00000506 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job 2017-02-02 18:07 - 2017-02-02 18:07 - 00003502 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b 2017-02-02 18:07 - 2017-02-02 18:07 - 00003298 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4 2017-02-02 17:53 - 2017-02-02 17:53 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-02-02 17:53 - 2017-02-02 17:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-02-02 17:53 - 2017-02-02 17:53 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-02-02 17:53 - 2017-02-02 17:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-02-02 14:33 - 2017-02-02 14:33 - 00000000 ____D C:\Users\JDH\AppData\Local\PDFCreator 2017-02-02 12:54 - 2016-08-23 14:37 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-01 15:29 - 2017-02-01 15:31 - 00000000 ____D C:\Users\JDH\Downloads\HP Downloads 2017-02-01 06:25 - 2017-02-01 06:26 - 00000000 ____D C:\Users\JDH\New folder 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\Users\Public\Documents\Thumbs.db 2017-02-01 06:01 - 2017-02-01 06:02 - 00037376 ___SH C:\ProgramData\Documents\Thumbs.db 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Broderbund 2017-01-31 15:01 - 2017-01-31 15:01 - 00000000 ____D C:\ProgramData\Broderbund 2017-01-31 15:00 - 2017-02-02 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\Users\Public\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00002137 _____ C:\ProgramData\Desktop\Mavis Beacon Teaches Typing 18.lnk 2017-01-31 15:00 - 2017-01-31 15:00 - 00000000 ____D C:\Program Files (x86)\Broderbund 2017-01-27 08:57 - 2017-02-13 02:40 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-01-27 08:56 - 2017-02-13 03:11 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-27 08:56 - 2017-02-13 03:11 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-01-27 08:56 - 2017-02-13 03:11 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-01-27 08:56 - 2017-02-13 03:11 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-01-27 08:56 - 2017-01-27 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-27 08:56 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-26 17:25 - 2017-01-26 17:25 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-26 07:41 - 2016-10-17 08:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2017-01-26 06:20 - 2017-01-26 06:20 - 00003156 _____ C:\Windows\System32\Tasks\{AB593C68-8660-4707-B8E7-32BCD60B4C29} 2017-01-21 10:50 - 2017-01-21 10:50 - 00003524 _____ C:\Windows\System32\Tasks\{2CC25046-AA9B-4949-82CA-8712B8B445C2} 2017-01-17 05:54 - 2017-01-17 05:54 - 00000000 ____H C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 00000000 _____ C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 06:13 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Downloaded 2017-02-13 06:09 - 2016-11-21 06:09 - 00000000 ____D C:\Users\JDH\AppData\LocalLow\Mozilla 2017-02-13 03:11 - 2016-05-29 14:45 - 01209414 _____ C:\Windows\ntbtlog.txt 2017-02-13 03:09 - 2016-05-04 08:33 - 00000000 ____D C:\ProgramData\TEMP 2017-02-13 03:09 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\DMCache 2017-02-13 02:50 - 2009-07-13 22:13 - 00928544 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-13 02:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2017-02-13 02:45 - 2016-05-03 08:05 - 00000000 ____D C:\Users\JDH\AppData\Roaming\MailWasherPro 2017-02-13 02:44 - 2016-05-02 17:40 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2017-02-13 02:44 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-13 02:43 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-13 02:43 - 2009-07-13 21:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-13 02:35 - 2016-05-02 22:03 - 00000000 __SHD C:\Users\JDH\IntelGraphicsProfiles 2017-02-13 02:34 - 2016-05-04 04:49 - 00000000 ____D C:\Users\Public\Documents\PhoneTray 2017-02-13 02:34 - 2016-05-04 04:49 - 00000000 ____D C:\ProgramData\Documents\PhoneTray 2017-02-12 15:56 - 2016-05-02 17:19 - 00000000 ___RD C:\Users\JDH\Desktop\Look Here 2017-02-12 12:26 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job 2017-02-12 12:26 - 2016-05-02 12:37 - 00000000 ____D C:\Users\JDH 2017-02-09 05:36 - 2016-05-06 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-02-06 10:43 - 2017-01-05 14:15 - 00000462 _____ C:\Windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job 2017-02-06 10:33 - 2016-11-22 06:06 - 00000046 _____ C:\Windows\TaxAct15.ini 2017-02-06 09:42 - 2016-11-22 06:07 - 00000050 _____ C:\Windows\SysWOW64\msxkwn.vxp 2017-02-06 09:42 - 2016-10-08 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT 2017-02-06 06:16 - 2016-05-02 17:22 - 00000000 ____D C:\Users\JDH\Desktop\Trial Authors 2017-02-05 18:04 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Icons 2017-02-05 08:24 - 2016-05-05 13:41 - 00000000 ____D C:\Users\JDH\AppData\Roaming\vlc 2017-02-04 09:49 - 2016-05-04 14:14 - 00000000 ____D C:\Program Files (x86)\ACCUCHEF6 2017-02-04 09:29 - 2016-05-03 17:29 - 00009018 _____ C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-02-04 06:29 - 2017-01-03 06:06 - 00000000 ____D C:\Users\JDH\Documents\TAXACT 2015 2017-02-03 09:14 - 2014-10-04 17:34 - 00000000 ____D C:\TaxACT 2017-02-03 06:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-03 06:11 - 2016-05-02 18:38 - 00000000 ____D C:\Users\JDH\AppData\Local\ElevatedDiagnostics 2017-02-02 18:06 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2017-02-02 18:05 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-02-02 17:59 - 2016-05-02 21:46 - 00000000 ____D C:\Windows\system32\MRT 2017-02-02 17:54 - 2016-05-02 21:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-02 16:03 - 2016-05-02 18:29 - 00003880 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462238943 2017-02-02 14:44 - 2016-05-02 22:03 - 00000000 ____D C:\Users\JDH\AppData\Roaming\Adobe 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-02 13:03 - 2016-05-04 14:25 - 00000000 ____D C:\ProgramData\Skype 2017-02-02 12:57 - 2016-08-23 14:40 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-02-02 12:53 - 2016-12-08 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2017-02-02 12:53 - 2016-05-24 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3 2017-02-02 12:53 - 2016-05-07 08:01 - 00000000 ____D C:\Program Files\PDFCreator 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\Users\Public\Documents\Downloaded 2017-02-02 12:52 - 2017-01-13 09:25 - 00000000 ____D C:\ProgramData\Documents\Downloaded 2017-02-02 12:52 - 2016-11-11 11:37 - 00000000 ____D C:\ProgramData\PCDr 2017-02-02 12:52 - 2016-10-11 08:23 - 00000000 ____D C:\ProgramData\Macrium 2017-02-02 12:52 - 2016-10-08 08:31 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IrfanView 2017-02-02 12:52 - 2016-05-30 07:23 - 00000000 ____D C:\ProgramData\Comodo 2017-02-02 12:52 - 2016-05-24 05:13 - 00000000 ____D C:\Program Files\Tracker Software 2017-02-02 12:52 - 2016-05-20 09:40 - 00000000 ____D C:\Users\JDH\AppData\Local\QuickenWindow 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-14 08:50 - 00000000 ____D C:\ProgramData\Documents\iSkysoft 2017-02-02 12:52 - 2016-05-10 17:32 - 00000000 ____D C:\Program Files (x86)\Kyodai Mahjongg 2017-02-02 12:52 - 2016-05-08 14:45 - 00000000 ____D C:\Users\JDH\AppData\Local\Traysoft_Inc 2017-02-02 12:52 - 2016-05-06 17:05 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-02-02 12:52 - 2016-05-05 16:32 - 00000000 ____D C:\Program Files (x86)\On This Day 2017-02-02 12:52 - 2016-05-05 16:30 - 00000000 ____D C:\Program Files (x86)\Second Site 2017-02-02 12:52 - 2016-05-05 05:25 - 00000000 ____D C:\ProgramData\Logitech 2017-02-02 12:52 - 2016-05-04 08:29 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2017-02-02 12:52 - 2016-05-04 05:12 - 00000000 ____D C:\ProgramData\Adobe 2017-02-02 12:52 - 2016-05-03 12:24 - 00000000 ____D C:\ProgramData\Intuit 2017-02-02 12:52 - 2016-05-03 12:15 - 00000000 ____D C:\ProgramData\LogiShrd 2017-02-02 12:52 - 2016-05-02 21:29 - 00000000 ____D C:\Program Files (x86)\WallMaster 2017-02-02 12:52 - 2016-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Password Corral v4.0 2017-02-02 12:52 - 2016-05-02 18:19 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-02-02 12:52 - 2016-05-02 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2017-02-02 12:52 - 2016-05-02 14:22 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2017-02-02 12:52 - 2016-05-02 14:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2017-02-02 12:52 - 2016-05-02 13:41 - 00000000 ____D C:\ProgramData\HP 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Users\JDH\AppData\Local\NETGEARGenie 2017-02-02 12:52 - 2016-05-02 12:48 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie 2017-02-02 12:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2017-02-01 15:44 - 2016-12-26 18:08 - 00000000 ____D C:\Users\JDH\AppData\Local\CrashDumps 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\Users\Public\Documents\Track 2017-02-01 06:01 - 2016-10-26 13:28 - 00000000 __RSD C:\ProgramData\Documents\Track 2017-01-31 16:26 - 2016-05-08 07:40 - 00114424 _____ C:\Users\JDH\AppData\Roaming\GDIPFONTCACHEV1.DAT 2017-01-29 06:09 - 2016-05-04 08:29 - 00000000 ____D C:\Users\JDH\AppData\Roaming\IDM 2017-01-28 05:30 - 2016-05-02 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-27 18:31 - 2016-11-21 06:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-26 17:25 - 2016-10-17 08:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-26 06:19 - 2016-05-04 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2017-01-24 06:23 - 2016-05-02 17:20 - 00000000 ____D C:\Users\JDH\Desktop\Hold 2017-01-24 05:58 - 2016-05-02 17:18 - 00000000 ____D C:\Users\JDH\Desktop\Geneology programs 2016 2017-01-23 05:52 - 2016-05-14 17:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-23 05:52 - 2016-05-14 17:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-23 05:52 - 2016-05-14 17:16 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-23 05:52 - 2016-05-04 14:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-21 10:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME 2017-01-21 10:50 - 2016-12-30 08:50 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo 2017-01-21 10:50 - 2016-06-11 04:50 - 00000000 ____D C:\Users\JDH\AppData\Local\Deployment 2017-01-14 06:45 - 2016-05-02 17:21 - 00000000 ____D C:\Users\JDH\Desktop\MP3A ==================== Files in the root of some directories ======= 2016-05-06 13:58 - 2016-05-06 13:54 - 0002095 _____ () C:\Program Files\Instant_Restore_Point.vbs 2016-05-23 13:48 - 2016-05-23 13:44 - 0004107 _____ () C:\Program Files (x86)\0x0409.ini 2016-05-23 13:48 - 2016-05-23 13:45 - 21244416 _____ () C:\Program Files (x86)\Ancestral Quest 14.msi 2016-05-06 08:44 - 2014-07-11 12:09 - 0001786 _____ () C:\Program Files (x86)\Instant_Restore_Point.zip 2016-05-27 04:53 - 2016-05-27 04:53 - 0001181 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt 2016-05-27 04:53 - 2016-05-27 04:53 - 0000000 _____ () C:\Users\JDH\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2016-05-03 17:29 - 2017-02-04 09:29 - 0009018 _____ () C:\Users\JDH\AppData\Roaming\wklnhst.dat 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 ____H () C:\Users\JDH\AppData\Local\BIT88ED.tmp 2017-01-17 05:54 - 2017-01-17 05:54 - 0000000 _____ () C:\Users\JDH\AppData\Local\{2EDF955E-7F4F-4A04-9FE8-8DA3002B4E48} 2016-05-04 08:26 - 2016-05-19 15:08 - 0001100 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-31 11:42 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017 Ran by JDH (13-02-2017 06:13:59) Running from C:\Users\JDH\Desktop\Downloaded Windows 7 Home Premium Service Pack 1 (X64) (2016-05-02 19:37:43) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2061720530-3619408701-3326269976-500 - Administrator - Disabled) ASPNET (S-1-5-21-2061720530-3619408701-3326269976-1002 - Limited - Enabled) Guest (S-1-5-21-2061720530-3619408701-3326269976-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2061720530-3619408701-3326269976-1005 - Limited - Enabled) JDH (S-1-5-21-2061720530-3619408701-3326269976-1000 - Administrator - Enabled) => C:\Users\JDH ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3MCloudLibrary PC (QML) 1.38 (HKLM-x32\...\3MCloudLibrary PC (QML)) (Version: 1.38 - 3M) 7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov) AccuChef (HKLM-x32\...\AccuChef) (Version: - ) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe PhotoDeluxe Home Edition 4.0 (HKLM-x32\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC) Ancestral Quest 14 (HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\InstallShield_{9D8D4F74-CB30-4DCD-8FAA-C3F2FA31112D}) (Version: 14.00.0033 - Incline Software, LC) Ancestral Quest 14 (x32 Version: 14.00.0033 - Incline Software, LC) Hidden Angel Sound (HKLM-x32\...\{8C8FC4CE-542B-48AA-9804-539A0018C419}) (Version: 5.08.03 - ) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell) Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.50 - NCH Software) Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) GenSmarts (HKLM-x32\...\GenSmarts_is1) (Version: - Underwood Innovations, LLC) Golden Records Vinyl to CD Converter (HKLM-x32\...\Golden) (Version: - NCH Software) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\{7F1C9E82-84D4-4EBC-BA12-B0BA927D9DD7}) (Version: 1.1.1 - Encore Software, Inc.) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Kazoo Player (HKLM-x32\...\Kazoo Player) (Version: - ) Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version: - Rene-Gilles Deberdt) Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Logitech Camera Diagnostic (HKLM-x32\...\LogiUCDiagnostic) (Version: 1.1.74.0 - Logitech Europe S.A.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version: - ) MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mavis Beacon Teaches Typing 18 (HKLM-x32\...\{5B049B61-0684-460E-A5F2-5EC314590344}) (Version: 18.00.0000 - Broderbund) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Digital Image Standard 2006 (HKLM-x32\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8260 - MyHeritage.com) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.) On This Day (HKLM-x32\...\On This Day) (Version: - ) OverDrive for Windows (HKLM-x32\...\{6D84D59B-38CD-41B1-A73A-9AB4C4C009BF}) (Version: 3.4.2 - OverDrive, Inc.) PaperPort 7.0 (HKLM-x32\...\PaperPort 7.0) (Version: - ) Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version: - Cygnus Productions) PCIe Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCIE_HSF) (Version: 7.80.5.0 - Conexant Systems) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH) PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version: - Traysoft Inc.) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.80 - NCH Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) RogueKiller version 12.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.6.0 - Adlice Software) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Second Site (HKLM-x32\...\Second Site) (Version: - ) Sid Meier's Pirates! (HKLM-x32\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 2.00.0000 - Firaxis Games) Sid Meier's Pirates! (x32 Version: 2.00.0000 - Firaxis Games) Hidden Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - ) Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version: - ) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.08 - NCH Software) Task Plus 3.9.9.6 (HKLM-x32\...\Task Plus 3.9.9.6) (Version: - ) TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 0.90 - TaxACT, Inc.) TaxAct 2015 1040 Edition (HKLM-x32\...\TaxAct 2015 1040 Edition) (Version: 1.09 - TaxAct, Inc.) TaxAct 2015 New Mexico (HKLM-x32\...\TaxAct 2015 New Mexico) (Version: 1.0 - TaxAct, Inc.) TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.02 - TaxAct, Inc.) TaxAct 2016 New Mexico (HKLM-x32\...\TaxAct 2016 New Mexico) (Version: 1.0 - TaxAct, Inc.) The Master Genealogist (for JDH) (HKLM-x32\...\The Master Genealogist (for JDH)) (Version: 6.x - Wholly Genes Software) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.20 - Tweaking.com) Virtual Weather Station (HKLM-x32\...\{0F5E3399-70D0-4816-BDD7-17376BFD076C}) (Version: 6.0.90 - Ambient Weather) Virtual Weather Station (HKLM-x32\...\{CD4215A0-AAF4-11D5-8879-0800460222F0}) (Version: 1.0.0 - Ambient, LLC) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WallMaster (HKLM-x32\...\WallMaster) (Version: 2.4a - Tropical Wares) WeatherLink 6.0.3 (HKLM-x32\...\{E344C807-7DE0-4CC2-81BB-1F895CF8CBDF}) (Version: 6.0.3 - Davis Instruments Corp.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Works Suite OS Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works Synchronization (x32 Version: 1.0.0.0000 - Your Company Name) Hidden Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042BE508-9228-4316-ADB7-91EA9426EBC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {04AEBCEB-A396-454F-B34A-4EC54E171EF1} - System32\Tasks\{EED08AEF-5C42-4101-A7D3-99CB11BBA175} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {0D0DF84B-2AEC-4E12-94F9-59ED465E50BE} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2016-10-21] (SUPERAdBlocker.com) Task: {0FC8E73E-0BE2-4D70-8628-88D7CDBA5FA1} - System32\Tasks\{F5381A97-016C-462D-8CD8-398B10122A66} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Task: {1175E6B0-0DA4-4888-A5E0-F1CA103559F6} - System32\Tasks\{8270E849-7D4F-4477-A3A2-12AEBA5EB83F} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {1223A4C1-8777-492C-B035-041CEBFBF681} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-31] (COMODO) Task: {19CC3F09-AE20-472A-9046-760CCBB1BEE6} - System32\Tasks\{41CF331B-CF44-442B-86AD-FD69FA233841} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {1A07B1E0-2F83-4F87-ABC5-E5FC9C8D2632} - \Seagate_Install_Launch -> No File <==== ATTENTION Task: {1A8BE35F-E161-45E4-BE13-6C3E05C992FE} - System32\Tasks\{2CC25046-AA9B-4949-82CA-8712B8B445C2} => pcalua.exe -a C:\Users\JDH\AppData\Local\Apps\2.0\6OG1TXNR.BJV\N4NBWEA4.AB4\lsb...tion_2d7b41b05b24775e_0001.0006_4bceeba4eec9b58a\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=2d7b41b05b24775e, processorArchitecture=msil" Task: {249A49D9-CBE5-4CB3-B496-65E9697DE523} - System32\Tasks\{8C87EA47-6027-4549-BEE5-4378179BB340} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-01-23] (Skype Technologies S.A.) Task: {2887828A-EE17-49D8-99FA-EC7574318D91} - System32\Tasks\{98ADB776-4ECF-4AC8-A9E2-2F58595F7155} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {31E144DD-C3E8-4FA1-B668-87E93C4D9454} - System32\Tasks\{AFF8E77B-EA56-45C4-BCEF-32E4EF6D1B2B} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {32B3A1AD-F321-4516-98C3-473DCDE945DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-23] (AVAST Software) Task: {3CF0E9A9-45B6-4B8D-881C-AE6D0C5F212D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {40794810-9B99-446C-A1D7-687432ABC0D8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe Task: {4206A202-E25C-4B71-802F-69EBF547FE26} - System32\Tasks\{EAEA4D46-7A05-4EAF-862E-F5A42B6192C2} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\irfanview_plugins_442_setup.exe -d C:\Users\JDH\AppData\Roaming\IDM Task: {44B12EF7-586B-41F9-94D3-88DE06C9E5B1} - System32\Tasks\{095EB12E-B5D9-442C-9D22-F1639B0C3C03} => G:\Installed 1-28-2014\cfw_installer.exe Task: {45B44890-5B57-4F3E-8917-F78EEC7B1D14} - System32\Tasks\{06C03EDC-0947-4C59-A1AD-06A3D039F5EF} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {498FBA70-3B72-42D5-83FE-2AF578B5C2CA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {57F15C39-9C2C-4359-8587-2B67A02D60A5} - System32\Tasks\{AB593C68-8660-4707-B8E7-32BCD60B4C29} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\iview444_setup.exe -d C:\Users\JDH\Desktop\Downloaded Task: {586DCD05-05E3-47AD-B817-4195A8257965} - System32\Tasks\Amazon Music Helper => C:\Users\JDH\AppData\Local\Amazon Music\Amazon Music Helper.exe Task: {6360D140-A708-449A-AD07-D2099DAA1D8A} - System32\Tasks\{1BD2978F-AD8C-4B6D-90DF-AD5FF6ADB2CE} => G:\Installed 1-28-2014\cfw_installer.exe Task: {671BE522-F588-4924-AA3E-251130B62C6B} - System32\Tasks\{453B52F3-ABE7-48BC-8040-65A962F2C3EE} => C:\Users\JDH\Desktop\Downloaded\ReflectDL.exe Task: {67385A92-F8E3-491D-A60F-46F341C8E9A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe Task: {679C6681-B021-4B74-8799-CEA044DE0A6D} - System32\Tasks\{62A5050D-2305-4418-BF15-E8BA27E76897} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {6CBC10B1-EDFB-43D9-980E-6DF3ABFA282E} - System32\Tasks\{081F98BF-76A8-432E-A483-EF4C64418D52} => C:\Users\JDH\Desktop\Downloaded\cmd_fw_installer_6113_c7.exe Task: {71657613-BB30-42E6-BBD7-2E156CDD770C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {718BF64F-B02B-4E69-8956-919F799E19C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.) Task: {75E940AC-997A-4DB1-8957-5D17CB630C6A} - System32\Tasks\{0CEF0028-8057-4F93-93C6-9AB49871E957} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {77F483C9-89DD-49D0-94FA-9216B2F112A0} - System32\Tasks\{CAAFE37D-ADE4-4539-A348-1F7BF5B43408} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {78E7F8E4-47BD-401A-8756-548FA46E394B} - System32\Tasks\{0767326D-7D28-4922-882F-BFE72176711E} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {7E5E60F5-62BE-40AA-BD6A-E2B816DB08AC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {7F3D4613-91C9-4B4A-82E0-BC5112B4672A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {7F781B12-D64E-4D82-95C0-BF4619C46092} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {8252D636-70CC-4EBD-92F6-E27A395B5218} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {829FE975-7CED-44FB-ACBA-32FD78672B11} - System32\Tasks\{764CCB02-3217-4EED-B7BC-6A94A8AE451A} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {8C4B9790-466E-4A35-81A6-AE5B42A90171} - System32\Tasks\SafeZone scheduled Autoupdate 1462238943 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {8C646C2E-7544-4E7C-A965-250D30479C0B} - System32\Tasks\{CAE1FBF1-67E7-4137-B590-456AA4A48B5F} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {92CBF185-3762-47C8-98D8-2135CCE1823F} - System32\Tasks\{3BAFCCF7-0EA2-45AC-A769-08B13AA1E5DF} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {98DA179C-60D7-4C33-941A-3BDA3FD34D74} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-31] (COMODO) Task: {994D232C-E8CD-439C-A74A-7B8A40C04AB4} - System32\Tasks\{EFFB50B4-47E6-46CB-8538-A9431F71837C} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\prodemo.exe -d C:\Users\JDH\Desktop\Downloaded Task: {9DD27CD6-8EE0-419B-B4D7-CF2086FF2E92} - System32\Tasks\{CEA11EB9-58BB-4F94-A9FC-4D6E9DE98734} => G:\Installed 1-28-2014\Hoyle Board Puzzle\HoylePuzzleBoardGames2012.exe Task: {A1F1C10D-0B75-41C1-BABA-A56CBD77D1AA} - System32\Tasks\Instant Restore Point => C:\Users\JDH\Desktop\Enable_System_Restore.reg Task: {A4234BB1-898D-4E2F-B107-E2F11F25FC8C} - System32\Tasks\{DDE60B7D-BBE9-4EA4-9827-8FFED1E38D53} => pcalua.exe -a C:\Users\JDH\Desktop\Downloaded\sp76302.exe -d C:\Users\JDH\AppData\Roaming\IDM Task: {A650D7C9-19EE-46A6-97F8-459D855A18AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {A7C610A6-22C8-4AEC-8898-3040DD3E15F4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-31] (COMODO) Task: {AAE2FDBD-7A49-40F8-AC94-B55B03AB73DC} - System32\Tasks\{806FBC91-4D78-4FA8-981C-FE76CBB89812} => J:\Seagate Dashboard Installer.exe Task: {AE46E20A-C51A-4DB5-8400-CA83D6CBF400} - System32\Tasks\{09E56518-161F-4049-A8B8-84F1258F4010} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {B2FA4A26-19FA-4CF4-B14E-2A3EF51C35EB} - System32\Tasks\{ADF3114F-34E7-4005-8E43-68AE2E98BC89} => C:\vws\vws.exe [2014-01-31] (Ambient, LLC) Task: {B5FCC42F-4AC5-48BF-B543-4683709CA593} - System32\Tasks\{7D8C7752-565E-4428-9309-ED15B3736612} => C:\Program Files\HP PhotoSmart\Photo Printing\Hpi_Print.exe [2000-01-28] () Task: {B9E9EA9F-6928-49C2-B0CC-B34890336F78} - System32\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2016-10-21] (SUPERAdBlocker.com) Task: {BDC9665C-316D-4575-BB40-FD8D7004A23C} - System32\Tasks\{E627E7B8-A902-473C-90CE-BC831A7F2133} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {C0F7C841-9B56-4117-B3C1-AF82CFF82CB2} - System32\Tasks\{AB49E33D-2BE3-4A67-8E9E-00B6214A9210} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.3.1665_reflect_setup_free_x64.exe Task: {C4436F99-6091-4470-922A-D6412EF446B1} - System32\Tasks\{75890868-D4B2-4A1D-8440-C9F543A297A9} => C:\Users\JDH\Desktop\Downloaded\VueMinder_Lite_Setup.exe Task: {C5DA29B4-D0A1-43A0-B05B-AD7DF8FAC6A9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-31] (COMODO) Task: {C9983F33-34B9-4E6B-94AF-5E7E3952CB9F} - System32\Tasks\{C9D6417A-B312-4958-A00E-2A0EF6D0B142} => G:\Installed 1-28-2014\cfw_installer.exe Task: {CD0CEF0F-427F-4BD6-AE4F-AEA2C2A857E9} - System32\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4} => C:\program files\macrium\reflect\Reflect.exe [2016-12-25] (Paramount Software UK Ltd) Task: {D0068933-101A-40B7-BABA-0E4879545361} - System32\Tasks\{40D7A763-9FB1-4C46-AA5F-BBBDCA820EE6} => C:\Program Files (x86)\Adobe\PhotoDeluxe Home Edition 4.0\PD4.exe [2016-05-03] (Adobe Systems, Inc.) Task: {D56D8D01-72D3-4017-8880-3E1ABC48F83F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe Task: {DB8479F0-DA7F-46EA-AD2D-4440E2632C17} - System32\Tasks\{95C90735-7BA6-425F-A88C-E10955A5479F} => C:\Program Files (x86)\Hoyle\Hoyle Puzzle and Board Games 2012\Hoyle Puzzle Games.exe [2011-11-14] (Encore Software, Inc.) Task: {DDCF9169-B3D8-4A51-8E46-8DA1553161B2} - System32\Tasks\{B8DBF594-3073-4700-BB11-6B728A98FF57} => C:\Users\JDH\Desktop\Downloaded\ReflectDL.exe Task: {E094EEFD-3622-4A83-9584-86B447D57328} - System32\Tasks\{0BE401E4-322F-494D-8FB0-EE9849E2D159} => pcalua.exe -a "G:\Installed 1-28-2014\Accuchef\quick66.exe" -d "G:\Installed 1-28-2014\Accuchef" Task: {E1C388DF-B7E6-4EA8-8AC6-97BDD35195EA} - System32\Tasks\{20057952-9B11-4BB9-8771-579F10484968} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {E89EF427-C383-45F0-98B7-75CACE68E44C} - System32\Tasks\{7B0CC61C-9C93-4FF7-AB7D-1252FEE4E99A} => C:\Users\JDH\Desktop\Downloaded\Macrium\v6.2.1549_reflect_setup_free_x64.exe Task: {E9B96CA7-0938-4256-A54D-ED12A272C0A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-07] (Google Inc.) Task: {EB336520-5095-4791-BCFA-1E63593275BB} - System32\Tasks\{4498D62C-2EE8-4C76-9378-C499F2ECFFC8} => J:\Seagate Dashboard Installer.exe Task: {ED474245-0F95-4498-B1B2-8BCAC1FBB29F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe Task: {EDF3B622-DABB-4D0D-9115-F5AF1D39ED34} - System32\Tasks\{C3B22D8C-C3AB-4514-A42F-FC050475CAE4} => C:\Users\JDH\Desktop\Downloaded\AQ14s.exe Task: {F02284C6-8774-43AA-AD8C-95290888D65F} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-31] (COMODO) Task: {F1649E90-22B3-46B1-8BF3-0B0A8A056C9F} - System32\Tasks\{55A96AC1-A544-4F10-BFF0-E8E40990504A} => C:\Program Files (x86)\Firaxis Games\Sid Meier's Pirates!\Pirates!.exe [2005-09-17] (Firaxis Games) Task: {F26291AF-4BA0-4D9F-B97C-84AB9E952B71} - System32\Tasks\{4D7DD50A-9807-4BF6-B39A-DC0888EB8A99} => C:\Users\JDH\Desktop\Look Here\Stuff\Printkey.exe [1998-11-27] (Fred's Software Company) Task: {FB30624B-11EA-4D1B-AC42-1F1355AC36E0} - System32\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6} => C:\program files\macrium\reflect\Reflect.exe [2016-12-25] (Paramount Software UK Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Macrium-Backup-{69180D91-BEF5-4045-B0A9-EA4B458A8BC6}.job => C:\program files\macrium\reflect\Reflect.exe _-e -w -dp F:\Macrium Backups\JDH new 1-5.xml Task: C:\Windows\Tasks\Macrium-Backup-{F70D7231-9FAB-4D22-B2B0-6B610DBEE6C4}.job => C:\program files\macrium\reflect\Reflect.exe _-e -w -dp F:\Macrium Backups\JDH new 1-5.xml Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3f1f44a8-e210-4cb8-b57e-272b2c789db4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e3e4729d-69d2-4718-b283-e888745da81b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\JDH\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\JDH\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============== 2017-01-26 17:25 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-27 08:56 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-26 17:25 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-01-23 05:52 - 2017-01-23 05:52 - 19762776 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [130] AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\_MSRSTRT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPBMINI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lvcod64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUI64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LVUIRC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BDEADMIN.CPL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatImap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatMail_v7_9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChilkatMHT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevManagerCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx0411.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftlx041e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftsrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LogiDPPApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lvcodec2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LVUI2RC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSFLXGRD.OCX:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\skype4com.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Tutil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DDDriver64Dcsa.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\DellProf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvrs64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\lvuvc64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\TEMP:631CA307 [280] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2016-12-31 10:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2061720530-3619408701-3326269976-1000\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\WallMaster\WallMaster Wallpaper.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{7C0C0D20-DD74-4DB1-8F72-6262601547BE}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{2A031FD4-7307-42AD-B899-A66075C3845C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{E39E9A6C-D92A-4A03-A603-5A2E236DD45E}] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{3BB2D049-875C-4437-8B03-7DBF0722E0BA}] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{50680A4C-A432-47FD-AA31-F05719DFBAEE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0DA73C0E-77F4-430B-9FBB-FD9A71A7F151}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD55F771-09A1-4D76-AFF5-377AA0E457FA}] => C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe FirewallRules: [{1169E2F7-1B48-4EC6-BF86-AB95CF300A74}] => C:\Users\JDH\AppData\Local\Temp\7zS4926\hppiw.exe FirewallRules: [{0E9F4DFC-A289-46B9-97A9-8F6901D4EA62}] => C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe FirewallRules: [{0C89D318-0CF4-4A21-B1A2-7A9ABC353F60}] => C:\Users\JDH\AppData\Local\Temp\7zS4C87\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{10F61D4A-F6DC-4D6C-8EF2-26FB0E8F3161}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{21044246-F344-40F1-96A4-2EA44016A80C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{249625FF-8D9D-424E-A833-B4DEE9ED59B0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{72A0CDED-E5F9-4C1A-81E6-3D99A9CA8B65}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{DD7128F4-79E8-42B2-A5C9-9A3F0A9DC4D1}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{6AB1B723-A3EB-4BDB-81E4-315FBD35DE66}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{3DD061BA-3004-4025-99C8-27DC70A410F1}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{DEF4E321-6BB0-43B1-A6C3-3EDD5456D2CD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{504C4659-5212-45CE-A1F2-7731F363F8AB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{4064A8FB-565D-4515-9309-29036B715791}] => C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe FirewallRules: [{1FBE00E4-D7E5-4EB9-BB3C-3339B5DA6A1C}] => C:\Users\JDH\AppData\Local\Temp\7zS7FA5\hppiw.exe FirewallRules: [{08849F06-E964-4062-BA6F-ACB0F582D16F}] => C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe FirewallRules: [{7D073FE9-5DD5-4B0F-8078-77BFD2491D33}] => C:\Users\JDH\AppData\Local\Temp\7zS7FD2\HPDiagnosticCoreUI.exe FirewallRules: [{307F277F-1D96-4ABE-9E91-027B417320F2}] => C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe FirewallRules: [{B25BF34D-DAA5-4776-80C9-8D3187F63D76}] => C:\Users\JDH\AppData\Local\Temp\7zS0062\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{B2A3F07A-E2FD-4380-85CC-BB73E33950D9}C:\program files (x86)\kyodai mahjongg\kmj.exe] => C:\program files (x86)\kyodai mahjongg\kmj.exe FirewallRules: [UDP Query User{3FCF231A-8DDF-45BE-A51A-B2D83B0640A0}C:\program files (x86)\kyodai mahjongg\kmj.exe] => C:\program files (x86)\kyodai mahjongg\kmj.exe FirewallRules: [{2B6AE878-7ECC-4A71-803F-19B5EFC013A9}] => C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe FirewallRules: [{DF6ABE72-A16E-4B93-A617-E6045ABB6181}] => C:\Users\JDH\AppData\Local\Temp\7zS43C4\HPDiagnosticCoreUI.exe FirewallRules: [{2CAAB260-1994-4BA6-B047-C23875657B7D}] => C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe FirewallRules: [{50953EB0-3EFE-49F1-941B-A907F800D53C}] => C:\Users\JDH\AppData\Local\Temp\7zS4A77\HPDiagnosticCoreUI.exe FirewallRules: [{2FA51DA4-322E-49A1-B2FD-E3B7FCC347BB}] => C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe FirewallRules: [{CB010687-4C6E-4580-80E7-949DC48230A1}] => C:\Users\JDH\AppData\Local\Temp\7zS6EC3\HPDiagnosticCoreUI.exe FirewallRules: [{6BCE6265-AFA4-44AC-9C82-FD3781158E96}] => C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe FirewallRules: [{BFB6B92C-A56C-42C2-BFC6-4823E10BCB74}] => C:\Users\JDH\AppData\Local\Temp\7zS7163\hppiw.exe FirewallRules: [{1D7D6F58-2DFA-477D-802B-4AD99FC29554}] => C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe FirewallRules: [{29A948D2-B545-41B1-9B7C-B7A354C6B98B}] => C:\Users\JDH\AppData\Local\Temp\7zS7747\HPDiagnosticCoreUI.exe FirewallRules: [{1B7A3E61-3009-4A5B-B0E2-9F6844A2F25B}] => C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe FirewallRules: [{C0378B7E-E50A-4864-BD7A-C35EE4F884A8}] => C:\Users\JDH\AppData\Local\Temp\7zS2E77\hppiw.exe FirewallRules: [{85C3C47E-5916-438D-83B3-3D5C90CFA32A}] => C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe FirewallRules: [{547A1488-7577-40E6-92B5-41ACC17D7017}] => C:\Users\JDH\AppData\Local\Temp\7zS2EBB\HPDiagnosticCoreUI.exe FirewallRules: [{BA96B2B8-9EFC-43FE-9140-74D728A1D711}] => LPort=8888 ==================== Restore Points ========================= 12-02-2017 12:29:58 Instant Restore Point 13-02-2017 02:35:31 Instant Restore Point ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Deskjet 6980 series Description: Deskjet 6980 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/13/2017 05:54:43 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\JDH\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c). Error: (02/13/2017 03:12:50 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\JDH\Desktop\Look Here\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (02/13/2017 03:12:48 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\JDH\Desktop\Look Here\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (02/13/2017 03:09:30 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Instant Restore Point; Error = 0x800706be). Error: (02/13/2017 03:01:45 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\JDH\Desktop\Look Here\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (02/13/2017 03:01:37 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\JDH\Desktop\Look Here\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (02/13/2017 03:01:13 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Users\JDH\Desktop\Look Here\Security\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (02/13/2017 02:45:50 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/13/2017 02:39:45 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/13/2017 02:34:18 AM) (Source: CVI) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (02/13/2017 03:11:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. Error: (02/13/2017 03:11:35 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Error: (02/13/2017 03:11:34 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (02/13/2017 03:11:34 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/13/2017 03:11:30 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (02/13/2017 03:11:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21 Error: (02/13/2017 03:11:21 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/13/2017 03:11:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm cmdGuard discache ESProtectionDriver SASDIFSV SASKUTIL spldr Wanarpv6 Error: (02/13/2017 03:11:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. Error: (02/13/2017 03:11:06 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:09:48 AM on ‎2/‎13/‎2017 was unexpected. CodeIntegrity: =================================== Date: 2016-08-23 15:22:32.452 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:08.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:07.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:22:06.680 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:41.648 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:13.911 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:13.677 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdguard.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 15:11:11.961 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 09:53:39.799 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 05:35:47.346 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz Percentage of memory in use: 25% Total physical RAM: 8063.52 MB Available physical RAM: 5968.72 MB Total Virtual: 16125.21 MB Available Virtual: 14485.1 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:205.05 GB) (Free:87.07 GB) NTFS Drive d: (Storage) (Fixed) (Total:704.75 GB) (Free:336.3 GB) NTFS Drive h: (Big Backup) (Fixed) (Total:285.74 GB) (Free:150.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24764200) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.7 GB) - (Type=27) Partition 3: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=704.8 GB) - (Type=05) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 180F76C0) Partition 1: (Active) - (Size=285.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Faulty Win 7 machine

    I am running Win 7 Home fully updated. Last week things started to fall apart: Many programs failed to start intermittently, if I rebooted a program would start but another failed. Iran ESET, Avast, Super Anti Spyware, MBAM, I use Comodo as my fire wall. Eventually I could not boot. I tried system restore, Last known Good, Safe Mode and nothing. I used my rescue CD and restored a Macrium Backup from a couple of weeks ago. Every thing looks normal now.... but I am not confident. Is there any to check it out?
  10. This morning I sitting staring at my computer trying to remember if there was anything hadn't tried. so I went to: C>Users>JDH>Appdata and right clicked Take Ownership. The CMD window opened and ran for about 25 minutes. I tried to I install Seagate and it worked. I installed Macrium too. Restarted the computer and everything is good. Thanks for the help. JD
  11. Good morning, I found several padlocks on many files. I removed them all as per the article. No joy.
  12. C:\ProgramData\Microsoft\Windows\Start Menu Has many folders including Programs Inside the Start Menu is a folder Programs, it has a little padlock on the corner.
  13. Well. My C: ProgramData file has Microsoft>Windows>StartMenu Which is fulll of program folders. So am Iin the wrong place?
  14. C:Program Data When I open the folder it is full of program folders. When I take ownership, CMD flashes by.