CloseProcesses: CreateRestorePoint: ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001 -> {2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} URL = FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Task: {21B15D11-8455-4C1D-9995-1B0C6AA75ED1} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA -> No File <==== ATTENTION Task: {48F51147-570C-4DD3-8C77-81E666D64502} - \iuBrowserIEAgent -> No File <==== ATTENTION Task: {7C208350-963B-4153-9C8F-66305AAC9FFC} - \avast! Emergency Update -> No File <==== ATTENTION Task: {8203B501-C50C-4884-BA0D-D726E46933D5} - \iuEmailOutlookAgent -> No File <==== ATTENTION Task: {824A90F2-C971-4FDE-9A5D-588C0E8F5235} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core -> No File <==== ATTENTION Task: {83C734B5-469A-45DD-BCC5-D733073CB7E4} - \Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-500 -> No File <==== ATTENTION Task: {EA277481-FB33-4F73-8915-7B331FF40535} - \HIDMonitor -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\ProgramData\cisC9AA.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis87D6.exe <==== ATTENTION C:\ProgramData\cisC9AA.exe C:\ProgramData\cis87D6.exe AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup (1).msi:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup.msi:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\AdwCleaner.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19 15 (1).docx:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19 15.docx:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\cptsetup.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization.pdf:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\revosetup(1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdZnID AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service" CMD: bitsadmin /reset /allusers CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state off Emptytemp: