Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Clean up my Acer for Win10 upgrade

Started by mikegre , Aug 11 2015 12:32 PM

Acer Aspire S7-391 Windows 10 upgrade Malware Virus

This topic is locked

#1
mikegre

Posted 11 August 2015 - 12:32 PM

Member

Member
74 posts

Hi can someone please review my FRST Logs for my Acer Aspire S7-391 Windows 8.1. PC is still pretty speedy but I am notcing some performance lags now that I've used this pc for a year. I think something could be in my system because i'm having small issues (i.e. keyboard jumping, slow program starts, commands like copy & paste not working properly,etc. ) which suggest I might have something in my system. I use this PC for work and whne I travel I also do a fair amount of streaming (tv show sites, live sport sites, etc.) with this laptop also.

You will see that I am currently using Comodo Internet security and purchased their canned PC Tune up product. Their PC tune up constantly finds issues with this PC. Comodo tech support has performed cleanup to fix isolated issues (unable to log onto internet was most recent issue). They did not use FRST, VEW,exe, Combofix or other tools that I know Geeks to Go pros use. although I've have a 5 year subscription to Comodo if you advise that I discontinue I will.

I want to make sure my system is clean before i do a Windows 10 upgrade. This PC comes with a 120GB SSD which I have used nearly 90% so along with backing up and removing old files, I also want to remove any software that is not needed i.e. create as much space on the HD as possible.

Thanks in advance for the assistance!

My FRST Log (8/11/15 2:15pm)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015
Ran by leg0817 (administrator) on TEST (11-08-2015 14:15:23)
Running from C:\Users\leg0817\Desktop
Loaded Profiles: leg0817 (Available Profiles: leg0817)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\PC TuneUP\CPluginService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Google Inc.) C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(acer) C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\PC TuneUP\CPCTuneUp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\8f36b36c5f97d84a69eedf4ec27435ec\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$Windows.~BT\Sources\SetupHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4e.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-05] (COMODO)
HKLM\...\Run: [COMODO PC TuneUp] => C:\Program Files\COMODO\PC TuneUP\CPCTuneUp.exe [9851080 2015-07-12] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-08-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-12] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google Update] => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-12-14] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google+ Auto Backup] => C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2674528 2015-07-28] (Acer)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [2239840 2015-07-28] (acer)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar0.lnk [2015-07-29]
ShortcutTarget: Sidebar0.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-07-16]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\leg0817\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001 -> {2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B849D8C0-5794-4CCC-BAB4-7F0C1E5299AE}: [DhcpNameServer] 172.20.4.1
Tcpip\..\Interfaces\{EA7CFF0C-25F4-4492-9852-C6035B31D70F}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=3 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=9 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: panasonic.aero/PanasonicDrmPlugin-2 -> C:\Users\leg0817\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Media Plugin\2.0.1.0\npPanasonicDrmPlugin.dll [2014-12-12] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-03] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-15]
FF Extension: Adblock Edge - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-07-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Profile: C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (World Cities Travel Distance) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnjfdpibdkfphjoeohdbhggjpgpknpk [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02]
CHR Extension: (Google Wallet) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Adblock Pro) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-15]

Opera:
=======
OPR Extension: (whochan) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\moefjfjeieehgdpklgbmbeihffhhaeek [2015-02-15]
OPR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-03] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-28] (Acer Incorporated)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1995448 2015-07-03] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-07-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-05] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-05] (COMODO)
R2 CPluginService; C:\Program Files\COMODO\PC TuneUP\CPluginService.exe [2282696 2015-07-12] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-26] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-01-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-12] (Dritek System INC.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-07-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-12] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 easytether; \SystemRoot\system32\DRIVERS\easytthr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 14:15 - 2015-08-11 14:15 - 00025195 _____ C:\Users\leg0817\Desktop\FRST.txt
2015-08-11 14:13 - 2015-08-11 14:13 - 02172416 _____ (Farbar) C:\Users\leg0817\Desktop\FRST64.exe
2015-08-07 12:24 - 2015-08-07 12:24 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-07 12:21 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files\iTunes
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files\iPod
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-07 12:13 - 2015-08-07 12:43 - 00055161 _____ C:\Users\leg0817\Downloads\Addition.txt
2015-08-07 12:12 - 2015-08-07 12:43 - 00057154 _____ C:\Users\leg0817\Downloads\FRST.txt
2015-08-07 12:10 - 2015-08-11 14:15 - 00000000 ____D C:\FRST
2015-08-07 12:10 - 2015-08-07 12:10 - 02170368 _____ (Farbar) C:\Users\leg0817\Downloads\FRST64.exe
2015-08-07 12:05 - 2015-08-07 12:05 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508(1).exe
2015-07-29 20:29 - 2015-07-29 20:29 - 00000000 ___HD C:\OneDriveTemp
2015-07-29 15:15 - 2015-07-29 15:15 - 00002004 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-07-29 12:42 - 2015-07-29 12:42 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-07-29 12:42 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-29 12:41 - 2015-07-29 12:41 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-28 22:42 - 2015-07-28 22:42 - 05633622 _____ (Swearware) C:\Users\leg0817\Downloads\ComboFix.exe
2015-07-28 22:35 - 2015-07-28 22:35 - 02248704 _____ C:\Users\leg0817\Downloads\AdwCleaner.exe
2015-07-28 22:32 - 2015-07-28 22:32 - 00002056 _____ C:\Users\Public\Desktop\abFiles.lnk
2015-07-28 00:30 - 2015-07-28 00:30 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2015-07-28 00:29 - 2015-07-28 00:29 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2015-07-28 00:27 - 2015-07-28 00:29 - 00002031 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-07-27 11:40 - 2015-07-27 11:42 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508.exe
2015-07-26 18:35 - 2015-07-29 12:40 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-26 18:34 - 2015-07-26 18:35 - 11032736 _____ (SurfRight B.V.) C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe
2015-07-23 21:01 - 2015-07-23 21:01 - 10801480 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe
2015-07-23 20:54 - 2015-07-23 20:54 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe
2015-07-23 20:35 - 2015-07-23 20:35 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-07-23 20:35 - 2015-07-23 20:35 - 00001100 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-07-23 20:35 - 2015-07-23 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-07-23 20:35 - 2015-07-23 20:35 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-23 20:13 - 2015-07-23 20:13 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(2).exe
2015-07-23 20:11 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe
2015-07-23 18:24 - 2015-07-23 18:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\leg0817\Downloads\revosetup(1).exe
2015-07-23 15:28 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe
2015-07-21 12:30 - 2015-07-21 12:33 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-20 13:52 - 2015-07-20 13:52 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:40 - 2015-07-16 12:41 - 00000000 ____D C:\Users\leg0817\Documents\Professional Affiliations
2015-07-16 11:42 - 2015-07-16 11:42 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-07-16 11:34 - 2015-07-16 11:36 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-07-16 11:33 - 2015-07-16 11:42 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\VERIZON
2015-07-16 11:33 - 2015-07-16 11:33 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\SelfMV
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\samsung
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-16 11:27 - 2015-07-16 11:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-07-16 11:27 - 2015-07-16 11:27 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-07-16 11:26 - 2015-07-16 11:37 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-16 11:26 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Samsung
2015-07-16 11:26 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-07-16 11:17 - 2015-07-16 11:18 - 43832704 _____ (Samsung Electronics Co., Ltd.) C:\Users\leg0817\Downloads\Kies3Setup.exe
2015-07-15 11:52 - 2015-07-27 11:38 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-07-15 10:54 - 2015-07-15 10:54 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 10:17 - 2015-07-14 10:17 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-07-12 02:26 - 2015-07-12 02:27 - 00002228 _____ C:\Users\leg0817\Desktop\Trust Connect.lnk
2015-07-12 02:06 - 2015-07-12 03:34 - 00002257 _____ C:\Users\leg0817\Desktop\Popcorn Time.lnk
2015-07-12 02:03 - 2015-07-12 02:03 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-07-12 02:01 - 2015-07-12 02:03 - 00000000 ____D C:\Users\leg0817\AppData\Local\Popcorn Time
2015-07-12 01:57 - 2015-07-12 01:58 - 29103264 _____ (Popcorn Official) C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe
2015-07-12 00:49 - 2015-07-12 00:49 - 00000661 _____ C:\Users\leg0817\Desktop\PCTuneUp.lnk
2015-07-12 00:49 - 2015-07-12 00:49 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-12 00:48 - 2015-07-12 00:48 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\leg0817\Downloads\cptsetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 14:12 - 2015-07-02 23:39 - 01762708 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 14:10 - 2015-07-09 10:54 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-08-11 14:02 - 2015-03-19 21:24 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A422D98-ED70-4628-8B09-E086B7BA709E}
2015-08-11 14:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-11 13:59 - 2015-07-10 00:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\Sidebar7
2015-08-10 15:27 - 2013-10-22 23:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-10 15:06 - 2015-07-09 23:02 - 00433778 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-08-10 15:05 - 2015-03-06 12:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-1001
2015-08-10 14:58 - 2014-12-14 00:42 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job
2015-08-10 14:56 - 2015-06-24 21:39 - 00000000 ____D C:\Users\leg0817\AppData\Local\Popcorn-Time
2015-08-10 14:54 - 2015-07-02 01:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 14:41 - 2015-07-09 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-07 14:10 - 2013-11-07 02:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-07 12:48 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-07 12:27 - 2013-09-09 23:15 - 00000000 ____D C:\Users\leg0817\AppData\Local\CrashDumps
2015-08-07 12:26 - 2015-03-10 15:20 - 00003822 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424028767
2015-08-07 12:26 - 2015-03-10 15:18 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-07 12:26 - 2015-02-15 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 12:21 - 2013-10-29 23:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-07 12:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-02 19:02 - 2015-02-16 23:42 - 00000000 ____D C:\Users\leg0817\Documents\Resume
2015-08-02 19:00 - 2013-08-29 22:04 - 00000000 ____D C:\Users\leg0817\AppData\Local\Packages
2015-08-02 17:58 - 2014-12-14 00:42 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job
2015-08-02 17:54 - 2014-12-10 02:44 - 00000000 ____D C:\Users\leg0817\Documents\L job search
2015-07-29 20:31 - 2013-09-30 00:04 - 01172616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-29 15:15 - 2012-11-27 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-07-29 15:10 - 2013-12-02 01:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\clear.fi
2015-07-29 13:28 - 2015-07-02 01:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 13:28 - 2014-11-30 22:16 - 00013824 ___SH C:\Users\leg0817\Desktop\Thumbs.db
2015-07-29 13:28 - 2014-01-25 19:13 - 00000000 ___DO C:\Users\leg0817\SkyDrive
2015-07-29 12:48 - 2015-07-02 23:43 - 00004588 _____ C:\WINDOWS\setupact.log
2015-07-29 12:48 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-29 12:48 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-29 12:44 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 22:37 - 2015-01-28 14:16 - 00000000 ____D C:\AdwCleaner
2015-07-28 00:29 - 2012-11-27 22:14 - 00000000 ____D C:\Program Files (x86)\Acer
2015-07-28 00:29 - 2012-11-27 22:08 - 00000000 ____D C:\OEM
2015-07-26 15:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-25 18:22 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 20:55 - 2015-02-03 09:53 - 00139264 ___SH C:\Users\leg0817\Downloads\Thumbs.db
2015-07-23 20:34 - 2015-01-04 19:41 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-23 15:17 - 2014-12-11 22:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-23 13:57 - 2015-07-02 23:43 - 00010856 _____ C:\WINDOWS\PFRO.log
2015-07-21 13:27 - 2014-01-07 02:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-21 13:25 - 2014-01-07 02:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-21 13:18 - 2013-08-22 09:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-07-21 12:48 - 2013-09-18 23:14 - 00000000 ____D C:\Users\leg0817\AppData\Local\Adobe
2015-07-21 12:47 - 2013-10-22 23:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-21 10:51 - 2014-02-10 18:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-21 10:50 - 2014-12-30 14:45 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-21 10:36 - 2013-08-22 10:44 - 00481832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 10:34 - 2015-04-24 23:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-21 10:34 - 2014-12-11 01:30 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-20 15:29 - 2013-09-10 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 15:25 - 2013-09-10 07:24 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 12:26 - 2015-07-06 11:53 - 00000000 ____D C:\Users\leg0817\Documents\computer tech support
2015-07-16 11:37 - 2014-02-17 16:05 - 00000000 ____D C:\ProgramData\Samsung
2015-07-16 11:37 - 2012-11-27 22:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-16 11:00 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-16 09:49 - 2015-07-02 01:44 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:49 - 2015-07-02 01:44 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-12 02:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 00:49 - 2015-07-03 22:28 - 00000000 ____D C:\Program Files\COMODO

==================== Files in the root of some directories =======

2015-07-10 00:25 - 2015-07-10 00:25 - 0000092 _____ () C:\Users\leg0817\AppData\Roaming\Control System_Settings.ini
2014-12-04 14:35 - 2014-12-04 14:35 - 0206847 _____ () C:\Users\leg0817\AppData\Local\ars.cache
2014-12-04 14:35 - 2014-12-04 14:35 - 0262803 _____ () C:\Users\leg0817\AppData\Local\census.cache
2014-12-04 14:05 - 2014-12-04 14:05 - 0000036 _____ () C:\Users\leg0817\AppData\Local\housecall.guid.cache
2015-01-02 17:22 - 2015-01-02 17:22 - 0007891 _____ () C:\Users\leg0817\AppData\Local\HWVendorDetection.log
2015-07-09 23:16 - 2015-07-09 23:16 - 0000414 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat
2015-07-09 23:16 - 2015-07-09 23:16 - 0000339 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat
2015-07-09 23:34 - 2015-07-09 23:35 - 0007616 _____ () C:\Users\leg0817\AppData\Local\resmon.resmoncfg
2014-12-04 14:21 - 2014-12-04 14:21 - 0000010 _____ () C:\Users\leg0817\AppData\Local\sponge.last.runtime.cache
2012-12-12 06:43 - 2012-12-12 06:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-07 13:06

==================== End of log ============================

Additions Log (as of 8 11 15 2:15pm)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015
Ran by leg0817 (2015-08-11 14:16:36)
Running from C:\Users\leg0817\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1462625325-2191386878-1537581567-500 - Administrator - Disabled)
Guest (S-1-5-21-1462625325-2191386878-1537581567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1462625325-2191386878-1537581567-1012 - Limited - Enabled)
leg0817 (S-1-5-21-1462625325-2191386878-1537581567-1001 - Administrator - Enabled) => C:\Users\leg0817

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{CA2865AD-EFF4-44F0-A2C9-DCDC0A90F27E}) (Version: 14.0.0 - Helmut Buhler)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.04.2002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 43.3.3.176 - Comodo)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
COMODO Internet Security Pro (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version: - COMODO)
CPCTuneUp (HKLM\...\{FC4D0316-D3D8-4c07-9E45-7A2A4D75E069}) (Version: 1.0.265884.46 - COMODO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.9.001_WHQL (HKLM\...\Elantech) (Version: 11.6.9.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM\...\{3DA2EB59-FB68-4383-9A3B-B348521367C7}) (Version: 4.19.137 - Comodo Security Solutions Inc)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.67.5221 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HID Monitor (HKLM-x32\...\{B1F1F086-E43B-4F41-B916-E9212E81EBEC}) (Version: 1.1.3 - Acer Incorporated)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.6 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.110.06300 (HKLM-x32\...\{15023164-F226-9ECA-D0CB-59AB4B40D222}) (Version: 2.12.110.06300 - Sony)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panasonic DRM Media Plugin (HKLM-x32\...\{5C10E7CA-654F-4F85-8D8F-B1893C7D83C7}) (Version: 2.0.1.0 - Panasonic Avionics Corporation)
Popcorn Time (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Popcorn Time) (Version: - Popcorn Official)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.23 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

26-07-2015 21:53:44 Checkpoint by HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-09 10:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E5A6D4-10EA-45A4-8140-0A37573322B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {16FED531-AEAE-454C-910D-A05711259B6F} - System32\Tasks\Opera scheduled Autoupdate 1424028767 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-07] (Opera Software)
Task: {21B15D11-8455-4C1D-9995-1B0C6AA75ED1} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA -> No File <==== ATTENTION
Task: {2564271D-EF4A-4C26-977A-71C2636BBE73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2578307C-2976-4BC8-961B-0608145CBF61} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {26603552-B166-4281-B411-BFECA84B6D5A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {3236125D-34DF-46D0-9F4E-AB3BEAF96F0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-20] (Microsoft Corporation)
Task: {3708E5CA-4950-4F57-89C5-80BDAC5943EF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TEST-leg0817 test => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {379F2CBA-8D53-4A45-8AD3-806DAFB40340} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-28] (Acer Incorporated)
Task: {42C8B2E7-663C-4D2C-AFA3-4F33C48C64E8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {43EEE8A4-5484-4432-9CB9-6DB43D98B4C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {463B8557-467B-41E2-81D2-A4745FFCBD19} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {48F51147-570C-4DD3-8C77-81E666D64502} - \iuBrowserIEAgent -> No File <==== ATTENTION
Task: {5630F00F-3F90-4A04-B989-1E6D0D6B6997} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {583A925B-6285-4E18-A92B-603A24120367} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {782B86E0-A6A8-4935-9E48-D745F94F02CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-21] (Adobe Systems Incorporated)
Task: {7C208350-963B-4153-9C8F-66305AAC9FFC} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {8203B501-C50C-4884-BA0D-D726E46933D5} - \iuEmailOutlookAgent -> No File <==== ATTENTION
Task: {824A90F2-C971-4FDE-9A5D-588C0E8F5235} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core -> No File <==== ATTENTION
Task: {83C734B5-469A-45DD-BCC5-D733073CB7E4} - \Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-500 -> No File <==== ATTENTION
Task: {A8C0EFAC-FCD2-4EB6-B3AF-F67B0D9F740C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB377136-AF0C-46A4-9C19-D2D9EA67C250} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-05] (COMODO)
Task: {B5F9CA2E-8AEF-47AE-AAD5-376FB2063DAF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-07-28] (Acer)
Task: {BFB9E0B7-E302-429D-A270-52E784B7B5B7} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {C15F083B-1AAF-4133-B1F8-A7CEE24A8D7B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {EA277481-FB33-4F73-8915-7B331FF40535} - \HIDMonitor -> No File <==== ATTENTION
Task: {EDE87673-29CA-419A-8E78-74E081EB4D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {F763C984-7765-4011-BE8A-7FFE00DF92DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\ProgramData\cisC9AA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis87D6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-07 08:12 - 2013-02-07 08:12 - 00848584 _____ () C:\Program Files\COMODO\PC TuneUP\Plugins\RegistryScannerPlugin.dll
2013-12-24 03:22 - 2013-12-24 03:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 03:20 - 2013-12-24 03:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 03:26 - 2013-12-24 03:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-02-07 08:01 - 2013-02-07 08:01 - 00518144 _____ () C:\Program Files\COMODO\PC TuneUP\ForceDelete.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-12-12 06:41 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-12 18:29 - 2014-08-12 18:29 - 03219456 _____ () C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00201568 _____ () C:\Program Files (x86)\Acer\abFiles\curllib.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00118112 _____ () C:\Program Files (x86)\Acer\abFiles\OpenLDAP.dll
2015-05-08 13:41 - 2015-05-08 13:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 13:41 - 2015-05-08 13:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 13:41 - 2015-05-08 13:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 13:41 - 2015-05-08 13:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-28 00:29 - 2015-07-28 00:29 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-10-01 19:56 - 2012-10-01 19:56 - 00196224 _____ () C:\Program Files (x86)\Microsoft Office\Office15\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup (1).msi:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup.msi:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19 15 (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19 15.docx:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\cptsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization.pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\revosetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F5A6AC51-87F1-474A-BFAD-E7234080CBA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42025745-091F-40A3-96C3-37345EF1BC14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59E8BA79-9D9F-4B81-9FB7-B67B700B3D45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{110FB211-72CF-40B5-9D8B-CA2DA08FE7C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5E26414-4F63-4E7B-8CA4-4DF7F97910D2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{338AC657-57B1-4D08-9B52-465DBA725461}] => (Allow) LPort=1900
FirewallRules: [{4A60CAD2-CCC5-4E96-B40C-EDFB0794581E}] => (Allow) LPort=2869
FirewallRules: [{0435D45E-3E1E-40C2-89D8-0AE1A2FD6B44}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B98F17AB-D5A4-4FCE-9572-A5FB84F4A761}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{25F1D2DB-0C1A-4C75-8D39-EE93F7649FA9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F3ECDE7A-5F23-4152-A325-4EE1CFF9C9E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{71C82661-F6A7-4D2E-A6BE-C603C5D251DC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{20B13575-C8CF-4898-9D7E-18835FC0A2C9}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{76401094-34BF-45F3-BA0D-7390669E008F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{E5081027-1392-4552-B30F-AC93E82115F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B11B137F-65C5-41E4-B8EF-C3B7F057785F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7592A0B1-91E2-414A-8849-6CE7071E6E42}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1522BD40-971A-48C4-A35F-5F9F1351EE0F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8EBBDEC0-C750-4137-9972-449B78DC54CB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{EC9AF4E6-E628-4D80-8762-2210511282B4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{517E2B41-39ED-4188-A322-526224CE74D2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{54EF7503-21DC-41ED-839C-F8A2F0F8A30F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6315AB28-C06B-466C-AC2A-8B264D481B8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C59A0782-1148-4663-BFE8-9FBC282EA92A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC53697B-14EB-417F-9F5B-5CDA2A2FB5E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{68C3F216-E640-4E9D-8E6F-203328EF147C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AC49D79A-8D7B-4B74-A154-5D4A42C7E884}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{69F1C671-2B2E-4F12-B264-D687E5EEFF80}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CB58B12B-0121-48A5-BEC1-2CC635D554FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D9AA5294-867D-49A0-AB33-345D2BA5DACD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ED59C6F0-A38E-47C8-93E5-FDAF79C0FBDA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{47F50968-BD80-412A-B0E7-78F95772D1F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{71502E00-80A6-4D75-8435-D2987CADE603}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D6DF0F8F-FE04-4504-A115-BF94BC5605EF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{243D3C2D-BA2D-4CFE-8671-E9174B5718DB}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{9B13B804-49AB-4FEF-A990-208716C0C907}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{DF1C6356-E630-4F12-B933-3F73E8006D4D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{67B62341-ABE0-4B0F-A698-A1C25B32DE13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4292062C-A168-4A55-B84C-BB7C59A92FF2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FD26563F-A422-4409-9F66-2D5EAB4AAA22}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5AF2EA6B-C5C7-4294-9EDE-86D61B4C4E73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0C998A44-606E-4CCD-A186-00392E066586}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{23ADADF1-05AD-49BB-A562-A56E67DB35F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C63412D3-A514-401B-B411-C5B0C117943F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B440E90C-80D8-46D9-B2DE-67C292CC3FFE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3877E9FB-1455-47A1-89C0-548B6E2F3CD9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A95C816F-7B6D-4585-8B3A-42AB89C80CC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{22DC4A9F-EB75-4DC7-95B0-E4133344ACA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D0E53FFD-5131-4089-A987-19ACD1E90CF0}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => (Allow) C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe
FirewallRules: [UDP Query User{0EED4B1B-37FA-41B5-AB39-4D401EE27588}C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe] => (Allow) C:\program files (x86)\comodo\trustconnect\bin\trustconnectgui.exe
FirewallRules: [TCP Query User{4B0CBBC8-C890-4F70-8702-858500190815}C:\users\leg0817\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\leg0817\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{88969891-B2D9-45CD-9D67-D92B6F7F64FD}C:\users\leg0817\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\leg0817\appdata\local\popcorn time\nw.exe
FirewallRules: [{FA26E985-71B4-4A65-96B2-E0ACE5E2954B}] => (Block) C:\users\leg0817\appdata\local\popcorn time\nw.exe
FirewallRules: [{AF39CCDB-6005-4805-9764-919732FE1F25}] => (Block) C:\users\leg0817\appdata\local\popcorn time\nw.exe
FirewallRules: [{D5B23E7C-7EB4-4418-B2CB-F0055993CB04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0E4E5724-B7EC-449D-9151-383CB5C9508E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2E82DD43-C3E0-4737-8986-92D8351B4D33}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FC1CF0EA-7662-4586-AE55-02F7E12CEB40}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3F26BD4B-C5ED-48C5-9A9F-5BB600717FD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C60A4B9C-96EB-485E-B425-7CBB5E0AAF12}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B608CE5E-4587-4149-A8AB-C20299156717}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A447B7AA-5EB3-44FD-A9A3-1D3689F20A44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D81B81BB-23BA-4212-86D5-6C8D6A82E287}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E7438835-F3DE-4517-8EC5-2F38AEA3030A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7234

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7234

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:40:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5765

System errors:
=============
Error: (08/10/2015 02:28:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/10/2015 01:21:00 PM) (Source: DCOM) (EventID: 10010) (User: TEST)
Description: App.AppX6yygnwabebypxjc6bx7wvtens09wztyw.wwa

Error: (08/10/2015 01:19:05 PM) (Source: DCOM) (EventID: 10001) (User: TEST)
Description: "C:\WINDOWS\syswow64\backgroundTaskHost.exe" -ServerName:App.AppXkrktarsky4b3chn7fvc7fne5zr9p5eky.mca31App.AppX40zwavbnba98t3d64qg4hkdacphaqac3.mcaUnavailableUnavailable

Error: (08/10/2015 01:19:00 PM) (Source: DCOM) (EventID: 10001) (User: TEST)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (08/10/2015 01:18:52 PM) (Source: DCOM) (EventID: 10010) (User: TEST)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (08/10/2015 01:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (08/10/2015 01:18:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (08/02/2015 05:28:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Error: (08/02/2015 05:28:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (07/29/2015 09:47:37 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Microsoft Office:
=========================
Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7234

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7234

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:40:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5765

CodeIntegrity:
===================================
Date: 2015-08-03 13:21:14.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 13:13:18.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-02 19:00:13.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-02 17:54:58.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 13:28:44.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 21:47:37.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 20:30:53.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 15:29:10.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 15:18:09.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 13:29:06.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 68%
Total physical RAM: 3911.28 MB
Available physical RAM: 1214.13 MB
Total Virtual: 9799.28 MB
Available Virtual: 5851.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:108.03 GB) (Free:12.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 14A6250F)

Partition: GPT.

==================== End of log ============================

Edited by mikegre, 11 August 2015 - 12:37 PM.

#2
zep516

Posted 11 August 2015 - 06:50 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Some items to clean up in log;
Download the enclosed

fixlist.txt 14.11KB 322 downloads file. Save it in the location FRST is. Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

#3
mikegre

Posted 11 August 2015 - 08:36 PM

Member

Topic Starter
Member
74 posts

FRST Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by leg0817 (2015-08-11 22:23:54) Run:1
Running from C:\Users\leg0817\Desktop\FRST
Loaded Profiles: leg0817 (Available Profiles: leg0817)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001 -> {2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} URL =
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Task: {21B15D11-8455-4C1D-9995-1B0C6AA75ED1} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA -> No File <==== ATTENTION
Task: {48F51147-570C-4DD3-8C77-81E666D64502} - \iuBrowserIEAgent -> No File <==== ATTENTION
Task: {7C208350-963B-4153-9C8F-66305AAC9FFC} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {8203B501-C50C-4884-BA0D-D726E46933D5} - \iuEmailOutlookAgent -> No File <==== ATTENTION
Task: {824A90F2-C971-4FDE-9A5D-588C0E8F5235} - \GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core -> No File <==== ATTENTION
Task: {83C734B5-469A-45DD-BCC5-D733073CB7E4} - \Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-500 -> No File <==== ATTENTION
Task: {EA277481-FB33-4F73-8915-7B331FF40535} - \HIDMonitor -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\ProgramData\cisC9AA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis87D6.exe <==== ATTENTION
C:\ProgramData\cisC9AA.exe
C:\ProgramData\cis87D6.exe
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup (1).msi:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\8GadgetPackSetup.msi:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15 (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15.docx:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\cptsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Emory Healthcare Authorization.pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\revosetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Emptytemp:
*****************

Processes closed successfully.
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6}" => key removed successfully
HKCR\CLSID\{2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21B15D11-8455-4C1D-9995-1B0C6AA75ED1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B15D11-8455-4C1D-9995-1B0C6AA75ED1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48F51147-570C-4DD3-8C77-81E666D64502}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F51147-570C-4DD3-8C77-81E666D64502}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iuBrowserIEAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C208350-963B-4153-9C8F-66305AAC9FFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C208350-963B-4153-9C8F-66305AAC9FFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8203B501-C50C-4884-BA0D-D726E46933D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8203B501-C50C-4884-BA0D-D726E46933D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iuEmailOutlookAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{824A90F2-C971-4FDE-9A5D-588C0E8F5235}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{824A90F2-C971-4FDE-9A5D-588C0E8F5235}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83C734B5-469A-45DD-BCC5-D733073CB7E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83C734B5-469A-45DD-BCC5-D733073CB7E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA277481-FB33-4F73-8915-7B331FF40535}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA277481-FB33-4F73-8915-7B331FF40535}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HIDMonitor" => key removed successfully
C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => moved successfully.
C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => moved successfully.
"C:\ProgramData\cisC9AA.exe" => File/Folder not found.
"C:\ProgramData\cis87D6.exe" => File/Folder not found.
"C:\WINDOWS\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\devinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\invagent.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\usbaaplrc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\werdiagcontroller.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuauclt.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuaueng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wucltux.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WUSettingsProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthenum.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthport.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\BTHUSB.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ndis.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\revoflt.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\usbaapl64.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\Users\leg0817\SkyDrive => ":ms-properties" ADS removed successfully.
"C:\Users\leg0817\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Desktop\FRST64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\8GadgetPackSetup (1).msi => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\8GadgetPackSetup.msi => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\AdwCleaner.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15 (1).docx => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15.docx => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\ccsetup508(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\ccsetup508(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\ccsetup508.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\ccsetup508.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\ComboFix.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\cptsetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\Emory Healthcare Authorization (1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\Emory Healthcare Authorization.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\FRST64.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\Kies3Setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\Kies3Setup.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\leg0817\Downloads\revosetup(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\spsetup128.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\spsetup128.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\TomsInstaller(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\TomsInstaller(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Downloads\TomsInstaller.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Downloads\TomsInstaller.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat" => ":$CmdTcID" ADS not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\myradioplayer" => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {26452BD3-684F-4EB0-95FC-60CE93E9A8CE}.
Unable to cancel {DB54FD4B-26A9-4609-BBFA-0EC067264533}.
Unable to cancel {597BD9C9-269B-45DF-B8FF-A091B457DE4D}.
Unable to cancel {A0868FBE-B55D-4DBD-B5BC-091B7F26F60E}.
{FB1CD1AA-775A-46B6-9952-36EAF774CAE5} canceled.
{91C94978-BC28-4F07-9155-8917CC913AAD} canceled.
{A4C7B71F-87C6-494D-BBAC-25E2DE3BDAA6} canceled.
{BD04FC7F-0366-4639-8880-5FD131910D09} canceled.
{8EDAA4C9-4437-421E-A86C-413F973517C1} canceled.
{07615CC8-0609-4B3A-9022-239391B8D39D} canceled.
Unable to cancel {4E29C032-F8D1-46CC-AE90-644D9C010546}.
Unable to cancel {569D385C-471D-49BE-B32A-D8ED0BF22F0E}.
6 out of 12 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state off =========

Ok.

========= End of CMD: =========

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key not found.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key not found.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key not found.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} => key not found.
HKCR\CLSID\{2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B15D11-8455-4C1D-9995-1B0C6AA75ED1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F51147-570C-4DD3-8C77-81E666D64502} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iuBrowserIEAgent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C208350-963B-4153-9C8F-66305AAC9FFC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8203B501-C50C-4884-BA0D-D726E46933D5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iuEmailOutlookAgent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{824A90F2-C971-4FDE-9A5D-588C0E8F5235} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83C734B5-469A-45DD-BCC5-D733073CB7E4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-500 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA277481-FB33-4F73-8915-7B331FF40535} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HIDMonitor => key not found.
C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job not found.
C:\WINDOWS\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job not found.
"C:\ProgramData\cisC9AA.exe" => File/Folder not found.
"C:\ProgramData\cis87D6.exe" => File/Folder not found.
"C:\WINDOWS\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\devinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\invagent.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\usbaaplrc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\werdiagcontroller.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuauclt.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuaueng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wucltux.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WUSettingsProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthenum.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthport.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\BTHUSB.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ndis.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\revoflt.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\usbaapl64.sys" => ":$CmdTcID" ADS not found.
"C:\ProgramData\Reprise" => ":wupeogjxldtlfudivq`qsp`26hfm" ADS not found.
"C:\Users\leg0817\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\leg0817\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Desktop\FRST64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\8GadgetPackSetup (1).msi" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\8GadgetPackSetup.msi" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\AdwCleaner.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15 (1).docx" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Campbell High - School Council Agenda June 2015 draft 6 19   15.docx" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ComboFix.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\cptsetup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Emory Healthcare Authorization (1).pdf" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Emory Healthcare Authorization.pdf" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Kies3Setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Kies3Setup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\revosetup(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\spsetup128.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\spsetup128.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller(1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller.exe" => ":$CmdZnID" ADS not found.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat" => ":$CmdTcID" ADS not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => key not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {26452BD3-684F-4EB0-95FC-60CE93E9A8CE}.
Unable to cancel {DB54FD4B-26A9-4609-BBFA-0EC067264533}.
Unable to cancel {597BD9C9-269B-45DF-B8FF-A091B457DE4D}.
Unable to cancel {A0868FBE-B55D-4DBD-B5BC-091B7F26F60E}.
Unable to cancel {4E29C032-F8D1-46CC-AE90-644D9C010546}.
Unable to cancel {569D385C-471D-49BE-B32A-D8ED0BF22F0E}.
0 out of 6 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state off =========

Ok.

========= End of CMD: =========

EmptyTemp: => 983.2 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 22:30:29 ====

FRST Log after Fixlist applied

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by leg0817 (administrator) on TEST (11-08-2015 22:38:58)
Running from C:\Users\leg0817\Desktop\FRST
Loaded Profiles: leg0817 (Available Profiles: leg0817)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\PC TuneUP\CPluginService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(acer) C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\leg0817\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-05] (COMODO)
HKLM\...\Run: [COMODO PC TuneUp] => C:\Program Files\COMODO\PC TuneUP\CPCTuneUp.exe [9851080 2015-07-12] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-08-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-12] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google Update] => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-12-14] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google+ Auto Backup] => C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2674528 2015-07-28] (Acer)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [2239840 2015-07-28] (acer)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar752.lnk [2015-08-11]
ShortcutTarget: Sidebar752.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-07-16]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\leg0817\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B849D8C0-5794-4CCC-BAB4-7F0C1E5299AE}: [DhcpNameServer] 172.20.4.1
Tcpip\..\Interfaces\{EA7CFF0C-25F4-4492-9852-C6035B31D70F}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=3 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=9 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: panasonic.aero/PanasonicDrmPlugin-2 -> C:\Users\leg0817\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Media Plugin\2.0.1.0\npPanasonicDrmPlugin.dll [2014-12-12] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-03] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-15]
FF Extension: Adblock Edge - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-07-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-10]

Chrome:
=======
CHR Profile: C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (World Cities Travel Distance) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnjfdpibdkfphjoeohdbhggjpgpknpk [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02]
CHR Extension: (Google Wallet) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Adblock Pro) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-15]

Opera:
=======
OPR Extension: (whochan) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\moefjfjeieehgdpklgbmbeihffhhaeek [2015-02-15]
OPR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-03] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-28] (Acer Incorporated)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1995448 2015-07-03] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-07-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-05] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-05] (COMODO)
R2 CPluginService; C:\Program Files\COMODO\PC TuneUP\CPluginService.exe [2282696 2015-07-12] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-26] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-01-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-12] (Dritek System INC.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-07-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-08-11] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-12] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 easytether; \SystemRoot\system32\DRIVERS\easytthr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 22:38 - 2015-08-11 22:38 - 00002008 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-08-11 14:46 - 2015-08-11 14:46 - 00000957 _____ C:\Users\leg0817\Desktop\PerformanceTest.lnk
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Users\leg0817\Documents\PassMark
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Users\leg0817\AppData\Local\PassMark
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Program Files\PerformanceTest
2015-08-11 14:41 - 2015-08-11 22:30 - 00000000 ____D C:\Users\leg0817\Desktop\FRST
2015-08-11 14:40 - 2015-08-11 14:41 - 26935504 _____ (Passmark Software ) C:\Users\leg0817\Desktop\petst.exe
2015-08-10 14:41 - 2015-08-11 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-07 12:24 - 2015-08-07 12:24 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-07 12:21 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files\iTunes
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files\iPod
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-07 12:13 - 2015-08-07 12:43 - 00055161 _____ C:\Users\leg0817\Downloads\Addition.txt
2015-08-07 12:12 - 2015-08-07 12:43 - 00057154 _____ C:\Users\leg0817\Downloads\FRST.txt
2015-08-07 12:10 - 2015-08-11 22:39 - 00000000 ____D C:\FRST
2015-08-07 12:10 - 2015-08-07 12:10 - 02170368 _____ (Farbar) C:\Users\leg0817\Downloads\FRST64.exe
2015-08-07 12:05 - 2015-08-07 12:05 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508(1).exe
2015-07-29 20:29 - 2015-07-29 20:29 - 00000000 ___HD C:\OneDriveTemp
2015-07-29 15:15 - 2015-07-29 15:15 - 00002004 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-07-29 12:42 - 2015-07-29 12:42 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-07-29 12:42 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-29 12:41 - 2015-07-29 12:41 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-28 22:42 - 2015-07-28 22:42 - 05633622 _____ (Swearware) C:\Users\leg0817\Downloads\ComboFix.exe
2015-07-28 22:35 - 2015-07-28 22:35 - 02248704 _____ C:\Users\leg0817\Downloads\AdwCleaner.exe
2015-07-28 22:32 - 2015-07-28 22:32 - 00002056 _____ C:\Users\Public\Desktop\abFiles.lnk
2015-07-28 00:30 - 2015-07-28 00:30 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2015-07-28 00:29 - 2015-07-28 00:29 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2015-07-28 00:27 - 2015-07-28 00:29 - 00002031 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-07-27 11:40 - 2015-07-27 11:42 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508.exe
2015-07-26 18:35 - 2015-07-29 12:40 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-26 18:34 - 2015-07-26 18:35 - 11032736 _____ (SurfRight B.V.) C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe
2015-07-23 21:01 - 2015-07-23 21:01 - 10801480 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe
2015-07-23 20:54 - 2015-07-23 20:54 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe
2015-07-23 20:35 - 2015-07-23 20:35 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-07-23 20:35 - 2015-07-23 20:35 - 00001100 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-07-23 20:35 - 2015-07-23 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-07-23 20:35 - 2015-07-23 20:35 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-23 20:13 - 2015-07-23 20:13 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(2).exe
2015-07-23 20:11 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe
2015-07-23 18:24 - 2015-07-23 18:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\leg0817\Downloads\revosetup(1).exe
2015-07-23 15:28 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe
2015-07-21 12:30 - 2015-07-21 12:33 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-20 13:52 - 2015-07-20 13:52 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:40 - 2015-07-16 12:41 - 00000000 ____D C:\Users\leg0817\Documents\Professional Affiliations
2015-07-16 11:42 - 2015-07-16 11:42 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-07-16 11:34 - 2015-07-16 11:36 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-07-16 11:33 - 2015-07-16 11:42 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\VERIZON
2015-07-16 11:33 - 2015-07-16 11:33 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\SelfMV
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\samsung
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-16 11:27 - 2015-07-16 11:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-07-16 11:27 - 2015-07-16 11:27 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-07-16 11:26 - 2015-07-16 11:37 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-16 11:26 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Samsung
2015-07-16 11:26 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-07-16 11:17 - 2015-07-16 11:18 - 43832704 _____ (Samsung Electronics Co., Ltd.) C:\Users\leg0817\Downloads\Kies3Setup.exe
2015-07-15 11:52 - 2015-07-27 11:38 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-07-15 10:54 - 2015-07-15 10:54 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 10:17 - 2015-07-14 10:17 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-07-12 02:26 - 2015-07-12 02:27 - 00002228 _____ C:\Users\leg0817\Desktop\Trust Connect.lnk
2015-07-12 02:06 - 2015-07-12 03:34 - 00002257 _____ C:\Users\leg0817\Desktop\Popcorn Time.lnk
2015-07-12 02:03 - 2015-07-12 02:03 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-07-12 02:01 - 2015-07-12 02:03 - 00000000 ____D C:\Users\leg0817\AppData\Local\Popcorn Time
2015-07-12 01:57 - 2015-07-12 01:58 - 29103264 _____ (Popcorn Official) C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe
2015-07-12 00:49 - 2015-07-12 00:49 - 00000661 _____ C:\Users\leg0817\Desktop\PCTuneUp.lnk
2015-07-12 00:49 - 2015-07-12 00:49 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-12 00:48 - 2015-07-12 00:48 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\leg0817\Downloads\cptsetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 22:38 - 2012-11-27 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-11 22:37 - 2015-03-06 12:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-1001
2015-08-11 22:37 - 2013-09-30 00:04 - 01172616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-11 22:34 - 2015-07-02 23:39 - 01825986 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 22:34 - 2013-12-02 01:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\clear.fi
2015-08-11 22:33 - 2013-09-18 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-11 22:32 - 2015-07-02 01:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 22:32 - 2014-11-30 22:16 - 00013824 ___SH C:\Users\leg0817\Desktop\Thumbs.db
2015-08-11 22:32 - 2014-01-25 19:13 - 00000000 ___DO C:\Users\leg0817\SkyDrive
2015-08-11 22:31 - 2015-07-09 23:02 - 00433404 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-08-11 22:31 - 2015-07-02 23:43 - 00012978 _____ C:\WINDOWS\PFRO.log
2015-08-11 22:31 - 2015-07-02 23:43 - 00004665 _____ C:\WINDOWS\setupact.log
2015-08-11 22:31 - 2014-12-14 00:42 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job
2015-08-11 22:31 - 2014-12-14 00:42 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job
2015-08-11 22:31 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-11 22:31 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-11 22:27 - 2013-10-22 23:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 22:24 - 2013-09-09 23:15 - 00000000 ____D C:\Users\leg0817\AppData\Local\CrashDumps
2015-08-11 22:18 - 2015-03-19 21:24 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A422D98-ED70-4628-8B09-E086B7BA709E}
2015-08-11 22:15 - 2015-07-10 00:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\Sidebar7
2015-08-11 22:15 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-11 18:00 - 2015-07-09 10:54 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-08-11 17:54 - 2015-07-02 01:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-11 17:30 - 2013-10-22 23:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-11 14:46 - 2013-06-04 13:13 - 00000000 ____D C:\ProgramData\PassMark
2015-08-10 14:56 - 2015-06-24 21:39 - 00000000 ____D C:\Users\leg0817\AppData\Local\Popcorn-Time
2015-08-07 14:10 - 2013-11-07 02:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-07 12:48 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-07 12:26 - 2015-03-10 15:20 - 00003822 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424028767
2015-08-07 12:26 - 2015-03-10 15:18 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-07 12:26 - 2015-02-15 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 12:21 - 2013-10-29 23:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-07 12:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-02 19:02 - 2015-02-16 23:42 - 00000000 ____D C:\Users\leg0817\Documents\Resume
2015-08-02 19:00 - 2013-08-29 22:04 - 00000000 ____D C:\Users\leg0817\AppData\Local\Packages
2015-08-02 17:54 - 2014-12-10 02:44 - 00000000 ____D C:\Users\leg0817\Documents\L job search
2015-07-29 12:44 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 22:37 - 2015-01-28 14:16 - 00000000 ____D C:\AdwCleaner
2015-07-28 00:29 - 2012-11-27 22:14 - 00000000 ____D C:\Program Files (x86)\Acer
2015-07-28 00:29 - 2012-11-27 22:08 - 00000000 ____D C:\OEM
2015-07-26 15:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-25 18:22 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 20:55 - 2015-02-03 09:53 - 00139264 ___SH C:\Users\leg0817\Downloads\Thumbs.db
2015-07-23 20:34 - 2015-01-04 19:41 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-23 15:17 - 2014-12-11 22:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-21 13:27 - 2014-01-07 02:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-21 13:25 - 2014-01-07 02:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-21 13:18 - 2013-08-22 09:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-07-21 12:48 - 2013-09-18 23:14 - 00000000 ____D C:\Users\leg0817\AppData\Local\Adobe
2015-07-21 10:51 - 2014-02-10 18:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-21 10:50 - 2014-12-30 14:45 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-21 10:36 - 2013-08-22 10:44 - 00481832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 10:34 - 2015-04-24 23:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-21 10:34 - 2014-12-11 01:30 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-20 15:29 - 2013-09-10 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 15:25 - 2013-09-10 07:24 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 12:26 - 2015-07-06 11:53 - 00000000 ____D C:\Users\leg0817\Documents\computer tech support
2015-07-16 11:37 - 2014-02-17 16:05 - 00000000 ____D C:\ProgramData\Samsung
2015-07-16 11:37 - 2012-11-27 22:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-16 11:00 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-16 09:49 - 2015-07-02 01:44 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:49 - 2015-07-02 01:44 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-12 02:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 00:49 - 2015-07-03 22:28 - 00000000 ____D C:\Program Files\COMODO

==================== Files in the root of some directories =======

2015-07-10 00:25 - 2015-07-10 00:25 - 0000092 _____ () C:\Users\leg0817\AppData\Roaming\Control System_Settings.ini
2014-12-04 14:35 - 2014-12-04 14:35 - 0206847 _____ () C:\Users\leg0817\AppData\Local\ars.cache
2014-12-04 14:35 - 2014-12-04 14:35 - 0262803 _____ () C:\Users\leg0817\AppData\Local\census.cache
2014-12-04 14:05 - 2014-12-04 14:05 - 0000036 _____ () C:\Users\leg0817\AppData\Local\housecall.guid.cache
2015-01-02 17:22 - 2015-01-02 17:22 - 0007891 _____ () C:\Users\leg0817\AppData\Local\HWVendorDetection.log
2015-07-09 23:16 - 2015-07-09 23:16 - 0000414 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat
2015-07-09 23:16 - 2015-07-09 23:16 - 0000339 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat
2015-07-09 23:34 - 2015-07-09 23:35 - 0007616 _____ () C:\Users\leg0817\AppData\Local\resmon.resmoncfg
2014-12-04 14:21 - 2014-12-04 14:21 - 0000010 _____ () C:\Users\leg0817\AppData\Local\sponge.last.runtime.cache
2012-12-12 06:43 - 2012-12-12 06:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-07 13:06

==================== End of log ============================

++++++++++++

Additions Log after Fixlist applied

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by leg0817 (2015-08-11 22:40:02)
Running from C:\Users\leg0817\Desktop\FRST
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1462625325-2191386878-1537581567-500 - Administrator - Disabled)
Guest (S-1-5-21-1462625325-2191386878-1537581567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1462625325-2191386878-1537581567-1012 - Limited - Enabled)
leg0817 (S-1-5-21-1462625325-2191386878-1537581567-1001 - Administrator - Enabled) => C:\Users\leg0817

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{CA2865AD-EFF4-44F0-A2C9-DCDC0A90F27E}) (Version: 14.0.0 - Helmut Buhler)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.04.2002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 43.3.3.176 - Comodo)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
COMODO Internet Security Pro (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version: - COMODO)
CPCTuneUp (HKLM\...\{FC4D0316-D3D8-4c07-9E45-7A2A4D75E069}) (Version: 1.0.265884.46 - COMODO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.9.001_WHQL (HKLM\...\Elantech) (Version: 11.6.9.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM\...\{3DA2EB59-FB68-4383-9A3B-B348521367C7}) (Version: 4.19.137 - Comodo Security Solutions Inc)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.67.5221 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HID Monitor (HKLM-x32\...\{B1F1F086-E43B-4F41-B916-E9212E81EBEC}) (Version: 1.1.3 - Acer Incorporated)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.6 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.110.06300 (HKLM-x32\...\{15023164-F226-9ECA-D0CB-59AB4B40D222}) (Version: 2.12.110.06300 - Sony)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panasonic DRM Media Plugin (HKLM-x32\...\{5C10E7CA-654F-4F85-8D8F-B1893C7D83C7}) (Version: 2.0.1.0 - Panasonic Avionics Corporation)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1051.0 - Passmark Software)
Popcorn Time (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Popcorn Time) (Version: - Popcorn Official)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.23 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

26-07-2015 21:53:44 Checkpoint by HitmanPro
11-08-2015 22:28:51 Restore Point Created by FRST
11-08-2015 22:29:15 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-09 10:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E5A6D4-10EA-45A4-8140-0A37573322B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {16FED531-AEAE-454C-910D-A05711259B6F} - System32\Tasks\Opera scheduled Autoupdate 1424028767 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-07] (Opera Software)
Task: {2564271D-EF4A-4C26-977A-71C2636BBE73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2578307C-2976-4BC8-961B-0608145CBF61} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {26603552-B166-4281-B411-BFECA84B6D5A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {3236125D-34DF-46D0-9F4E-AB3BEAF96F0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-20] (Microsoft Corporation)
Task: {379F2CBA-8D53-4A45-8AD3-806DAFB40340} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-28] (Acer Incorporated)
Task: {42C8B2E7-663C-4D2C-AFA3-4F33C48C64E8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {43EEE8A4-5484-4432-9CB9-6DB43D98B4C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {463B8557-467B-41E2-81D2-A4745FFCBD19} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {5630F00F-3F90-4A04-B989-1E6D0D6B6997} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {583A925B-6285-4E18-A92B-603A24120367} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {782B86E0-A6A8-4935-9E48-D745F94F02CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {A8C0EFAC-FCD2-4EB6-B3AF-F67B0D9F740C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB377136-AF0C-46A4-9C19-D2D9EA67C250} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-05] (COMODO)
Task: {B5F9CA2E-8AEF-47AE-AAD5-376FB2063DAF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-07-28] (Acer)
Task: {BFB9E0B7-E302-429D-A270-52E784B7B5B7} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO)
Task: {C15F083B-1AAF-4133-B1F8-A7CEE24A8D7B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {EDE87673-29CA-419A-8E78-74E081EB4D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {F763C984-7765-4011-BE8A-7FFE00DF92DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-07 08:12 - 2013-02-07 08:12 - 00848584 _____ () C:\Program Files\COMODO\PC TuneUP\Plugins\RegistryScannerPlugin.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-24 03:22 - 2013-12-24 03:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 03:20 - 2013-12-24 03:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 03:26 - 2013-12-24 03:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-08-12 18:29 - 2014-08-12 18:29 - 03219456 _____ () C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00201568 _____ () C:\Program Files (x86)\Acer\abFiles\curllib.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00118112 _____ () C:\Program Files (x86)\Acer\abFiles\OpenLDAP.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-28 00:29 - 2015-07-28 00:29 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2012-12-12 06:41 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{BF9D6976-F90D-4053-A50F-EDF3417B8677}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC9A262C-D0F5-4A75-84A1-BC79CD4A500B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DE4CB21-2B02-4E2C-90A8-ABF196E56982}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C6A3F44B-CBA8-4ACD-ACCD-AFAF1A3E2CAB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C01CA764-4AF8-4443-9253-44F024827F18}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F8490951-6121-4A1E-B24F-65D3A7D2FC77}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{26C71741-240C-4205-BED6-3DAE2BADC453}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{DA4B4FF4-43F0-49A4-8175-20DE0199F622}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E9752190-0C84-47B4-A822-140120E7C3A1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{447BAFD0-2807-477B-9528-6934022B6790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2015 10:28:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fd97d80-9cdd-49df-ba57-3a366feb1eae}

Error: (08/11/2015 10:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1ed4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/11/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1280
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7234

System errors:
=============
Error: (08/11/2015 10:28:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2015 10:28:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Upgrade to Windows 10 Pro.

Error: (08/11/2015 10:28:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/11/2015 10:28:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/11/2015 10:28:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2015 10:28:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/11/2015 10:28:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/11/2015 10:28:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/11/2015 10:27:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/11/2015 10:27:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dritek RF Button Command Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (08/11/2015 10:28:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fd97d80-9cdd-49df-ba57-3a366feb1eae}

Error: (08/11/2015 10:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa11ed401d0ce10cc46f58bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3a007add-4099-11e5-bf04-b79076ec2ea9

Error: (08/11/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1128001d0d47c900fee57C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll33fb5e3c-4099-11e5-bf04-b79076ec2ea9

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69500687

Error: (08/11/2015 01:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8718

Error: (08/10/2015 06:41:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 06:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7234

CodeIntegrity:
===================================
Date: 2015-08-11 22:38:31.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 22:32:26.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 13:21:14.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 13:13:18.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-02 19:00:13.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-02 17:54:58.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 13:28:44.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 21:47:37.662
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 20:30:53.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-29 15:29:10.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 49%
Total physical RAM: 3911.28 MB
Available physical RAM: 1980.72 MB
Total Virtual: 8765.25 MB
Available Virtual: 6556.97 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:108.03 GB) (Free:14.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 14A6250F)

Partition: GPT.

==================== End of log ============================

Edited by mikegre, 11 August 2015 - 08:47 PM.

#4
zep516

Posted 11 August 2015 - 09:06 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Run this fix, right click on FRST and Run as adminstrator,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

CloseProcesses:
CreateRestorePoint:
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

#5
mikegre

Posted 11 August 2015 - 11:03 PM

Member

Topic Starter
Member
74 posts

second fixlog... per your instructions

By th way what is all of the "Alternate Data Streams" info reflect on the logs?

Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by leg0817 (2015-08-12 00:59:20) Run:3
Running from C:\Users\leg0817\Desktop\FRST
Loaded Profiles: leg0817 (Available Profiles: leg0817)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
CreateRestorePoint:
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\WINDOWS\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\devinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\invagent.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\usbaaplrc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\werdiagcontroller.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuauclt.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuaueng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wucltux.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wups2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\WUSettingsProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iepeers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\tdc.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthenum.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\bthport.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\BTHUSB.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ndis.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\revoflt.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\usbaapl64.sys" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\SkyDrive => ":ms-properties" ADS removed successfully.
"C:\Users\leg0817\Desktop\petst.exe" => ":$CmdTcID" ADS not found.
C:\Users\leg0817\Desktop\petst.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ccsetup508.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\ComboFix.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Kies3Setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\spsetup128.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller(1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\Downloads\TomsInstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat" => ":$CmdTcID" ADS not found.
"C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat" => ":$CmdTcID" ADS not found.
EmptyTemp: => 80.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 01:00:07 ====

FRST log after running second fixlist

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by leg0817 (administrator) on TEST (12-08-2015 01:04:56)
Running from C:\Users\leg0817\Desktop\FRST
Loaded Profiles: leg0817 (Available Profiles: leg0817)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\PC TuneUP\CPluginService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\PC TuneUP\CPCTuneUp.exe
(Google Inc.) C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(acer) C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\leg0817\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-12] (COMODO)
HKLM\...\Run: [COMODO PC TuneUp] => C:\Program Files\COMODO\PC TuneUP\CPCTuneUp.exe [9851080 2015-07-12] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-08-07] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-12-12] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google Update] => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-12-14] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [Google+ Auto Backup] => C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2674528 2015-07-28] (Acer)
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Run: [RemoteFilesTrayIcon] => C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe [2239840 2015-07-28] (acer)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar752.lnk [2015-08-11]
ShortcutTarget: Sidebar752.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (No File)
Startup: C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-07-16]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\leg0817\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-07-23] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001 -> DefaultScope {2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} URL =
SearchScopes: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001 -> {2E74D470-E4CD-4CFF-A83D-4D87D4B7A7B6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B849D8C0-5794-4CCC-BAB4-7F0C1E5299AE}: [DhcpNameServer] 172.20.4.1
Tcpip\..\Interfaces\{EA7CFF0C-25F4-4492-9852-C6035B31D70F}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=3 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: @tools.google.com/Google Update;version=9 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: panasonic.aero/PanasonicDrmPlugin-2 -> C:\Users\leg0817\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Media Plugin\2.0.1.0\npPanasonicDrmPlugin.dll [2014-12-12] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-1462625325-2191386878-1537581567-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-03] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-15]
FF Extension: Adblock Edge - C:\Users\leg0817\AppData\Roaming\Mozilla\Firefox\Profiles\shy39e24.default-1436672450068\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-07-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-10]

Chrome:
=======
CHR Profile: C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (World Cities Travel Distance) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnjfdpibdkfphjoeohdbhggjpgpknpk [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02]
CHR Extension: (Google Wallet) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Adblock Pro) - C:\Users\leg0817\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-15]

Opera:
=======
OPR Extension: (whochan) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\moefjfjeieehgdpklgbmbeihffhhaeek [2015-02-15]
OPR Extension: (Adblock Plus) - C:\Users\leg0817\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-03] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-28] (Acer Incorporated)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1995448 2015-07-03] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-07-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-08-12] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-12] (COMODO)
R2 CPluginService; C:\Program Files\COMODO\PC TuneUP\CPluginService.exe [2282696 2015-07-12] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-07-10] (Comodo Security Solutions, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-26] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-01-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-12-12] (Dritek System INC.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-07-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-04] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-04] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-08-11] ()
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-12] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-12] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 easytether; \SystemRoot\system32\DRIVERS\easytthr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 01:03 - 2015-08-12 01:03 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-08-12 00:56 - 2015-08-12 00:56 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-08-12 00:55 - 2015-08-12 00:55 - 00009426 _____ C:\Users\leg0817\Desktop\Fixlist.txt
2015-08-11 22:58 - 2015-08-11 22:58 - 00001291 _____ C:\Users\leg0817\Desktop\Revo Uninstaller.lnk
2015-08-11 22:58 - 2015-08-11 22:58 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-11 22:57 - 2015-08-11 22:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\leg0817\Desktop\revosetup.exe
2015-08-11 22:38 - 2015-08-11 22:38 - 00002008 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-08-11 14:46 - 2015-08-11 14:46 - 00000957 _____ C:\Users\leg0817\Desktop\PerformanceTest.lnk
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Users\leg0817\Documents\PassMark
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Users\leg0817\AppData\Local\PassMark
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-08-11 14:46 - 2015-08-11 14:46 - 00000000 ____D C:\Program Files\PerformanceTest
2015-08-11 14:41 - 2015-08-12 01:00 - 00000000 ____D C:\Users\leg0817\Desktop\FRST
2015-08-11 14:40 - 2015-08-11 14:41 - 26935504 _____ (Passmark Software ) C:\Users\leg0817\Desktop\petst.exe
2015-08-10 14:41 - 2015-08-11 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-07 12:24 - 2015-08-07 12:24 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-07 12:24 - 2015-08-07 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-07 12:21 - 2015-08-07 12:24 - 00000000 ____D C:\Program Files\iTunes
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files\iPod
2015-08-07 12:21 - 2015-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-07 12:13 - 2015-08-07 12:43 - 00055161 _____ C:\Users\leg0817\Downloads\Addition.txt
2015-08-07 12:12 - 2015-08-07 12:43 - 00057154 _____ C:\Users\leg0817\Downloads\FRST.txt
2015-08-07 12:10 - 2015-08-12 01:04 - 00000000 ____D C:\FRST
2015-08-07 12:10 - 2015-08-07 12:10 - 02170368 _____ (Farbar) C:\Users\leg0817\Downloads\FRST64.exe
2015-08-07 12:05 - 2015-08-07 12:05 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508(1).exe
2015-07-29 15:15 - 2015-07-29 15:15 - 00002004 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-07-29 12:42 - 2015-07-29 12:42 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-07-29 12:42 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-29 12:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-29 12:41 - 2015-07-29 12:41 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-29 12:41 - 2015-07-29 12:41 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-29 12:41 - 2015-07-29 12:41 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-29 12:41 - 2015-07-29 12:41 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-28 22:42 - 2015-07-28 22:42 - 05633622 _____ (Swearware) C:\Users\leg0817\Downloads\ComboFix.exe
2015-07-28 22:35 - 2015-07-28 22:35 - 02248704 _____ C:\Users\leg0817\Downloads\AdwCleaner.exe
2015-07-28 22:32 - 2015-07-28 22:32 - 00002056 _____ C:\Users\Public\Desktop\abFiles.lnk
2015-07-28 00:30 - 2015-07-28 00:30 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2015-07-28 00:29 - 2015-07-28 00:29 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2015-07-28 00:27 - 2015-07-28 00:29 - 00002031 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-07-27 11:40 - 2015-07-27 11:42 - 06609608 _____ (Piriform Ltd) C:\Users\leg0817\Downloads\ccsetup508.exe
2015-07-26 18:35 - 2015-07-29 12:40 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-26 18:35 - 2015-07-26 18:35 - 00000000 ____D C:\Program Files\HitmanPro
2015-07-26 18:34 - 2015-07-26 18:35 - 11032736 _____ (SurfRight B.V.) C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe
2015-07-23 21:01 - 2015-07-23 21:01 - 10801480 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe
2015-07-23 20:54 - 2015-07-23 20:54 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe
2015-07-23 20:13 - 2015-07-23 20:13 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(2).exe
2015-07-23 20:11 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe
2015-07-23 18:24 - 2015-07-23 18:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\leg0817\Downloads\revosetup(1).exe
2015-07-23 15:28 - 2015-07-23 15:33 - 11069616 _____ (VS Revo Group ) C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe
2015-07-21 12:30 - 2015-07-21 12:33 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-20 13:53 - 2015-07-20 13:53 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-20 13:53 - 2015-07-20 13:53 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-20 13:52 - 2015-07-20 13:52 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-20 13:51 - 2015-07-20 13:51 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-20 13:51 - 2015-07-20 13:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-20 13:51 - 2015-07-20 13:51 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-20 13:51 - 2015-07-20 13:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-20 13:51 - 2015-07-20 13:51 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-20 13:49 - 2015-07-20 13:49 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 13:48 - 2015-07-20 13:48 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-20 13:47 - 2015-07-20 13:47 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-16 12:40 - 2015-07-16 12:41 - 00000000 ____D C:\Users\leg0817\Documents\Professional Affiliations
2015-07-16 11:42 - 2015-07-16 11:42 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-07-16 11:34 - 2015-07-16 11:36 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-07-16 11:33 - 2015-07-16 11:42 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\VERIZON
2015-07-16 11:33 - 2015-07-16 11:33 - 00000000 ____D C:\Users\Public\Documents\Verizon2.0_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\SelfMV
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\Documents\samsung
2015-07-16 11:28 - 2015-07-16 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-16 11:27 - 2015-07-16 11:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-07-16 11:27 - 2015-07-16 11:27 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-07-16 11:26 - 2015-07-16 11:37 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-16 11:26 - 2015-07-16 11:28 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Samsung
2015-07-16 11:26 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-07-16 11:17 - 2015-07-16 11:18 - 43832704 _____ (Samsung Electronics Co., Ltd.) C:\Users\leg0817\Downloads\Kies3Setup.exe
2015-07-15 11:52 - 2015-07-27 11:38 - 00000000 ____D C:\Users\leg0817\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-07-15 10:54 - 2015-07-15 10:54 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 10:54 - 2015-07-15 10:54 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 01:03 - 2015-07-02 23:39 - 01999002 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-12 01:01 - 2015-07-02 23:43 - 00013958 _____ C:\WINDOWS\PFRO.log
2015-08-12 01:01 - 2015-07-02 23:43 - 00004973 _____ C:\WINDOWS\setupact.log
2015-08-12 01:01 - 2015-07-02 01:44 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-12 01:01 - 2014-11-30 22:16 - 00013824 ___SH C:\Users\leg0817\Desktop\Thumbs.db
2015-08-12 01:01 - 2014-01-25 19:13 - 00000000 ___DO C:\Users\leg0817\SkyDrive
2015-08-12 01:01 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-12 01:00 - 2015-07-09 23:02 - 00434256 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-08-12 01:00 - 2015-07-09 10:54 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-08-12 01:00 - 2013-09-09 23:15 - 00000000 ____D C:\Users\leg0817\AppData\Local\CrashDumps
2015-08-12 01:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-12 01:00 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-12 00:54 - 2015-07-02 01:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-12 00:27 - 2013-10-22 23:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 23:54 - 2013-09-30 00:04 - 01172616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-11 23:52 - 2015-03-06 12:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1462625325-2191386878-1537581567-1001
2015-08-11 23:12 - 2013-09-18 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-11 23:00 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-08-11 23:00 - 2013-08-22 11:36 - 00000000 ___SD C:\Program Files (x86)\Windows Sidebar
2015-08-11 22:38 - 2012-11-27 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-11 22:34 - 2013-12-02 01:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\clear.fi
2015-08-11 22:31 - 2014-12-14 00:42 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job
2015-08-11 22:31 - 2014-12-14 00:42 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job
2015-08-11 22:18 - 2015-03-19 21:24 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A422D98-ED70-4628-8B09-E086B7BA709E}
2015-08-11 22:15 - 2015-07-10 00:19 - 00000000 ____D C:\Users\leg0817\AppData\Local\Sidebar7
2015-08-11 17:30 - 2013-10-22 23:53 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-11 14:46 - 2013-06-04 13:13 - 00000000 ____D C:\ProgramData\PassMark
2015-08-10 14:56 - 2015-06-24 21:39 - 00000000 ____D C:\Users\leg0817\AppData\Local\Popcorn-Time
2015-08-07 14:10 - 2013-11-07 02:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-07 12:48 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-07 12:26 - 2015-03-10 15:20 - 00003822 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1424028767
2015-08-07 12:26 - 2015-03-10 15:18 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-07 12:26 - 2015-02-15 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-07 12:21 - 2013-10-29 23:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-07 12:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-04 20:31 - 2015-06-05 14:36 - 00827632 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-08-04 20:31 - 2015-06-05 14:36 - 00127232 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-08-04 20:31 - 2015-06-05 14:36 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-08-04 20:31 - 2015-06-05 14:36 - 00021720 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-08-04 20:29 - 2015-06-05 14:34 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-08-04 20:29 - 2015-06-05 14:34 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-08-04 20:29 - 2015-06-05 14:34 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-08-04 20:28 - 2015-06-05 14:33 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-08-04 20:28 - 2015-06-05 14:32 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-08-04 20:27 - 2015-06-05 14:31 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-08-04 20:26 - 2015-06-05 14:31 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-08-02 19:02 - 2015-02-16 23:42 - 00000000 ____D C:\Users\leg0817\Documents\Resume
2015-08-02 19:00 - 2013-08-29 22:04 - 00000000 ____D C:\Users\leg0817\AppData\Local\Packages
2015-08-02 17:54 - 2014-12-10 02:44 - 00000000 ____D C:\Users\leg0817\Documents\L job search
2015-07-29 12:44 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 22:37 - 2015-01-28 14:16 - 00000000 ____D C:\AdwCleaner
2015-07-28 00:29 - 2012-11-27 22:14 - 00000000 ____D C:\Program Files (x86)\Acer
2015-07-28 00:29 - 2012-11-27 22:08 - 00000000 ____D C:\OEM
2015-07-26 15:12 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-25 18:22 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-23 20:55 - 2015-02-03 09:53 - 00139264 ___SH C:\Users\leg0817\Downloads\Thumbs.db
2015-07-23 20:34 - 2015-01-04 19:41 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-23 15:17 - 2014-12-11 22:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-21 13:27 - 2014-01-07 02:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-21 13:25 - 2014-01-07 02:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-21 13:18 - 2013-08-22 09:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-07-21 12:48 - 2013-09-18 23:14 - 00000000 ____D C:\Users\leg0817\AppData\Local\Adobe
2015-07-21 10:51 - 2014-02-10 18:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-21 10:50 - 2014-12-30 14:45 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-21 10:36 - 2013-08-22 10:44 - 00481832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 10:34 - 2015-04-24 23:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-21 10:34 - 2014-12-11 01:30 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-20 15:29 - 2013-09-10 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 15:25 - 2013-09-10 07:24 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-20 13:51 - 2014-12-11 17:33 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 12:26 - 2015-07-06 11:53 - 00000000 ____D C:\Users\leg0817\Documents\computer tech support
2015-07-16 11:37 - 2014-02-17 16:05 - 00000000 ____D C:\ProgramData\Samsung
2015-07-16 11:37 - 2012-11-27 22:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-16 11:00 - 2015-03-29 18:57 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-16 09:49 - 2015-07-02 01:44 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:49 - 2015-07-02 01:44 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-07-10 00:25 - 2015-07-10 00:25 - 0000092 _____ () C:\Users\leg0817\AppData\Roaming\Control System_Settings.ini
2014-12-04 14:35 - 2014-12-04 14:35 - 0206847 _____ () C:\Users\leg0817\AppData\Local\ars.cache
2014-12-04 14:35 - 2014-12-04 14:35 - 0262803 _____ () C:\Users\leg0817\AppData\Local\census.cache
2014-12-04 14:05 - 2014-12-04 14:05 - 0000036 _____ () C:\Users\leg0817\AppData\Local\housecall.guid.cache
2015-01-02 17:22 - 2015-01-02 17:22 - 0007891 _____ () C:\Users\leg0817\AppData\Local\HWVendorDetection.log
2015-07-09 23:16 - 2015-07-09 23:16 - 0000414 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat
2015-07-09 23:16 - 2015-07-09 23:16 - 0000339 _____ () C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat
2015-07-09 23:34 - 2015-07-09 23:35 - 0007616 _____ () C:\Users\leg0817\AppData\Local\resmon.resmoncfg
2014-12-04 14:21 - 2014-12-04 14:21 - 0000010 _____ () C:\Users\leg0817\AppData\Local\sponge.last.runtime.cache
2012-12-12 06:43 - 2012-12-12 06:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-07 13:06

==================== End of log ============================

Latest Addirions log after funning second fixlist

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by leg0817 (2015-08-12 01:05:37)
Running from C:\Users\leg0817\Desktop\FRST
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1462625325-2191386878-1537581567-500 - Administrator - Disabled)
Guest (S-1-5-21-1462625325-2191386878-1537581567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1462625325-2191386878-1537581567-1012 - Limited - Enabled)
leg0817 (S-1-5-21-1462625325-2191386878-1537581567-1001 - Administrator - Enabled) => C:\Users\leg0817

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.04.2002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 43.3.3.176 - Comodo)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
COMODO Internet Security Pro (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
Comodo TrustConnect™ v.1.7.3 (HKLM-x32\...\Comodo TrustConnect™_is1) (Version: - COMODO)
CPCTuneUp (HKLM\...\{FC4D0316-D3D8-4c07-9E45-7A2A4D75E069}) (Version: 1.0.265884.46 - COMODO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.9.001_WHQL (HKLM\...\Elantech) (Version: 11.6.9.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM\...\{3DA2EB59-FB68-4383-9A3B-B348521367C7}) (Version: 4.19.137 - Comodo Security Solutions Inc)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.67.5221 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HID Monitor (HKLM-x32\...\{B1F1F086-E43B-4F41-B916-E9212E81EBEC}) (Version: 1.1.3 - Acer Incorporated)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.6 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.110.06300 (HKLM-x32\...\{15023164-F226-9ECA-D0CB-59AB4B40D222}) (Version: 2.12.110.06300 - Sony)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panasonic DRM Media Plugin (HKLM-x32\...\{5C10E7CA-654F-4F85-8D8F-B1893C7D83C7}) (Version: 2.0.1.0 - Panasonic Avionics Corporation)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1051.0 - Passmark Software)
Popcorn Time (HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\Popcorn Time) (Version: - Popcorn Official)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.23 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1462625325-2191386878-1537581567-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\leg0817\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

11-08-2015 22:28:51 Restore Point Created by FRST
11-08-2015 22:29:15 Restore Point Created by FRST
11-08-2015 22:59:58 Removed 8GadgetPack
11-08-2015 23:23:30 Removed Bonjour
12-08-2015 00:59:22 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-09 10:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E5A6D4-10EA-45A4-8140-0A37573322B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {143A0F50-A602-4EDD-B348-E88688E60863} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-12] (COMODO)
Task: {16FED531-AEAE-454C-910D-A05711259B6F} - System32\Tasks\Opera scheduled Autoupdate 1424028767 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-07] (Opera Software)
Task: {2564271D-EF4A-4C26-977A-71C2636BBE73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {2578307C-2976-4BC8-961B-0608145CBF61} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-12] (COMODO)
Task: {26603552-B166-4281-B411-BFECA84B6D5A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {3236125D-34DF-46D0-9F4E-AB3BEAF96F0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-20] (Microsoft Corporation)
Task: {379F2CBA-8D53-4A45-8AD3-806DAFB40340} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-28] (Acer Incorporated)
Task: {42C8B2E7-663C-4D2C-AFA3-4F33C48C64E8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-12] (COMODO)
Task: {43EEE8A4-5484-4432-9CB9-6DB43D98B4C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {463B8557-467B-41E2-81D2-A4745FFCBD19} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-12] (COMODO)
Task: {5630F00F-3F90-4A04-B989-1E6D0D6B6997} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {583A925B-6285-4E18-A92B-603A24120367} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {782B86E0-A6A8-4935-9E48-D745F94F02CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {A8C0EFAC-FCD2-4EB6-B3AF-F67B0D9F740C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB377136-AF0C-46A4-9C19-D2D9EA67C250} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-12] (COMODO)
Task: {B5F9CA2E-8AEF-47AE-AAD5-376FB2063DAF} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-07-28] (Acer)
Task: {BFB9E0B7-E302-429D-A270-52E784B7B5B7} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-12] (COMODO)
Task: {C15F083B-1AAF-4133-B1F8-A7CEE24A8D7B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {EDE87673-29CA-419A-8E78-74E081EB4D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {F763C984-7765-4011-BE8A-7FFE00DF92DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001Core.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1462625325-2191386878-1537581567-1001UA.job => C:\Users\leg0817\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-07 08:12 - 2013-02-07 08:12 - 00848584 _____ () C:\Program Files\COMODO\PC TuneUP\Plugins\RegistryScannerPlugin.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-24 03:22 - 2013-12-24 03:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 03:20 - 2013-12-24 03:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 03:26 - 2013-12-24 03:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-08-12 18:29 - 2014-08-12 18:29 - 03219456 _____ () C:\Users\leg0817\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00201568 _____ () C:\Program Files (x86)\Acer\abFiles\curllib.dll
2015-07-24 16:27 - 2015-07-24 16:27 - 00118112 _____ () C:\Program Files (x86)\Acer\abFiles\OpenLDAP.dll
2012-12-12 06:41 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-28 00:29 - 2015-07-28 00:29 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\leg0817\Desktop\petst.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\revosetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Desktop\revosetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\leg0817\Desktop\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ccsetup508.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\ComboFix.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\flashplayer18_ha_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\HitmanPro_x64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Kies3Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Pay1040_receipt_10.7.2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\Popcorn-Time-0.3.8-0-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\RevoUninProSetup(4).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\Downloads\TomsInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp.bat:$CmdTcID
AlternateDataStreams: C:\Users\leg0817\AppData\Local\LMIR0001.tmp_r.bat:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1462625325-2191386878-1537581567-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{BF9D6976-F90D-4053-A50F-EDF3417B8677}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC9A262C-D0F5-4A75-84A1-BC79CD4A500B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DE4CB21-2B02-4E2C-90A8-ABF196E56982}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C6A3F44B-CBA8-4ACD-ACCD-AFAF1A3E2CAB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C01CA764-4AF8-4443-9253-44F024827F18}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F8490951-6121-4A1E-B24F-65D3A7D2FC77}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{26C71741-240C-4205-BED6-3DAE2BADC453}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{DA4B4FF4-43F0-49A4-8175-20DE0199F622}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E9752190-0C84-47B4-A822-140120E7C3A1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{447BAFD0-2807-477B-9528-6934022B6790}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{B4BD3285-E6E9-410B-BDEB-8D484092AD99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2015 01:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Faulting module name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Exception code: 0xc0000005
Fault offset: 0x003e5017
Faulting process id: 0x6e0
Faulting application start time: 0xccd.exe0
Faulting application path: ccd.exe1
Faulting module path: ccd.exe2
Report Id: ccd.exe3
Faulting package full name: ccd.exe4
Faulting package-relative application ID: ccd.exe5

Error: (08/12/2015 12:59:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9fcbfbab-be5f-497c-9e1c-105dd724bc4e}

Error: (08/12/2015 12:59:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xc68
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/11/2015 11:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Faulting module name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Exception code: 0xc0000005
Fault offset: 0x003e5017
Faulting process id: 0x6dc
Faulting application start time: 0xccd.exe0
Faulting application path: ccd.exe1
Faulting module path: ccd.exe2
Report Id: ccd.exe3
Faulting package full name: ccd.exe4
Faulting package-relative application ID: ccd.exe5

Error: (08/11/2015 11:42:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Faulting module name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Exception code: 0xc0000005
Fault offset: 0x003e5017
Faulting process id: 0x6cc
Faulting application start time: 0xccd.exe0
Faulting application path: ccd.exe1
Faulting module path: ccd.exe2
Report Id: ccd.exe3
Faulting package full name: ccd.exe4
Faulting package-relative application ID: ccd.exe5

Error: (08/11/2015 11:12:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Faulting module name: ccd.exe, version: 0.0.0.0, time stamp: 0x558aa83f
Exception code: 0xc0000005
Fault offset: 0x003e5017
Faulting process id: 0x6dc
Faulting application start time: 0xccd.exe0
Faulting application path: ccd.exe1
Faulting module path: ccd.exe2
Report Id: ccd.exe3
Faulting package full name: ccd.exe4
Faulting package-relative application ID: ccd.exe5

Error: (08/11/2015 11:10:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/11/2015 10:28:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fd97d80-9cdd-49df-ba57-3a366feb1eae}

Error: (08/11/2015 10:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1ed4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/11/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1280
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

System errors:
=============
Error: (08/12/2015 12:59:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2015 12:59:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 12:59:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/12/2015 12:59:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/12/2015 12:59:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2015 12:59:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/12/2015 12:59:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 12:59:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dritek RF Button Command Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (08/12/2015 12:59:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 12:59:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (08/12/2015 01:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccd.exe0.0.0.0558aa83fccd.exe0.0.0.0558aa83fc0000005003e50176e001d0d4bbeb068d48C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exeC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe3a82c8c2-40af-11e5-bf09-af70eb856c61

Error: (08/12/2015 12:59:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9fcbfbab-be5f-497c-9e1c-105dd724bc4e}

Error: (08/12/2015 12:59:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa1c6801d0d4b1d7071150C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle421e6e2-40ae-11e5-bf08-f8bb6ec0d819

Error: (08/11/2015 11:47:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccd.exe0.0.0.0558aa83fccd.exe0.0.0.0558aa83fc0000005003e50176dc01d0d4b1938df8d1C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exeC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exee5739ffd-40a4-11e5-bf08-eaa6bdc9f26f

Error: (08/11/2015 11:42:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccd.exe0.0.0.0558aa83fccd.exe0.0.0.0558aa83fc0000005003e50176cc01d0d4b0e133647dC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exeC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe3463514b-40a4-11e5-bf07-93ebc5b1dca1

Error: (08/11/2015 11:12:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccd.exe0.0.0.0558aa83fccd.exe0.0.0.0558aa83fc0000005003e50176dc01d0d4acb7d0719fC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exeC:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe0782e371-40a0-11e5-bf06-c8c2fad50dd0

Error: (08/11/2015 11:10:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (08/11/2015 10:28:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3fd97d80-9cdd-49df-ba57-3a366feb1eae}

Error: (08/11/2015 10:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa11ed401d0ce10cc46f58bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3a007add-4099-11e5-bf04-b79076ec2ea9

Error: (08/11/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1128001d0d47c900fee57C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll33fb5e3c-4099-11e5-bf04-b79076ec2ea9

CodeIntegrity:
===================================
Date: 2015-08-12 01:01:51.930
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 23:47:59.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 23:42:59.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 23:13:10.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 23:07:56.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 22:54:49.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 22:38:31.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 22:32:26.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 13:21:14.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 13:13:18.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 47%
Total physical RAM: 3911.28 MB
Available physical RAM: 2048.44 MB
Total Virtual: 9352.13 MB
Available Virtual: 6924.88 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:108.03 GB) (Free:15.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 14A6250F)

Partition: GPT.

==================== End of log ============================

Edited by mikegre, 11 August 2015 - 11:13 PM.

#6
mikegre

Posted 17 August 2015 - 07:02 PM

Member

Topic Starter
Member
74 posts

any reply?

#7
zep516

Posted 17 August 2015 - 07:10 PM

Trusted Helper

Malware Removal
8,093 posts

I'm sorry, I missed you be right with you in the mean time,

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

#8
mikegre

Posted 19 August 2015 - 11:28 AM

Member

Topic Starter
Member
74 posts

Here is the Security Check log

Results of screen317's Security Check version 1.007
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox 39.0.3 Firefox out of Date!
Google Chrome (44.0.2403.130)
Google Chrome (44.0.2403.155)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#9
zep516

Posted 19 August 2015 - 03:28 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,
Your Java is out of date :
Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.

Up-Date Firefox
To do that
In the Firefox browser click "Help", then click "About Firefox", and up date from there.

Let me know when that is done.

Thanks
Joe

#10
mikegre

Posted 19 August 2015 - 03:43 PM

Member

Topic Starter
Member
74 posts

Here you guo

Java 64 bit is up to date. the continued out of date Java reference is an old 32 bit version. I've used the Java uninstaller to try and remove the obsolescent Java versions but doesn't seem to be working so I'll have to manually uninstall.

Firefox is v40 so up to date

Also you can disregard Comodo antivirus and firewall errors... I disabled to run the security report. First time I ran without disabling Comodo and I got lots of error messages on my PC from Comodo and references to running the Security tool in Isolation...oh well!

Thx

Results of screen317's Security Check version 1.007
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 60
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Mozilla Firefox (40.0.2)
Google Chrome (44.0.2403.130)
Google Chrome (44.0.2403.155)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Edited by mikegre, 19 August 2015 - 03:46 PM.

#11
zep516

Posted 19 August 2015 - 03:52 PM

Trusted Helper

Malware Removal
8,093 posts

One think I'm noticing and I don't like is Comodo Anti Virus

COMODO is loading your system down with new ADS (Alternate Data Streams) everytime you run a new program.

AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID

It seems to be a bug in the COMODO Firewall, there's some discussion here,
https://forums.comod...-t108076.0.html

Just for fun checkout the discussion, I don't know how to fix, I'd have to ask others that have ran into this, I'll do that and get back to you.

Thanks
Joe

#12
mikegre

Posted 19 August 2015 - 09:40 PM

Member

Topic Starter
Member
74 posts

Thx Joe.

I'm really having second thoughts about Comodo. Purchase 3 yr/ 3 pc plan about 16 months ago. Really seemed to work well (Ver 7) but last 6 months or so nothing but problems and weird things with their software. I complained and tried to get a refund, they declined but instead extended my subscription another 3 years. So I have 5 years of coverage that I'm not sure I even want to use. I think I'll uninstall and just use free Avast for a few weeks. Plan was to clean up my pc for windows 10 install but I'm having some issues with the first pc that I upgraded to windows 10 so I'm thinking of waiting a month or two before upgrading so more of the early kinks can be resolved.

Love to hear if you identify a solution regard Comodo. But just as happy of we can ensure this pc is all cleaned up.

Thx

#13
zep516

Posted 21 August 2015 - 07:41 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Sorry

Running behind. Your machine is clean. I'll look for a solution and let you know right away if there is one, on the other hand if you're having other issues with the software and they can't resolve it then strongly consider moving to another Anti Virus as you seem to be doing already.

Joe

#14
mikegre

Posted 03 September 2015 - 11:22 AM

Member

Topic Starter
Member
74 posts

ok thx.

Strange but last night I ran both malware bytes and hitman pro... both discovered various Conduit and OpenCandy files on my Acer.... I immediately removed the most recently installed software... Stamps.com, FileHippo. I also video stream out of market sports programming so possible I picked it up from one of the site. I cleaned up Conduit and OpenCandy with Malware Bytes and HitmanPro (I'll also do a reg edit check). Most disappointing is before removing I did a full scan with Comodo... git a clean report! Very disappointing.

#15
zep516

Posted 03 September 2015 - 05:08 PM

Trusted Helper

Malware Removal
8,093 posts

The Anti Virus programs are not necessarily going to detect Conduit, Open Candy etc. Look at the Malware forum everyone has them and 99.9 percent are running an Anti Virus program. Seems the Anti Virus program writers have never got on board with adware and the best defense is of course safe surfing habits and becareful what you download. Keep using Malwarebytes, I however don't recommend hitman pro because we have a few folks here that end up with various issues after using that program....

Lets remove the tools I had you download by running delfix, this will remove all log files from the desktop and may remove Hitmanpro too.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Acer Aspire S7-391, Windows 10 upgrade, Malware, Virus

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,664 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,237 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,693 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,757 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Virus Infection Started by ForrestGump , 05 Oct 2022 Virus 1 2 3 8 →	Hot 110 replies 15,930 views	RKinner 14 Nov 2022