Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Bitmotion-New Tab" added in Chrome (can't get rid of it&#

Started by tl79 , Jun 29 2017 05:18 PM

Please log in to reply

#106
tl79

Posted 03 July 2017 - 11:30 AM

Member

Topic Starter
Member
186 posts

did msconfig...turned off all (exc MS) in services and startup: numbers for system idle and procexp64 were about the same. Interrupts bounces around at around 1.6 to over 2

#107
tl79

Posted 03 July 2017 - 11:34 AM

Member

Topic Starter
Member
186 posts

After disabling and re-enabling services and startup, I have internet and can finally get to geeks to go on the laptop!

#108
RKinner

Posted 03 July 2017 - 02:08 PM

Malware Expert

Expert
24,625 posts

It appears there was a big improvement when you ran without battery. Not enough but significant. Does it last very long on battery?

Since you have it back on line, make a new FRST scan and post it.

#109
tl79

Posted 03 July 2017 - 02:21 PM

Member

Topic Starter
Member
186 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01

Ran by mel (administrator) on MEL-PC (03-07-2017 15:15:24)

Running from C:\Users\mel\Desktop

Loaded Profiles: mel (Available Profiles: mel)

Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-30] (Synaptics Incorporated)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-02] (AVAST Software)

HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION

GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.3.254

Tcpip\..\Interfaces\{29154919-1dc2-434c-be91-1bc9b23aa427}: [DhcpNameServer] 192.168.3.254

Tcpip\..\Interfaces\{9eda8ba8-f1ef-4784-84ba-c98324db86dd}: [DhcpNameServer] 192.168.3.254

Internet Explorer:

==================

SearchScopes: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Edge:

======

Edge HomeButtonPage: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001 -> hxxp://www.google.com/

FireFox:

========

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:

=======

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]

CHR Extension: (Google Slides) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-27]

CHR Extension: (Google Docs) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-27]

CHR Extension: (Google Drive) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-27]

CHR Extension: (YouTube) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-27]

CHR Extension: (uBlock) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2017-07-02]

CHR Extension: (Google Sheets) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-27]

CHR Extension: (Google Docs Offline) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-27]

CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-07-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]

CHR Extension: (Gmail) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-27]

CHR Extension: (Chrome Media Router) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-17]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-02] (AVAST Software s.r.o.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-02] (AVAST Software)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)

S2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-02] (AVAST Software s.r.o.)

R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-02] (AVAST Software s.r.o.)

R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-02] (AVAST Software s.r.o.)

R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-02] (AVAST Software s.r.o.)

S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [85552 2017-02-27] (AVAST Software)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-02] (AVAST Software)

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-02] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-02] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-02] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-02] (AVAST Software)

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-02] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-02] (AVAST Software)

R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-02] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-02] (AVAST Software)

R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2016-07-16] (Broadcom Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-07-03] (Malwarebytes)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [52400 2016-03-30] (Synaptics Incorporated)

R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [52904 2016-03-30] (Synaptics Incorporated)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 15:15 - 2017-07-03 15:16 - 00009666 _____ C:\Users\mel\Desktop\FRST.txt

2017-07-03 15:15 - 2017-07-03 15:15 - 00000000 ____D C:\Users\mel\Desktop\FRST-OlderVersion

2017-07-03 11:54 - 2017-07-03 14:28 - 00021232 _____ (Thesycon GmbH) C:\WINDOWS\system32\Drivers\dpclat_driver.sys

2017-07-03 11:53 - 2017-07-03 14:28 - 00000980 _____ C:\Users\mel\Desktop\dpclat.exe - Shortcut.lnk

2017-07-03 11:50 - 2017-07-03 11:50 - 00306928 _____ (Thesycon GmbH) C:\Users\mel\Downloads\dpclat.exe

2017-07-03 09:25 - 2017-07-03 09:25 - 00164748 _____ C:\Users\mel\Desktop\apps removed feb 27 2017.pdf

2017-07-03 09:25 - 2017-07-03 09:25 - 00000000 ____D C:\Users\mel\AppData\LocalLow\Temp

2017-07-02 20:13 - 2017-07-02 20:13 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-07-02 19:34 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-07-02 19:34 - 2017-06-03 05:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-07-02 19:34 - 2017-06-03 05:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-07-02 19:34 - 2017-06-03 05:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-07-02 19:34 - 2017-06-03 05:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-07-02 19:34 - 2017-06-03 04:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-07-02 19:34 - 2017-06-03 04:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-07-02 19:34 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-07-02 19:34 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-07-02 19:34 - 2017-06-03 04:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-07-02 19:34 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2017-07-02 19:34 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2017-07-02 19:34 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2017-07-02 19:34 - 2017-06-03 04:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-07-02 19:34 - 2017-06-03 04:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-07-02 19:34 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-07-02 19:34 - 2017-06-03 04:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2017-07-02 19:34 - 2017-06-03 04:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2017-07-02 19:34 - 2017-06-03 04:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-07-02 19:34 - 2017-06-03 04:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-07-02 19:34 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-07-02 19:34 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-07-02 19:34 - 2017-06-03 04:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-07-02 19:34 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-07-02 19:34 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-07-02 19:34 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-07-02 19:34 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-07-02 19:34 - 2017-06-03 04:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2017-07-02 19:34 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll

2017-07-02 19:34 - 2017-06-03 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-07-02 19:34 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll

2017-07-02 19:34 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2017-07-02 19:34 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll

2017-07-02 19:34 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll

2017-07-02 19:34 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-07-02 19:34 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2017-07-02 19:34 - 2017-06-03 04:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2017-07-02 19:34 - 2017-06-03 04:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-07-02 19:34 - 2017-06-03 04:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-07-02 19:34 - 2017-06-03 04:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-07-02 19:34 - 2017-06-03 04:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-07-02 19:34 - 2017-06-03 04:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-07-02 19:34 - 2017-06-03 04:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-07-02 19:34 - 2017-06-03 04:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-07-02 19:34 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll

2017-07-02 19:34 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-07-02 19:34 - 2017-06-03 04:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-07-02 19:34 - 2017-06-03 04:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-07-02 19:34 - 2017-06-03 04:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-07-02 19:34 - 2017-06-03 04:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2017-07-02 19:34 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll

2017-07-02 19:34 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-07-02 19:34 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-07-02 19:34 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-07-02 19:34 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-07-02 19:34 - 2017-06-03 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-07-02 19:34 - 2017-06-03 03:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-07-02 19:34 - 2017-06-03 03:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2017-07-02 19:34 - 2017-06-03 03:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-07-02 19:34 - 2017-06-03 03:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-07-02 19:34 - 2017-06-03 03:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-07-02 19:34 - 2017-06-03 03:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-07-02 19:34 - 2017-06-03 03:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-07-02 19:34 - 2017-06-03 03:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-07-02 19:34 - 2017-05-25 00:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-07-02 19:34 - 2017-03-04 01:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2017-07-02 19:34 - 2017-03-04 01:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-07-02 19:34 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-07-02 19:33 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll

2017-07-02 19:33 - 2017-06-03 05:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-07-02 19:33 - 2017-06-03 05:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-07-02 19:33 - 2017-06-03 05:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-07-02 19:33 - 2017-06-03 05:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-07-02 19:33 - 2017-06-03 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-07-02 19:33 - 2017-06-03 04:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-07-02 19:33 - 2017-06-03 04:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-07-02 19:33 - 2017-06-03 04:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-07-02 19:33 - 2017-06-03 04:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-07-02 19:33 - 2017-06-03 04:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-07-02 19:33 - 2017-06-03 04:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-07-02 19:33 - 2017-06-03 04:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2017-07-02 19:33 - 2017-06-03 04:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-07-02 19:33 - 2017-06-03 04:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-07-02 19:33 - 2017-06-03 04:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-07-02 19:33 - 2017-06-03 04:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-07-02 19:33 - 2017-06-03 04:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-07-02 19:33 - 2017-06-03 04:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-07-02 19:33 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-07-02 19:33 - 2017-06-03 04:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-07-02 19:33 - 2017-06-03 04:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-07-02 19:33 - 2017-06-03 04:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-07-02 19:33 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-07-02 19:33 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-07-02 19:33 - 2017-06-03 04:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-07-02 19:33 - 2017-06-03 04:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2017-07-02 19:33 - 2017-06-03 04:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-07-02 19:33 - 2017-06-03 04:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll

2017-07-02 19:33 - 2017-06-03 04:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll

2017-07-02 19:33 - 2017-06-03 04:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2017-07-02 19:33 - 2017-06-03 04:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll

2017-07-02 19:33 - 2017-06-03 04:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-07-02 19:33 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-07-02 19:33 - 2017-06-03 04:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-07-02 19:33 - 2017-06-03 04:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-07-02 19:33 - 2017-06-03 04:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-07-02 19:33 - 2017-06-03 04:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll

2017-07-02 19:33 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-07-02 19:33 - 2017-06-03 04:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2017-07-02 19:33 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-07-02 19:33 - 2017-06-03 04:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-07-02 19:33 - 2017-06-03 04:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-07-02 19:33 - 2017-06-03 04:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-07-02 19:33 - 2017-06-03 03:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

2017-07-02 19:33 - 2017-06-03 03:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-07-02 19:33 - 2017-06-03 03:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-07-02 19:33 - 2017-06-03 03:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-07-02 19:33 - 2017-06-03 03:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-07-02 19:33 - 2017-06-03 03:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2017-07-02 19:33 - 2017-06-03 03:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2017-07-02 19:33 - 2017-06-03 03:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-07-02 19:33 - 2017-06-03 03:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-07-02 19:33 - 2017-06-03 03:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-07-02 19:33 - 2017-06-03 03:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-07-02 19:33 - 2017-06-03 03:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-07-02 19:33 - 2017-06-03 03:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-07-02 19:33 - 2017-06-03 03:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-07-02 19:33 - 2017-06-03 03:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll

2017-07-02 19:33 - 2017-06-03 03:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-07-02 19:33 - 2017-06-03 03:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-07-02 19:33 - 2017-06-03 01:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls

2017-07-02 19:33 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-07-02 19:33 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2017-07-02 19:28 - 2017-07-02 19:28 - 00007130 _____ C:\junk.txt

2017-07-02 19:19 - 2017-07-03 10:22 - 00000878 _____ C:\WINDOWS\system32\InstallUtil.InstallLog

2017-07-02 19:19 - 2017-07-03 10:22 - 00000000 ____D C:\ProgramData\TinyWall

2017-07-02 19:19 - 2017-07-03 10:22 - 00000000 ____D C:\Program Files (x86)\TinyWall

2017-07-02 19:05 - 2017-07-02 19:05 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk

2017-07-02 19:05 - 2017-07-02 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2017-07-02 19:05 - 2017-07-02 19:05 - 00000000 ____D C:\Program Files\Speccy

2017-07-02 19:03 - 2017-07-02 19:04 - 06293184 _____ (Piriform Ltd) C:\Users\mel\Desktop\spsetup130.exe

2017-07-02 18:53 - 2017-07-03 14:27 - 00041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS

2017-07-02 18:51 - 2017-07-02 18:53 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\mel\Desktop\procexp.exe

2017-07-02 18:45 - 2017-07-02 18:45 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

2017-07-02 08:06 - 2017-07-03 15:15 - 02436096 _____ (Farbar) C:\Users\mel\Desktop\FRST64.exe

2017-07-02 07:49 - 2017-07-02 07:49 - 00448512 _____ (OldTimer Tools) C:\Users\mel\Downloads\TFC.exe

2017-07-02 07:25 - 2017-07-02 07:25 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys

2017-07-02 07:24 - 2017-07-02 07:24 - 00400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2017-07-02 07:11 - 2017-07-02 07:12 - 00000000 ____D C:\speedy fox

2017-07-02 07:11 - 2017-07-02 07:11 - 00000000 ____D C:\Users\mel\AppData\Roaming\CrystalIdea Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-03 15:15 - 2015-12-08 12:23 - 00000000 ____D C:\FRST

2017-07-03 15:14 - 2017-02-27 22:16 - 00000000 ____D C:\Users\mel

2017-07-03 14:38 - 2017-02-27 23:37 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-07-03 14:38 - 2017-02-27 22:27 - 00000000 ____D C:\Users\mel\AppData\Local\Packages

2017-07-03 14:37 - 2017-02-27 23:37 - 00000000 ___HD C:\Program Files\WindowsApps

2017-07-03 14:26 - 2017-02-27 22:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-07-03 14:12 - 2017-02-27 23:37 - 00000000 ____D C:\WINDOWS\rescache

2017-07-03 12:48 - 2017-05-29 09:06 - 00000000 ____D C:\Users\mel\AppData\Local\ElevatedDiagnostics

2017-07-03 12:39 - 2017-02-27 22:22 - 01330072 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-07-03 12:34 - 2017-02-27 22:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-07-03 12:33 - 2017-02-27 23:07 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2017-07-03 11:49 - 2017-02-27 23:11 - 00000000 ____D C:\ProgramData\TEMP

2017-07-03 11:47 - 2017-02-27 23:17 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-07-03 10:23 - 2017-02-27 23:07 - 00032768 _____ C:\WINDOWS\system32\config\ELAM

2017-07-03 10:21 - 2017-02-27 23:38 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{92C4C726-4C71-4BC2-9477-83D9F5AA6E47}

2017-07-03 09:30 - 2017-02-27 23:37 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-07-03 09:16 - 2017-02-27 23:35 - 00000000 ____D C:\WINDOWS\INF

2017-07-03 07:34 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-07-03 07:32 - 2017-02-27 22:01 - 00268936 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-07-02 20:13 - 2017-02-27 23:37 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-07-02 20:13 - 2017-02-27 23:37 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-07-02 20:13 - 2017-02-27 23:37 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-07-02 20:00 - 2017-03-02 19:30 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-07-02 19:57 - 2017-03-02 19:28 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-07-02 19:57 - 2017-02-27 23:16 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-07-02 19:55 - 2014-04-28 19:07 - 00000000 ___RD C:\Users\mel\Desktop\UTILITIES

2017-07-02 07:43 - 2017-03-05 18:30 - 00000000 ____D C:\Users\mel\AppData\Local\CrashDumps

2017-07-02 07:35 - 2017-01-23 12:29 - 00000000 ____D C:\DAD 2017

2017-07-02 07:33 - 2017-02-27 22:59 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1488254368

2017-07-02 07:32 - 2017-02-27 22:59 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2017-07-02 07:25 - 2017-02-27 22:56 - 00361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149899832379606

2017-07-02 07:24 - 2017-02-27 22:56 - 00198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2017-07-02 07:24 - 2017-02-27 22:56 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

2017-07-02 07:24 - 2017-02-27 22:52 - 00000000 ____D C:\ProgramData\AVAST Software

2017-07-02 07:23 - 2017-02-27 22:58 - 00041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2017-07-02 07:23 - 2017-02-27 22:56 - 01015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2017-07-02 07:23 - 2017-02-27 22:56 - 00343264 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys

2017-07-02 07:23 - 2017-02-27 22:56 - 00319984 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys

2017-07-02 07:23 - 2017-02-27 22:56 - 00198944 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys

2017-07-02 07:23 - 2017-02-27 22:56 - 00057704 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys

2017-07-02 07:15 - 2017-05-29 19:02 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft

2017-06-27 20:54 - 2017-02-27 22:48 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-06-27 20:54 - 2017-02-27 22:48 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-06-03 01:36 - 2017-02-27 23:40 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-06-03 01:36 - 2017-02-27 23:40 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-06-01 15:07 - 2017-06-01 15:07 - 0000017 _____ () C:\Users\mel\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-02 20:04

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01

Ran by mel (03-07-2017 15:18:04)

Running from C:\Users\mel\Desktop

Windows 10 Home Version 1607 (X64) (2017-02-28 03:26:47)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1930977450-1904899304-3597289394-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1930977450-1904899304-3597289394-503 - Limited - Disabled)

Guest (S-1-5-21-1930977450-1904899304-3597289394-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1930977450-1904899304-3597289394-1002 - Limited - Enabled)

mel (S-1-5-21-1930977450-1904899304-3597289394-1001 - Administrator - Enabled) => C:\Users\mel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)

Brother MFL-Pro Suite MFC-L2740DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

LibreOffice 5.3.0.3 (HKLM\...\{769A4A4C-3EBD-4469-B13B-5083F1C7717F}) (Version: 5.3.0.3 - The Document Foundation)

LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)

Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden

Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)

SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\mel\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\mel\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\mel\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)

ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)

ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BE5BF59-52DE-4E97-AB08-6AC206337510} - System32\Tasks\SafeZone scheduled Autoupdate 1488254368 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)

Task: {27371DC3-A84E-4762-9584-A388400AC5FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

Task: {8037B55F-49A9-4731-BF15-26E1A7BDC233} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

Task: {A0F10D3D-5045-4202-B13A-1DF935756E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-27] (Google Inc.)

Task: {BDBAF97D-ED50-4F49-927D-5739115BEBBC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)

Task: {C9410398-AFA3-47E2-9CAC-0CF88EBA4296} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-02] (AVAST Software)

Task: {CC5F0275-0DFB-494E-BE69-32A3985E4ABE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-07-02] (Microsoft Corporation)

Task: {F6748E67-7309-440F-B68E-B959A8210AD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-28 09:24 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-07-02 19:33 - 2017-06-03 05:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-09-18 16:34 - 2016-09-18 16:34 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2017-03-14 19:16 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2017-03-14 19:18 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-03-14 19:18 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-03-14 19:18 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2017-07-02 19:33 - 2017-06-03 03:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2017-07-02 19:33 - 2017-06-03 03:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2017-07-02 19:33 - 2017-06-03 03:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2017-03-14 19:18 - 2017-03-04 01:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll

2017-02-28 09:24 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-07-02 07:23 - 2017-07-02 07:23 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2017-07-02 07:23 - 2017-07-02 07:25 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\BRCOM13A.DLL:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [130]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]

AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]

AlternateDataStreams: C:\Users\mel\Desktop\Kids-Handprint-Valentine-Ideas-2-web.jpg:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\11780492_10153442721576168_1188463333_n.jpg:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\5-11-16 St Sheet1.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\attachments (1).zip:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\attachments.zip:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\BTFE_collectionsheet_50.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ChasingBoxTops.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ChristmasCard2015.doc:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\flights-of-fancy-two-doves-platinum-edition.exe:$CmdTcID [64]

AlternateDataStreams: C:\Users\mel\Downloads\flights-of-fancy-two-doves-platinum-edition.exe:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\Grandpa-80th-Birthday.docx:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\OpenHouse.docx:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ParentInformationNightSchedule1516Final.docx:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\PreschoolpressJanuary.doc:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\PublicLibrarySchedule20152016.docx:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\question.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\Releaseadcb874e-e7bc-4c12-808b-54c4dd233363_2194889.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ShirtRecycling.docx:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ValentinesDay_EN_25 (1).pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ValentinesDay_EN_25 (2).pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\ValentinesDay_EN_25.pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\Winter_HatsMittens25_English (1).pdf:$CmdZnID [26]

AlternateDataStreams: C:\Users\mel\Downloads\Winter_HatsMittens25_English.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-27 23:38 - 2017-02-27 23:32 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1930977450-1904899304-3597289394-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg

DNS Servers: 192.168.3.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F9431CE8-C002-49B1-BA3A-4DE77D470C1A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{935489F9-1CF6-4571-BD10-C3A927C9B6AF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [{8C6E7E33-C35A-4A0A-998E-26029A096CA3}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [{89B05E2F-4970-43B2-9A0D-F1AADDAA3B04}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

12-06-2017 12:19:52 Windows Update

02-07-2017 19:18:25 Installed TinyWall

==================== Faulty Device Manager Devices =============

Name: IDT High Definition Audio CODEC

Description: IDT High Definition Audio CODEC

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: IDT

Service: STHDA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (07/03/2017 12:20:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/03/2017 12:20:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Error: (07/02/2017 07:18:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

Error: (07/02/2017 07:05:45 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/02/2017 06:51:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2017 06:51:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2017 06:51:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2017 06:51:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mel-PC)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2017 06:45:26 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (07/02/2017 06:43:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:

The system cannot find the file specified.

System errors:

=============

Error: (07/03/2017 03:14:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2017 12:38:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

Error: (07/03/2017 12:22:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

Error: (07/03/2017 12:20:39 PM) (Source: DCOM) (EventID: 10010) (User: mel-PC)

Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.

Error: (07/03/2017 12:20:34 PM) (Source: DCOM) (EventID: 10010) (User: mel-PC)

Description: The server App.AppX85gcbw533amccd2rr8qswxymhfj649t2.mca did not register with DCOM within the required timeout.

Error: (07/03/2017 12:20:34 PM) (Source: DCOM) (EventID: 10010) (User: mel-PC)

Description: The server App.AppXxynx4ymh02h359j0hx8qs9hcm20wrw44.mca did not register with DCOM within the required timeout.

Error: (07/03/2017 12:20:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

Access is denied.

Error: (07/03/2017 12:20:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

Access is denied.

Error: (07/03/2017 12:18:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

Error: (07/03/2017 12:17:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

CodeIntegrity:

===================================

Date: 2017-07-02 07:34:09.507

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-02 07:33:35.394

Date: 2017-07-02 07:33:24.189

Date: 2017-07-02 07:33:23.695

Date: 2017-05-29 11:33:14.170

Date: 2017-05-29 11:23:57.472

Date: 2017-05-29 11:23:43.848

Date: 2017-05-29 10:12:53.315

Date: 2017-05-29 10:12:33.247

Date: 2017-05-29 09:46:34.694

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz

Percentage of memory in use: 31%

Total physical RAM: 3999.18 MB

Available physical RAM: 2727.15 MB

Total Virtual: 4703.18 MB

Available Virtual: 3441.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.15 GB) (Free:187.15 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 2169E425)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=219.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=836 MB) - (Type=27)

Partition 4: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#110
tl79

Posted 03 July 2017 - 02:30 PM

Member

Topic Starter
Member
186 posts

The battery probably lasts for 2-3 hours at best, depending on what's being run.

#111
RKinner

Posted 03 July 2017 - 02:44 PM

Malware Expert

Expert
24,625 posts

You might want to order a new battery. I've found several on Amazon at really good prices with good reviews.

Comodo did not completely uninstall

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#112
tl79

Posted 03 July 2017 - 02:56 PM

Member

Topic Starter
Member
186 posts

Can you give me a specific recommendation on a battery or Amazon link to consider? I'm pretty sure we bought the battery we're using now from Amazon relatively recently.

#113
tl79

Posted 03 July 2017 - 03:27 PM

Member

Topic Starter
Member
186 posts

Here's the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01

Ran by mel (03-07-2017 15:59:13) Run:2

Running from C:\Users\mel\Desktop

Loaded Profiles: mel (Available Profiles: mel)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CloseProcesses: