CMD: net stop wsearch
CMD: del "%programdata%\microsoft\search\data\applications\windows\Windows.edb.bak"
CMD: move "%programdata%\microsoft\search\data\applications\windows\Windows.edb" "%programdata%\microsoft\search\data\applications\windows\Windows.edb.bak"
CMD: net start wsearch
Task: C:\Windows\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\User\Downloads\adwcleaner_8.0.7.exe
Tcpip\Parameters: [DhcpNameServer] 208.94.176.20 208.94.176.18
Tcpip\..\Interfaces\{4CCC08B1-0B88-4386-B69A-DC66B11A4B2E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{738E4A8E-0197-4010-B90E-261B124F450C}: [DhcpNameServer] 208.94.176.20 208.94.176.18
FF Plugin HKU\S-1-5-21-1840220027-2706597275-992303726-1000: tdameritrade.com/thinkorswim -> C:\Users\User\AppData\Local\thinkorswim\npthinkorswim.dll [No File]
FF Plugin HKU\S-1-5-21-1840220027-2706597275-992303726-1000: tdameritrade.com/tossc -> C:\Users\User\AppData\Local\thinkorswim\nptossc.dll [No File]
U3 aswbdisk; no ImagePath
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath
888poker (HKLM-x32\...\{C70B2B8E-C7FE-46CB-9A5A-CCCFDB03649B}) (Version: 7.17.00033 - 888) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: