SafeSearch PUP and Browser Hijack

**TechnoDino** · 2015-12-10, 18:19

Again, not sure how, my computer is infected with the SearchSafe Malware. The omnibox search bar in Chrome will only use SafeSearch. This seems to be one tough piece of malware to remove. The following is all the initial requested initial scans (in no particular order).

Thanks

John

aka TechnoDino

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by John (administrator) on JOHN (09-12-2015 21:05:25)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Wamp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\Wamp\apache2\bin\httpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Apache Software Foundation) C:\Wamp\apache2\bin\httpd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe /noui
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.4.537\ASUSWSLoader.exe [63272 2015-10-12] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\Run: [appnhost] => C:\Users\John\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.4.537\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [1MegaSync0Synced] -> {A52C9916-2007-4C7F-A2D7-0C9612427BD2} => C:\Users\John\AppData\Local\MEGAsync\bin\o\mssoverlay.dll [2013-09-12] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MegaSync1Pended] -> {A34CE349-F239-4DA5-9551-4660962F6CD9} => C:\Users\John\AppData\Local\MEGAsync\bin\o\mspoverlay.dll [2013-09-12] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-12-09]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-12-09]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-12-09]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-09]
ShortcutTarget: MEGAsync.lnk -> C:\Users\John\AppData\Local\MEGAsync\bin\MEGAsync.exe (Mega Limited)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8a96babe-cb5d-48b4-ad72-832762343bf2}: [DhcpNameServer] 40.54.1.18
Tcpip\..\Interfaces\{9db2bf17-d35c-4524-a632-3c674da021de}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-246760859-398526146-1931071061-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-12-09] (McAfee)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-01] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-12-09] (McAfee)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-01] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-12-09] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-12-09] (McAfee)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-246760859-398526146-1931071061-1001: @citrixonline.com/appdetectorplugin -> C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-20] (Citrix Online)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\searchplugins\McSiteAdvisor.xml [2015-12-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF Extension: Avira Browser Safety - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\Extensions\abs@avira.com [2015-12-07] [not signed]
FF Extension: Ghostery - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\Extensions\firefox@ghostery.com.xpi [2015-12-07]
FF Extension: Privacy Badger - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2015-12-07]
FF Extension: McAfee SafeKey - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-12-09] [not signed]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-07]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-08-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-11-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3ER5j3l5.default\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-23] [not signed]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> d
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-08]
CHR Extension: (McAfee SafeKey) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-12-09]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2015-12-08]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-08]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08]
CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-08]
CHR Extension: (Print this page with CleanPrint) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-12-08]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-08]
CHR Extension: (History Eraser) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2015-12-08]
CHR Extension: (History Eraser App) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2015-12-08]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-08]
CHR Extension: (Ghostery) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-08]
CHR Extension: (Click&Clean App) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-12-08]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08]
CHR Extension: (Privacy Badger) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2015-12-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-246760859-398526146-1931071061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-12-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSWinService.exe [71168 2014-11-06] (ASUS Cloud Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-06] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics Co., Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 wampstackApache; C:\Wamp\apache2\bin\httpd.exe [22528 2015-07-12] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Wamp\mysql\bin\mysqld.exe [11053568 2015-07-14] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
U5 vrvd5; C:\Windows\System32\Drivers\vrvd5.sys [13344 2015-05-08] (Rsupport Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aswMBR; C:\Users\John\AppData\Local\Temp\aswMBR.sys [62728 2015-12-09] () [File not signed]
U3 aswVmm; C:\Users\John\AppData\Local\Temp\aswVmm.sys [224896 2015-12-09] ()
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-09 20:01 - 2015-12-09 20:01 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-12-09 19:43 - 2015-12-09 19:43 - 00016148 _____ C:\WINDOWS\system32\JOHN_John_HistoryPrediction.bin
2015-12-09 17:13 - 2015-12-09 21:04 - 00000000 ____D C:\Users\John\Desktop\Removal
2015-12-09 17:04 - 2015-12-09 21:06 - 00031106 _____ C:\Users\John\Desktop\FRST.txt
2015-12-09 17:04 - 2015-12-09 21:05 - 00000000 ____D C:\FRST
2015-12-09 16:57 - 2015-12-09 17:15 - 05198336 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2015-12-09 16:56 - 2015-12-09 17:04 - 02369024 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-12-09 16:46 - 2015-12-09 19:01 - 01599336 _____ (Malwarebytes) C:\Users\John\Desktop\JRT.exe
2015-12-09 16:04 - 2015-12-09 16:39 - 00000000 ____D C:\Users\John\AppData\LocalLow\SafeKey
2015-12-09 16:04 - 2015-12-09 16:14 - 00000000 ____D C:\Program Files (x86)\SafeKey
2015-12-08 20:44 - 2015-12-08 20:44 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2015-12-08 19:32 - 2015-12-09 20:01 - 00002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 19:32 - 2015-12-08 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-08 19:30 - 2015-12-09 20:35 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 19:30 - 2015-12-09 19:35 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-08 19:30 - 2015-12-08 19:30 - 00927824 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup.exe
2015-12-08 19:30 - 2015-12-08 19:30 - 00003962 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-08 19:30 - 2015-12-08 19:30 - 00003730 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-07 20:30 - 2015-12-07 20:30 - 00000000 ____D C:\Users\John\New folder
2015-12-07 19:38 - 2015-12-07 20:03 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2015-12-03 10:09 - 2015-12-03 10:09 - 38390188 _____ C:\Users\John\Downloads\Samsung M2070 Manual.pdf
2015-12-03 09:57 - 2015-12-03 09:57 - 24708972 _____ C:\Users\John\Downloads\M2070_V3.00.01.22.zip
2015-12-03 09:56 - 2015-12-03 10:11 - 10642432 _____ (Samsung Electronics Co., Ltd.) C:\Users\John\Downloads\PCFax_V1.11.28.exe
2015-12-02 15:30 - 2015-12-02 15:31 - 00000000 ____D C:\Users\John\AppData\Local\Foxit PhantomPDF
2015-12-02 12:33 - 2015-12-02 12:33 - 00000000 ____D C:\Users\John\Downloads\ideaChef
2015-12-02 12:28 - 2015-12-02 12:43 - 00000000 ____D C:\Users\John\Downloads\PDE_2_Proposals
2015-12-02 10:58 - 2015-11-16 12:32 - 00919040 _____ (Farbar) C:\WINDOWS\mod_frst.exe
2015-11-29 23:34 - 2015-11-29 23:34 - 00282624 _____ C:\Users\John\Downloads\appnhost.msi
2015-11-27 21:25 - 2015-12-08 19:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Foxit Software
2015-11-27 21:18 - 2015-12-02 14:57 - 00000000 ____D C:\Users\John\Desktop\Holiday Images
2015-11-25 20:46 - 2015-12-09 17:00 - 318353758 _____ C:\Users\John\Desktop\AllMyNotes.ddb
2015-11-25 20:18 - 2015-12-09 20:01 - 00001187 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2015-11-25 20:18 - 2015-11-25 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-11-25 20:15 - 2015-11-25 20:18 - 00000000 ____D C:\Program Files\LibreOffice 5
2015-11-25 14:44 - 2015-11-25 14:44 - 00000000 _____ C:\WINDOWS\system32\SBRC.dat
2015-11-25 14:04 - 2015-11-25 19:53 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-11-25 14:04 - 2015-11-25 14:04 - 00000000 ____D C:\Program Files (x86)\iS3
2015-11-25 13:41 - 2015-11-25 13:41 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-25 13:18 - 2015-11-23 20:37 - 00001431 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151125-131803.backup
2015-11-23 22:27 - 2015-11-23 22:27 - 00001951 _____ C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-11-23 22:26 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-11-23 22:25 - 2015-11-23 22:25 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-11-23 22:25 - 2015-11-23 22:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-23 22:25 - 2015-11-23 22:25 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-11-23 22:23 - 2015-11-23 22:23 - 00000000 ____D C:\Program Files\McAfee.com
2015-11-23 22:22 - 2015-12-08 20:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-23 22:22 - 2015-11-23 22:26 - 00000000 ____D C:\Program Files\McAfee
2015-11-23 22:22 - 2015-11-23 22:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-23 22:18 - 2015-11-24 19:22 - 00000000 ____D C:\ProgramData\McAfee
2015-11-23 22:18 - 2015-11-23 22:25 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-23 22:18 - 2015-07-31 12:33 - 00254792 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-11-23 21:58 - 2015-11-24 19:48 - 00000000 ____D C:\Users\John\AppData\Local\LogMeIn Rescue Applet
2015-11-23 20:48 - 2015-11-23 20:48 - 00003298 _____ C:\WINDOWS\System32\Tasks\{76248857-E513-4734-B019-700E5104411D}
2015-11-23 20:24 - 2015-11-23 20:24 - 00000248 _____ C:\rescue.info
2015-11-22 22:25 - 2015-11-22 22:25 - 00047504 _____ C:\Users\John\Desktop\2015_11_22_Comments on IdeaChef sent to Rui.pdf
2015-11-21 21:44 - 2015-11-21 21:44 - 00000000 ____D C:\Program Files\Logitech
2015-11-21 21:00 - 2015-11-04 23:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-21 21:00 - 2015-11-04 22:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-21 21:00 - 2015-11-04 22:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-21 21:00 - 2015-11-04 21:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-21 20:59 - 2015-11-04 23:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-21 20:59 - 2015-11-04 22:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-21 20:59 - 2015-11-04 22:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-21 20:59 - 2015-11-04 22:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-21 20:59 - 2015-11-04 21:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-21 20:59 - 2015-11-04 21:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-21 20:59 - 2015-11-04 21:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-21 20:59 - 2015-11-04 21:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-21 20:59 - 2015-11-04 21:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-21 20:59 - 2015-11-04 21:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-21 20:58 - 2015-11-04 23:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-21 20:58 - 2015-11-04 23:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-21 20:58 - 2015-11-04 23:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-21 20:58 - 2015-11-04 22:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-21 20:58 - 2015-11-04 22:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-21 20:58 - 2015-11-04 22:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-21 20:58 - 2015-11-04 21:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-21 20:58 - 2015-11-04 21:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-21 20:57 - 2015-11-04 23:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-21 20:57 - 2015-11-04 22:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-21 20:57 - 2015-11-04 21:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-21 20:57 - 2015-11-04 21:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-21 20:57 - 2015-11-04 21:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-21 20:56 - 2015-11-04 22:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-21 20:56 - 2015-11-04 22:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-21 20:56 - 2015-11-04 22:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-21 20:56 - 2015-11-04 22:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-21 20:56 - 2015-11-04 22:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-21 20:56 - 2015-11-04 22:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-21 20:56 - 2015-11-04 22:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-21 20:56 - 2015-11-04 22:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-21 20:56 - 2015-11-04 22:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-21 20:56 - 2015-11-04 21:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-21 20:55 - 2015-11-04 22:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-21 20:55 - 2015-11-04 22:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-21 20:55 - 2015-11-04 21:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-21 20:55 - 2015-11-04 21:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-21 20:55 - 2015-11-04 21:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-21 20:55 - 2015-11-04 21:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-21 20:55 - 2015-11-04 21:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-21 20:55 - 2015-11-04 21:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-21 20:54 - 2015-11-04 23:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-21 20:54 - 2015-11-04 22:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-21 20:54 - 2015-11-04 22:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-21 20:54 - 2015-11-04 22:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-21 20:53 - 2015-11-04 23:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-21 20:53 - 2015-11-04 22:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-21 20:53 - 2015-11-04 22:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-21 20:53 - 2015-11-04 21:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-21 18:23 - 2015-11-21 18:23 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-21 18:17 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.016
2015-11-21 18:11 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.015
2015-11-21 18:11 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.014
2015-11-21 18:11 - 2015-11-21 18:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-11-21 18:11 - 2015-11-21 18:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2015-11-21 18:11 - 2015-11-21 18:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-11-21 18:11 - 2015-11-21 18:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2015-11-21 18:00 - 2015-11-23 20:50 - 00000000 ____D C:\Users\TEMP.john
2015-11-21 18:00 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.012
2015-11-21 18:00 - 2015-11-21 18:00 - 00000000 ____D C:\Users\Administrator.john.013
2015-11-16 13:56 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.011
2015-11-16 12:38 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.010
2015-11-16 12:09 - 2015-11-23 20:50 - 00000000 ____D C:\Users\TEMP
2015-11-16 12:09 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.009
2015-11-16 12:08 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.008
2015-11-16 11:53 - 2015-12-09 18:57 - 00000000 ____D C:\Users\Administrator.john.007
2015-11-16 11:41 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.005
2015-11-16 11:41 - 2015-11-16 11:41 - 00000000 ____D C:\Users\Administrator.john.006
2015-11-16 11:31 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.004
2015-11-16 11:19 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.003
2015-11-16 11:17 - 2015-11-16 11:17 - 00012920 ____N C:\bootsqm.dat
2015-11-16 11:17 - 2015-11-16 11:17 - 00000000 __SHD C:\found.000
2015-11-13 22:39 - 2015-11-16 13:14 - 00057344 _____ C:\WINDOWS\system32\config\sam.lbk
2015-11-13 21:39 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.002
2015-11-13 21:27 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.001
2015-11-13 20:59 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john.000
2015-11-13 20:59 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator.john
2015-11-13 20:41 - 2015-11-21 18:11 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2015-11-13 20:40 - 2015-11-23 20:50 - 00000000 ____D C:\Users\Administrator

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-09 20:49 - 2014-11-20 11:55 - 00000566 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-246760859-398526146-1931071061-1001.job
2015-12-09 20:19 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-09 20:07 - 2015-06-08 16:42 - 00000662 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-246760859-398526146-1931071061-1001.job
2015-12-09 20:02 - 2015-11-04 16:33 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-12-09 20:02 - 2015-10-01 19:43 - 00001450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-12-09 20:02 - 2015-07-30 12:20 - 00002367 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-09 20:02 - 2015-07-30 11:38 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-09 20:02 - 2015-06-29 10:30 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2015-12-09 20:02 - 2015-06-29 09:53 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-09 20:02 - 2015-06-29 09:53 - 00002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif DrawPlus X6.lnk
2015-12-09 20:02 - 2015-06-29 09:37 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif WebPlus X7.lnk
2015-12-09 20:01 - 2015-11-04 16:33 - 00001072 _____ C:\Users\Public\Desktop\ownCloud.lnk
2015-12-09 20:01 - 2015-11-04 11:36 - 00001778 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-09 20:01 - 2015-10-28 15:53 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-09 20:01 - 2015-10-22 17:34 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-09 20:01 - 2015-10-21 17:10 - 00001346 _____ C:\Users\Public\Desktop\WebStorage.lnk
2015-12-09 20:01 - 2015-10-07 09:18 - 00000506 _____ C:\Users\John\Desktop\Notepad_F.lnk
2015-12-09 20:01 - 2015-10-01 19:43 - 00001444 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-12-09 20:01 - 2015-10-01 19:38 - 00001162 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2015-12-09 20:01 - 2015-09-17 17:02 - 00002064 _____ C:\Users\Public\Desktop\NetBeans IDE 8.0.2.lnk
2015-12-09 20:01 - 2015-08-26 12:04 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-09 20:01 - 2015-08-12 09:03 - 00002168 _____ C:\Users\John\Desktop\AllMyNotes Organizer.lnk
2015-12-09 20:01 - 2015-08-03 18:29 - 00001160 _____ C:\Users\John\Desktop\MEGAsync.lnk
2015-12-09 20:01 - 2015-07-29 11:10 - 00002008 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-12-09 20:01 - 2015-07-23 08:24 - 00001087 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-12-09 20:01 - 2015-06-29 10:30 - 00000900 _____ C:\Users\Public\Desktop\UltraDefrag.lnk
2015-12-09 20:01 - 2014-11-14 19:22 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-09 19:09 - 2015-10-28 15:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-09 19:03 - 2015-07-10 03:05 - 00000000 ____D C:\Windows
2015-12-09 17:55 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-09 17:31 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-09 16:04 - 2015-10-14 15:03 - 00000000 ____D C:\Users\John\Downloads\Stuff to Install
2015-12-09 16:03 - 2015-10-22 17:34 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2015-12-09 14:48 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 12:00 - 2015-05-13 16:10 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-12-09 12:00 - 2015-05-13 16:10 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-12-08 20:47 - 2015-07-30 11:49 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-08 20:47 - 2015-07-10 05:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-08 20:46 - 2014-10-25 20:18 - 00000000 ____D C:\Users\John\AppData\Roaming\WebStorage
2015-12-08 20:40 - 2015-10-21 17:37 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-12-08 20:39 - 2015-07-30 12:05 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2015-12-08 20:39 - 2015-07-30 11:27 - 00000000 ____D C:\Users\John
2015-12-08 20:38 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-08 20:34 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-08 19:32 - 2014-10-26 06:56 - 00000000 ____D C:\Users\John\AppData\Local\Google
2015-12-08 19:31 - 2014-10-26 06:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-08 19:20 - 2015-08-21 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-07 20:09 - 2015-06-08 16:42 - 00003804 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-246760859-398526146-1931071061-1001
2015-12-07 20:09 - 2014-11-20 11:55 - 00003708 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-246760859-398526146-1931071061-1001
2015-12-07 19:59 - 2014-10-31 14:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-07 19:49 - 2014-10-31 14:06 - 145617392 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-07 19:42 - 2015-07-10 03:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-07 19:38 - 2014-10-28 09:28 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2015-12-03 15:27 - 2015-10-15 10:15 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-02 12:32 - 2015-07-17 19:48 - 00000000 ____D C:\Users\John\Downloads\AllMyNotes
2015-11-30 18:32 - 2015-07-10 05:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:32 - 2015-07-10 05:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 03:36 - 2015-07-10 06:20 - 00428592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-27 03:35 - 2015-07-10 03:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-27 03:31 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-25 20:03 - 2015-08-03 19:30 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-25 13:51 - 2014-10-26 06:54 - 00000000 __SHD C:\Users\John\AppData\Local\EmieUserList
2015-11-25 13:51 - 2014-10-26 06:54 - 00000000 __SHD C:\Users\John\AppData\Local\EmieSiteList
2015-11-25 13:48 - 2015-10-28 15:27 - 00000000 ____D C:\AdwCleaner
2015-11-25 13:42 - 2014-11-19 19:29 - 00000000 ____D C:\ProgramData\TEMP
2015-11-25 13:41 - 2015-07-23 08:24 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-25 13:35 - 2014-10-25 20:12 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2015-11-25 13:33 - 2015-07-10 05:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 13:15 - 2014-11-01 10:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-24 19:22 - 2015-01-18 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-23 22:36 - 2014-11-17 20:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Samsung
2015-11-23 22:24 - 2015-07-10 05:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-23 20:50 - 2013-08-22 07:36 - 00000000 ____D C:\Users\Default.migrated
2015-11-21 21:55 - 2014-10-25 20:17 - 00000000 __RDO C:\Users\John\OneDrive
2015-11-21 21:45 - 2014-11-20 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-11-21 21:45 - 2014-11-20 09:40 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-11-21 21:44 - 2014-11-20 09:40 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-13 20:41 - 2014-10-26 10:48 - 00000000 __RHD C:\Users\Public\AccountPictures

==================== Files in the root of some directories =======

2014-12-03 16:46 - 2015-12-09 16:14 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-31 16:09 - 2015-01-31 16:09 - 0001279 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2015-08-27 08:17 - 2015-08-27 08:17 - 0007605 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-07-30 11:21 - 2015-07-30 11:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 16:51 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\FoxitUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-09 14:22

==================== End of FRST.txt ============================

**Juliet** · 2015-12-11, 00:33

There should had been a Addition.txt produced the same time the FRST log was created.
I can see a few things we can handle now, run a couple of tools then we will run FRST again.

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

~~~~~~~~~~`

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~`

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

*****
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

**TechnoDino** · 2015-12-12, 06:38

Juliet: Glad to be working with you on this issue. You helped me once before and IMO you are the best. I also included the Addition.txt from the first FRST scan at the bottom of these reports.

# AdwCleaner v5.024 - Logfile created 11/12/2015 at 22:34:13
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : John - JOHN
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.safesear.ch
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bpphkkgodbfncbcpgopijlfakfgmclao

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1258 bytes] ##########

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by John (2015-12-11 21:51:28) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
IFEO\apnmcp.exe: [Debugger] tasklist.exe
IFEO\AppIntegrator64.exe: [Debugger] tasklist.exe
IFEO\brs.exe: [Debugger] tasklist.exe
IFEO\bservice.exe: [Debugger] tasklist.exe
IFEO\bservice64.exe: [Debugger] tasklist.exe
IFEO\cltmng.exe: [Debugger] tasklist.exe
IFEO\cltmngui.exe: [Debugger] tasklist.exe
IFEO\DatamngrUI.exe: [Debugger] tasklist.exe
IFEO\dsrlte.exe: [Debugger] tasklist.exe
IFEO\DTUpdate.exe: [Debugger] tasklist.exe
IFEO\ExtensionUpdaterService.exe: [Debugger] tasklist.exe
IFEO\FrameworkEngine.exe: [Debugger] tasklist.exe
IFEO\HpUI.exe: [Debugger] tasklist.exe
IFEO\IdcLdr.exe: [Debugger] tasklist.exe
IFEO\IdcLdr_x64.exe: [Debugger] tasklist.exe
IFEO\IMGUpdater.exe: [Debugger] tasklist.exe
IFEO\keepmysettingsx.exe: [Debugger] tasklist.exe
IFEO\Loader32.exe: [Debugger] tasklist.exe
IFEO\Loader64.exe: [Debugger] tasklist.exe
IFEO\loggingserver.exe: [Debugger] tasklist.exe
IFEO\Lrcnta.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsService.exe: [Debugger] tasklist.exe
IFEO\PastaLeadsWinApp.exe: [Debugger] tasklist.exe
IFEO\patch_ff.exe: [Debugger] tasklist.exe
IFEO\PluginService.exe: [Debugger] tasklist.exe
IFEO\ProtectWindowsManager.exe: [Debugger] tasklist.exe
IFEO\SafeFinder.exe: [Debugger] tasklist.exe
IFEO\searcharmor.exe: [Debugger] tasklist.exe
IFEO\search_protect.exe: [Debugger] tasklist.exe
IFEO\smu.exe: [Debugger] tasklist.exe
IFEO\spbiu.exe: [Debugger] tasklist.exe
IFEO\srptm.exe: [Debugger] tasklist.exe
IFEO\srpts.exe: [Debugger] tasklist.exe
IFEO\srptsl.exe: [Debugger] tasklist.exe
IFEO\SystemkService.exe: [Debugger] tasklist.exe
IFEO\SystemSockets.exe: [Debugger] tasklist.exe
IFEO\TBNotifier.exe: [Debugger] tasklist.exe
IFEO\TNT2User.exe: [Debugger] tasklist.exe
IFEO\Toolbar.exe: [Debugger] tasklist.exe
IFEO\ToolbarUpdater.exe: [Debugger] tasklist.exe
IFEO\vprot.exe: [Debugger] tasklist.exe
IFEO\wb.exe: [Debugger] tasklist.exe
IFEO\YTDownloader.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apnmcp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AppIntegrator64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brs.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bservice64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmng.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dsrlte.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DTUpdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ExtensionUpdaterService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FrameworkEngine.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HpUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IdcLdr_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\IMGUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keepmysettingsx.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Loader64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\loggingserver.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Lrcnta.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PastaLeadsWinApp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\patch_ff.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PluginService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProtectWindowsManager.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SafeFinder.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searcharmor.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\search_protect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\smu.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spbiu.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srpts.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\srptsl.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemkService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SystemSockets.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TBNotifier.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TNT2User.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Toolbar.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ToolbarUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vprot.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wb.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\YTDownloader.exe" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
EmptyTemp: => 1.1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:53:33 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by John (Administrator) on 12/11/2015 at 22:50:07.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\John\AppData\Roaming\sp_data.sys (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2015 at 22:56:22.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by John (2015-12-09 21:07:31)
Running from C:\Users\John\Desktop
Windows 10 Home (X64) (2015-07-30 18:03:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-246760859-398526146-1931071061-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-246760859-398526146-1931071061-503 - Limited - Disabled)
Guest (S-1-5-21-246760859-398526146-1931071061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-246760859-398526146-1931071061-1003 - Limited - Enabled)
John (S-1-5-21-246760859-398526146-1931071061-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 3.12 - Vladonai Software)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 5.5.29-1) (Version: 5.5.29-1 - Bitnami)
Bitnami WordPress Module (HKLM-x32\...\Bitnami WordPress Module 4.3.1-0) (Version: 4.3.1-0 - Bitnami)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FastStone Photo Resizer 3.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.3 - FastStone Soft.)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
Git version 2.5.0 (HKLM\...\Git_is1) (Version: 2.5.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.7.0.4062 (HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\GoToMeeting) (Version: 7.7.0.4062 - CitrixOnline)
HTMLcolor (HKLM-x32\...\HTMLcolor_is1) (Version: 2.0.2 - Bluefive software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
LibreOffice 5.0.3.2 (HKLM\...\{F6536765-3E8F-4D1E-9833-0A89F4681D79}) (Version: 5.0.3.2 - The Document Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
MEGAsync version 0.22 (HKLM-x32\...\{0D9D8D21-47AB-4ECB-862F-6728EE3DC7D4}_is1) (Version: 0.22 - Mega Limited)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.2.5569 - ownCloud)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.79.00(3/26/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.21 (7/2/2015) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series XPS (Windows 8) (HKLM-x32\...\Samsung M2070 Series XPS (Windows 8)) (Version: 3.03.08.00:05 - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.28 (3/10/2015) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.12 (10/15/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Serif DrawPlus X6 (HKLM\...\{8A8AB2D3-53DE-4A65-8D35-68A09AA1AD7A}) (Version: 13.0.3.26 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
SetIP (HKLM-x32\...\SetIP) (Version: 1.05.08.00 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.4 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tixati (HKLM-x32\...\tixati) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.4.537 - ASUS Cloud Corporation)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass (12/03/2012 1.3.1000.00000) (HKLM\...\1AE83188214F7A553BC5B719D4D7F6AACB767195) (Version: 12/03/2012 1.3.1000.00000 - Amazon.com)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-246760859-398526146-1931071061-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-246760859-398526146-1931071061-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-246760859-398526146-1931071061-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\John\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

24-11-2015 21:19:42 Windows Update
29-11-2015 21:18:19 Windows Update
03-12-2015 14:59:59 Windows Update
07-12-2015 19:40:20 Windows Update
09-12-2015 19:02:05 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-11-25 13:18 - 00451264 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15487 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {057EB422-4F93-48B3-AB90-EC97FA11D6C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-08] (Google Inc.)
Task: {0699BFFC-E5F9-4B12-9E27-F6AA357C4F45} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {14E7860D-EC27-4F21-89CC-FEE16095F813} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {19D377E1-54A8-4605-90C1-060DE29FE63C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2036310C-760C-4365-B1A3-467B422E1169} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {209ECABB-9FF2-4ADB-9E25-D8087FDDAEF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2E83C718-4C80-4D01-BC5E-51BFA0902082} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2EE9F184-1F1A-4883-8D19-4C7B09F630D7} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {341B207B-A080-4999-BD90-9204BFAF108C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3AAF283E-D135-4400-AA7A-CC0CC6FCCD70} - System32\Tasks\{76248857-E513-4734-B019-700E5104411D} => pcalua.exe -a "C:\Program Files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe" -c /uninstall
Task: {3E4CB369-DB1E-4802-9990-EFDF284F73CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4AF8D7EA-2E09-4A27-9BBA-B6860C1802F4} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {4F2C72D1-8C13-4B26-A2F4-7F200278DA25} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {5A83B6AF-8B09-4C26-B114-238F763C166B} - System32\Tasks\{7168F600-7F53-4C88-AE50-3C922F680C9E} => pcalua.exe -a "C:\Users\John\Downloads\FireUpgrade\Kindle APKs\Kindle_Fire_HD_ADB_Drivers\Kindle Fire ADB drivers.exe"
Task: {5C882248-82A8-4CE5-8B0C-B416120C71DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {617C1518-6D42-42B0-9A49-BB39CC9F1D2B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64BF16EE-EB7E-4C72-8F82-62F17EDFC314} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-07] (Microsoft Corporation)
Task: {69A00D3A-C6A8-48C7-A134-FA82BB71E1E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-08] (Google Inc.)
Task: {7286912B-42B3-49FA-868E-B6B84D11D412} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {880C9155-FA97-4147-9023-3E43DF032582} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8CA0D749-D60B-4D99-92C1-A477514E183A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {95407538-104E-493F-94EE-A1D1A232E288} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {95BA1A4B-8EF8-4F3A-825D-C78CCB5CD491} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {9CB50038-BFBF-41EC-8D5D-6A0D18DF4D29} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A2FA5687-42B0-4793-A123-F54E74446EE5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)
Task: {A3653285-A498-490C-ADE2-6755793EFB07} - System32\Tasks\G2MUploadTask-S-1-5-21-246760859-398526146-1931071061-1001 => C:\Users\John\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A3A77D48-DD4B-4187-969A-4D779E7BB997} - System32\Tasks\Component System\Component => C:\Users\John\AppData\Local\ComponentG\com.exe
Task: {AB0A333E-5A51-47AD-95AE-21D284A07D28} - System32\Tasks\G2MUpdateTask-S-1-5-21-246760859-398526146-1931071061-1001 => C:\Users\John\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe [2015-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BDCC87BB-3018-4668-A83C-F33357599358} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D01A136A-D7A7-4845-83A2-5EDFE68DF7EB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {D043B4B2-0B6A-4752-88B6-0F17F9E8BAAD} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {F20CC4D0-8E66-48D1-B2A2-97E508F26C2A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {F8742EC6-565B-4E74-B30C-02A5C279DBA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FE2F98AE-1EAB-4A97-8D25-C64D5D0FF37A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-246760859-398526146-1931071061-1001.job => C:\Users\John\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-246760859-398526146-1931071061-1001.job => C:\Users\John\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-30 14:10 - 2015-07-30 14:10 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-03 18:37 - 2015-06-11 07:58 - 00022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2015-08-03 18:38 - 2014-04-16 02:22 - 00029184 _____ () C:\WINDOWS\System32\usp02l.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-30 17:32 - 2015-07-14 17:58 - 11053568 _____ () C:\Wamp\mysql\bin\mysqld.exe
2015-09-30 17:11 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:11 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 08:13 - 2014-05-01 08:13 - 00470016 _____ () C:\Users\John\AppData\Local\MEGAsync\ShellExtX64.dll
2015-07-09 11:32 - 2015-07-09 11:32 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-08-03 18:39 - 2013-10-03 22:53 - 00734720 _____ () C:\WINDOWS\system32\SnMinDrv.dll
2014-11-17 19:58 - 2015-06-10 00:18 - 00087552 ____N () C:\WINDOWS\system32\SSDEVM64.DLL
2015-09-30 17:10 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 17:28 - 2015-12-09 17:28 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-09 17:28 - 2015-12-09 17:28 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-21 21:32 - 2015-11-21 21:33 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-01 19:43 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-01 19:43 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-01 19:43 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-30 17:32 - 2015-06-05 04:54 - 00404992 _____ () C:\Wamp\apache2\bin\pcre.dll
2015-09-30 17:32 - 2013-07-08 06:17 - 00068608 _____ () C:\Wamp\apache2\bin\zlib1.dll
2015-09-30 17:33 - 2015-09-02 18:11 - 00128512 _____ () C:\Wamp\php\libpq.dll
2015-09-30 17:42 - 2015-09-02 18:11 - 00166912 _____ () C:\Wamp\apache2\bin\libssh2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12683 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-246760859-398526146-1931071061-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-246760859-398526146-1931071061-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DF48AFB1-E8BC-4B35-B2AB-C8EA3BF85D92}] => (Allow) C:\Windows\system32\spool\drivers\x64\3\NetFaxMon64.exe
FirewallRules: [{C0081615-8B82-4349-B664-C1ABE10F9CB3}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{B6E53A63-6D55-4A66-83F8-00C2DDDA896B}] => (Allow) C:\Program Files (x86)\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{5203E50D-BF90-4501-815C-088737974141}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{8690DB81-3F20-4413-8158-32BEDF63F1BD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{6C9FE16C-A20E-4AF1-BF5D-9FD79BD44014}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{4C6876D9-78F1-457F-9164-A31B23DE91BD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{C00CD176-94B6-4C88-8B43-3A424DD7158D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{802CECC7-0865-45C7-B278-35EACC5912A1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9EC03E2A-99A2-47F1-8F2F-0373B6E1480B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{494558AD-2FE4-4442-93DA-FCA00F782095}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6A9C6EAB-FE80-414E-A1D4-D0633F34FAE5}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{CF35A703-7787-49A8-8DE2-7083D8AB553B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{D90A1505-927A-49C5-BFE7-F5DFC3C77EE7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{B72733E8-AA28-473E-95E7-A1940387B4C8}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{177D9F3F-A2AB-44EA-945F-D6F00CB3FF49}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9F5F3CEF-5C44-4E27-87D3-0611D27AA7BD}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{3C59CB94-D724-42B7-A43E-1AF2BF311575}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{A89E38B4-E12C-4DDC-A576-3B6DCDD05E0D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DCB261EB-BEA5-41E7-B064-28A17864F70C}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{136F0326-6F99-4A52-9899-B743223C7029}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{B86F7A27-B66A-426E-B062-678FBF0BDDDB}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{AD1F3D22-8110-4F13-B73E-2F487556A912}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{18F0CCF8-D53C-400A-B784-2E4763328592}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{839DA4E2-D743-4875-8253-7122DA550655}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [TCP Query User{1F5FFAE7-435C-49CD-AE63-5EAFEEFFC7D7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B654890B-54EB-4F6B-B100-4054513FC12C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9F7774B2-BB48-4395-8212-440EF1E908C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{93C3A607-E62E-4938-8D40-BA8D93641E53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53BC7898-B9BD-4552-B1F6-49345F679EDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B287ACB-4766-4D20-9335-3D2B73EC320A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31B1A850-97D2-4D2D-B26E-97452C907921}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{47B60FFD-807F-45A9-8939-435CE110D322}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{7C6A3064-C08F-4A46-8090-B0B7FBD0AEBE}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{F355502F-F6D8-4CE8-A5DC-43CDC430693C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: USB Receiver
Description: USB Receiver
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2015 07:03:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/09/2015 07:02:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/09/2015 11:21:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AllMyNotes.exe version 3.12.0.797 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b14

Start Time: 01d132a5d9da7803

Termination Time: 37

Application Path: C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe

Report Id: 4b86d4ff-9e99-11e5-82b2-382c4a83d655

Faulting package full name:

Faulting package-relative application ID:

Error: (12/09/2015 11:15:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:45:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:45:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:40:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:16:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:16:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (12/08/2015 08:16:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

System errors:
=============
Error: (12/09/2015 09:10:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:10:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:09:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (12/09/2015 09:09:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (12/09/2015 09:09:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:09:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:09:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (12/09/2015 09:09:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:09:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (12/09/2015 09:09:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
Percentage of memory in use: 36%
Total physical RAM: 3982.69 MB
Available physical RAM: 2514.09 MB
Total Virtual: 4686.69 MB
Available Virtual: 2282.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:383.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (AMNBACKUP) (Removable) (Total:14.9 GB) (Free:11.9 GB) FAT32
Drive z: ( Z) (Removable) (Total:124.99 GB) (Free:124.98 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 125 GB) (Disk ID: FA2CB833)
Partition 1: (Active) - (Size=125 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Originally Posted by Juliet

There should had been a Addition.txt produced the same time the FRST log was created.
I can see a few things we can handle now, run a couple of tools then we will run FRST again.

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

~~~~~~~~~~`

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

Juliet: I'm so glad you are helping me on thisa issues. I have worked with you before & your are the best.

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~`

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

*****
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

**Juliet** · 2015-12-12, 13:14

Thank you!

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
Task: {0699BFFC-E5F9-4B12-9E27-F6AA357C4F45} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {14E7860D-EC27-4F21-89CC-FEE16095F813} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {19D377E1-54A8-4605-90C1-060DE29FE63C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {209ECABB-9FF2-4ADB-9E25-D8087FDDAEF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2E83C718-4C80-4D01-BC5E-51BFA0902082} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {341B207B-A080-4999-BD90-9204BFAF108C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3E4CB369-DB1E-4802-9990-EFDF284F73CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {617C1518-6D42-42B0-9A49-BB39CC9F1D2B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {880C9155-FA97-4147-9023-3E43DF032582} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BDCC87BB-3018-4668-A83C-F33357599358} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F8742EC6-565B-4E74-B30C-02A5C279DBA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~``

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

How is the computer now?

**TechnoDino** · 2015-12-13, 03:56

SafeSearch has been removed. I can now select a search provider in Chrome. All is good.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/12/2015
Scan Time: 7:48 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.12.05
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 556086
Time Elapsed: 43 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by John (2015-12-12 19:42:58) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
CloseProcesses:
Task: {0699BFFC-E5F9-4B12-9E27-F6AA357C4F45} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {14E7860D-EC27-4F21-89CC-FEE16095F813} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {19D377E1-54A8-4605-90C1-060DE29FE63C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {209ECABB-9FF2-4ADB-9E25-D8087FDDAEF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2E83C718-4C80-4D01-BC5E-51BFA0902082} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {341B207B-A080-4999-BD90-9204BFAF108C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3E4CB369-DB1E-4802-9990-EFDF284F73CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {617C1518-6D42-42B0-9A49-BB39CC9F1D2B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {880C9155-FA97-4147-9023-3E43DF032582} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BDCC87BB-3018-4668-A83C-F33357599358} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F8742EC6-565B-4E74-B30C-02A5C279DBA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0699BFFC-E5F9-4B12-9E27-F6AA357C4F45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0699BFFC-E5F9-4B12-9E27-F6AA357C4F45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14E7860D-EC27-4F21-89CC-FEE16095F813}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14E7860D-EC27-4F21-89CC-FEE16095F813}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19D377E1-54A8-4605-90C1-060DE29FE63C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19D377E1-54A8-4605-90C1-060DE29FE63C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{209ECABB-9FF2-4ADB-9E25-D8087FDDAEF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209ECABB-9FF2-4ADB-9E25-D8087FDDAEF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E83C718-4C80-4D01-BC5E-51BFA0902082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E83C718-4C80-4D01-BC5E-51BFA0902082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{341B207B-A080-4999-BD90-9204BFAF108C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{341B207B-A080-4999-BD90-9204BFAF108C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E4CB369-DB1E-4802-9990-EFDF284F73CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4CB369-DB1E-4802-9990-EFDF284F73CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{617C1518-6D42-42B0-9A49-BB39CC9F1D2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617C1518-6D42-42B0-9A49-BB39CC9F1D2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{880C9155-FA97-4147-9023-3E43DF032582}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{880C9155-FA97-4147-9023-3E43DF032582}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDCC87BB-3018-4668-A83C-F33357599358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCC87BB-3018-4668-A83C-F33357599358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8742EC6-565B-4E74-B30C-02A5C279DBA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8742EC6-565B-4E74-B30C-02A5C279DBA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
EmptyTemp: => 45.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:43:24 ====

Originally Posted by Juliet

Thank you!

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~``

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

How is the computer now?

**Juliet** · 2015-12-13, 13:22

SafeSearch has been removed. I can now select a search provider in Chrome. All is good.

Good deal!

*****************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

**TechnoDino** · 2015-12-15, 04:17

In you instructions, there are 2 images that are empty. Put a checkmark ?? Click?? I should be able to figure this out but sure would be nice to see those 2 images.

John

Originally Posted by Juliet

Good deal!

*****************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

**Juliet** · 2015-12-15, 04:30

Place a checkmark next to (uninstall application on close)and click on the "Finish" button.

Don't know why those 2 images aren't seen. .

**TechnoDino** · 2015-12-16, 03:31

Juliet, I need to run eset tonight. Lost my power long enough for my laptop battery to die.

John

Originally Posted by Juliet

Place a checkmark next to (uninstall application on close)and click on the "Finish" button.

Don't know why those 2 images aren't seen. .

**Juliet** · 2015-12-16, 11:35

Post when you can

Thread: SafeSearch PUP and Browser Hijack

Thread Tools

Display

SafeSearch PUP and Browser Hijack

FRST Fix; AdwCleaner and JRT reports

Reply To : How is the computer ?

Getting ready to run eset

Need to run eset again

Tags for this Thread

Posting Permissions