Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: kaboob or kaboom or something like that

  1. #1
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default kaboob or kaboom or something like that

    I have a HP Laserjet printer that can be used with a wireless connection. I wasn't able to use it because my laptop could not discover it. I called HP help, and they ran a scan that showed this kaboob or kaboom or something like that, that they said was preventing my laptop from communicating with any wireless/bluetooth devices. They also said that my IP Network had been hacked. They said that they could fix it for $199.00!

    I remembered the outstanding service I have gotten on this forum in the past, so here I am. Thanks for your help in advance!

    FRST Logs follow:

    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
    Ran by Steve (administrator) on STEVESLAPTOP (19-02-2016 23:47:10)
    Running from C:\Users\Steve\Downloads
    Loaded Profiles: Steve & (Available Profiles: Steve)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-04-07] (McAfee, Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [SoftonicAssistant] => C:\Users\Steve\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1846216 2016-02-18] ()
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-22] (Dropbox, Inc.)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-24] (Lavasoft)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Chromium] => c:\users\steve\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322048 2012-09-12] (Microsoft Corporation)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SoftonicAssistant] => C:\Users\Steve\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1846216 2016-02-18] ()
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-22] (Dropbox, Inc.)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-24] (Lavasoft)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Chromium] => c:\users\steve\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322048 2012-09-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2014-11-04]
    ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-11-04]
    ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-02-10]
    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
    Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-22]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-02-19]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-12-24] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-12-24] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-12-24] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-12-24] (Lavasoft Limited)
    Winsock: Catalog9-x64 05 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-12-24] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8f9b0205-0891-408b-819b-71fdaa775a01}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{d3a51370-e434-4ddc-a093-b0c816b98cd0}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-28] (Microsoft Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
    BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-04] (McAfee)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-28] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: FunFeedr -> {11B16A3D-F03E-4565-A532-E66B219C9B03} -> C:\Users\Steve\AppData\Local\ext_funfeedr\ext_funfeedr.dll [2015-12-05] ()
    BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-04] (McAfee)
    Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-04] (McAfee)
    Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-04] (McAfee)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF DefaultSearchEngine.US: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxp://google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514\searchplugins\McSiteAdvisor.xml [2016-02-16]
    FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514\searchplugins\Search Provided by Yahoo.xml [2016-02-16]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-12-22]
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-21] [not signed]
    FF HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
    FF HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-13]
    CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-13]
    CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
    CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
    CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
    CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-13]
    CHR Extension: (SiteAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
    CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [221568 2015-12-09] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-24] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-02-11] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-24] ()
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-19] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek )
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-19 23:47 - 2016-02-19 23:48 - 00037206 _____ C:\Users\Steve\Downloads\FRST.txt
    2016-02-19 23:46 - 2016-02-19 23:47 - 00000000 ____D C:\FRST
    2016-02-19 23:44 - 2016-02-19 23:46 - 02371072 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
    2016-02-19 23:14 - 2016-02-19 23:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-19 23:14 - 2016-02-19 23:14 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-19 23:14 - 2016-02-19 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-19 23:14 - 2016-02-19 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-19 23:14 - 2016-02-19 23:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-19 23:14 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-02-19 23:14 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-02-19 23:14 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-02-19 23:12 - 2016-02-19 23:13 - 22908888 _____ (Malwarebytes ) C:\Users\Steve\Downloads\mbam-setup-org-2.2.0.1024.exe
    2016-02-17 08:35 - 2016-02-17 08:36 - 11199448 _____ (VS Revo Group ) C:\Users\Steve\Downloads\RevoUninProSetup.exe
    2016-02-16 13:52 - 2016-02-16 13:52 - 00000000 __SHD C:\ProgramData\360Quarant
    2016-02-16 13:52 - 2016-02-16 13:52 - 00000000 __SHD C:\$360Section
    2016-02-16 13:33 - 2016-02-16 13:33 - 00000000 ____D C:\Users\Steve\Documents\ProcAlyzer Dumps
    2016-02-16 12:55 - 2016-02-17 00:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-02-16 12:55 - 2016-02-16 12:55 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-02-16 12:55 - 2016-02-16 12:55 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-02-16 12:55 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2016-02-16 12:54 - 2016-02-17 08:07 - 00000000 ____D C:\Users\Steve\AppData\Local\Chromium
    2016-02-16 12:54 - 2016-02-16 12:54 - 00002380 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2016-02-16 12:54 - 2016-02-16 12:54 - 00002372 _____ C:\Users\Steve\Desktop\Chromium.lnk
    2016-02-16 12:53 - 2016-02-18 13:18 - 00000000 ____D C:\ProgramData\0109546b-4db7-0
    2016-02-16 12:53 - 2016-02-18 13:18 - 00000000 ____D C:\ProgramData\0109546b-4d97-1
    2016-02-16 12:52 - 2016-02-19 22:52 - 00000296 _____ C:\WINDOWS\Tasks\UpdateTask.job
    2016-02-16 12:52 - 2016-02-18 13:11 - 00000000 ____D C:\Program Files (x86)\360
    2016-02-16 12:52 - 2016-02-16 13:52 - 00000000 ____D C:\Users\Steve\AppData\Local\{50BE66E2-7416-0A5A-198E-2FB23DE6D32A}
    2016-02-16 12:52 - 2016-02-16 12:52 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Steve\Downloads\Spybot Search & Destroy Setup [1].exe
    2016-02-16 12:52 - 2016-02-16 12:52 - 00002780 _____ C:\WINDOWS\System32\Tasks\UpdateTask
    2016-02-16 12:52 - 2016-02-16 12:52 - 00002559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    2016-02-16 12:52 - 2016-02-16 12:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-02-16 12:49 - 2016-02-16 12:50 - 00986472 _____ ( ) C:\Users\Steve\Downloads\Spybot Search & Destroy Setup.exe
    2016-02-16 12:29 - 2016-02-16 12:29 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
    2016-02-16 12:28 - 2016-02-16 12:28 - 02763104 _____ C:\Users\Steve\Downloads\RemoteSupport.exe
    2016-02-16 12:15 - 2016-02-16 12:15 - 00000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
    2016-02-11 21:11 - 2016-02-15 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-09 17:42 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 17:42 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 17:41 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 17:41 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 17:41 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 17:41 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 17:41 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 17:41 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 17:41 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 17:41 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 17:41 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 17:41 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 17:41 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 17:41 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 17:41 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 17:41 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 17:41 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 17:41 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 17:41 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 17:41 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 17:41 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 17:41 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 17:41 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 17:41 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 17:41 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 17:41 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 17:41 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 17:41 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 17:41 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 17:41 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 17:41 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 17:41 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 17:41 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 17:41 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 17:41 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 17:41 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 17:41 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 17:41 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 17:41 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 17:41 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 17:41 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 17:41 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 17:41 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 17:41 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 17:41 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 17:41 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 17:41 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 17:41 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 17:41 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 17:41 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 17:41 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 17:41 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 17:41 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 17:41 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 17:41 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 17:41 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 17:41 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 17:41 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 17:41 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 17:41 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 17:41 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 17:41 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-02 22:06 - 2016-02-19 10:42 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
    2016-02-01 18:28 - 2016-02-15 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-01 18:28 - 2016-02-01 18:28 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-02-01 18:28 - 2016-02-01 18:28 - 00001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-02-01 18:27 - 2016-02-01 18:27 - 00242000 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 44.0 (1).exe
    2016-01-30 16:20 - 2016-01-30 16:20 - 00004130 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
    2016-01-30 16:20 - 2016-01-30 16:20 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2016-01-30 16:20 - 2016-01-30 16:20 - 00003416 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2016-01-30 16:20 - 2016-01-30 16:20 - 00003302 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2016-01-30 16:19 - 2016-01-30 16:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2016-01-30 16:19 - 2016-01-30 16:19 - 00000000 ____D C:\Program Files\Dell Support Center
    2016-01-30 08:56 - 2016-01-30 08:57 - 00242000 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 44.0.exe
    2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
    2016-01-28 07:50 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 07:50 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 07:50 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 07:50 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 07:50 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 07:50 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 07:50 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 07:50 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 07:50 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 07:50 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 07:50 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 07:50 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 07:50 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 07:50 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 07:50 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 07:50 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 07:50 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 07:50 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 07:50 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 07:50 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 07:50 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 07:50 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 07:50 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 07:50 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 07:50 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 07:50 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 07:50 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 07:50 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 07:50 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 07:50 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 07:50 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 07:50 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 07:50 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 07:50 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 07:50 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 07:50 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 07:50 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 07:49 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 07:49 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 07:49 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 07:49 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 07:49 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 07:49 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 07:49 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 07:49 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 07:49 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 07:49 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 07:49 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 07:49 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 07:49 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 07:49 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 07:49 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 07:49 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 07:49 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 07:49 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 07:49 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 07:49 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 07:49 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 07:49 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 07:49 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 07:49 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 07:49 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 07:49 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 07:49 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 07:49 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 07:49 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 07:49 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 07:49 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2016-01-25 17:39 - 2016-01-25 17:39 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-19 23:22 - 2014-10-03 14:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-19 23:00 - 2015-11-22 11:55 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA.job
    2016-02-19 22:00 - 2014-10-20 20:32 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{809E30A1-512E-4B90-9B34-726D44ACA9A0}
    2016-02-19 12:00 - 2015-11-22 11:55 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core.job
    2016-02-19 11:41 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-19 09:27 - 2015-12-24 11:03 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Seventh
    2016-02-19 09:27 - 2014-12-18 18:21 - 00000000 ____D C:\Users\Steve\AppData\Local\SoftonicAssistant
    2016-02-19 09:27 - 2014-10-14 20:28 - 00000000 __SHD C:\Users\Steve\IntelGraphicsProfiles
    2016-02-18 16:27 - 2016-01-16 15:09 - 00000000 ____D C:\Windows.old
    2016-02-18 13:17 - 2016-01-16 12:41 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-18 13:17 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-18 13:12 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-18 13:11 - 2016-01-16 12:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-18 13:11 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-18 13:11 - 2014-11-04 11:12 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-02-18 09:30 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-17 08:12 - 2014-10-03 13:42 - 00000000 ____D C:\Users\Steve\AppData\Local\Packages
    2016-02-17 04:30 - 2013-06-03 18:57 - 00000000 ____D C:\ProgramData\McAfee
    2016-02-16 12:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2016-02-16 12:52 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-02-12 22:45 - 2014-10-05 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-12 22:40 - 2014-10-05 19:57 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-11 17:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-10 17:09 - 2014-10-03 15:21 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-10 16:58 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-09 18:43 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-01 18:36 - 2015-09-11 18:04 - 00000000 ____D C:\Users\Steve\Desktop\Old Firefox Data
    2016-01-30 16:19 - 2013-06-03 18:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2016-01-30 16:18 - 2013-06-03 18:50 - 00000000 ____D C:\ProgramData\PCDr
    2016-01-29 18:03 - 2015-02-12 14:52 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2016-01-29 17:29 - 2014-12-28 19:51 - 00000000 ____D C:\Users\Steve\AppData\Local\Windows Live
    2016-01-29 07:59 - 2015-12-24 11:05 - 00000000 ____D C:\ProgramData\808c904c-41d3-1
    2016-01-29 07:59 - 2015-12-24 11:05 - 00000000 ____D C:\ProgramData\808c904c-1a35-0
    2016-01-29 07:55 - 2016-01-16 12:15 - 00353968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-28 08:04 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-28 08:02 - 2013-06-03 19:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

    ==================== Files in the root of some directories =======

    2014-11-04 11:14 - 2014-11-04 11:14 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2016-02-19 10:23 - 2016-02-19 10:43 - 0002861 _____ () C:\Users\Steve\AppData\Roaming\LiveFlight_Connect_Windows.log
    2015-12-26 00:28 - 2015-12-26 00:28 - 0003584 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-01-03 00:07 - 2016-01-03 00:07 - 0000017 _____ () C:\Users\Steve\AppData\Local\resmon.resmoncfg
    2014-11-08 09:52 - 2014-11-08 09:52 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-01-16 12:20 - 2016-01-16 12:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-06-03 18:56 - 2013-06-03 18:57 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-06-03 18:52 - 2013-06-03 18:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-06-03 18:53 - 2013-06-03 18:55 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-06-03 18:52 - 2013-06-03 18:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2013-06-03 18:55 - 2013-06-03 18:56 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-12 10:06

    ==================== End of FRST.txt ============================

    FRST Additional Log:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by Steve (2016-02-19 23:49:14)
    Running from C:\Users\Steve\Downloads
    Windows 10 Home (X64) (2016-01-16 17:59:26)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2633259000-3325982389-204066327-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2633259000-3325982389-204066327-503 - Limited - Disabled)
    Guest (S-1-5-21-2633259000-3325982389-204066327-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2633259000-3325982389-204066327-1005 - Limited - Enabled)
    Steve (S-1-5-21-2633259000-3325982389-204066327-1001 - Administrator - Enabled) => C:\Users\Steve

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    AccessDiver v4.402 (HKLM-x32\...\AccessDiver v4.402_is1) (Version: - Jean Fages)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Chromium (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Chromium) (Version: 50.0.2632.0 - Chromium)
    Chromium (HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chromium) (Version: 50.0.2632.0 - Chromium)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
    Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{D2A4E5EA-5FAF-4252-A38B-08CF5EC55139}) (Version: 1.7.1033.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    LiveFlight Connect (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\9b904d93acc634d4) (Version: 1.1.2.5 - LiveFlight Connect)
    LiveFlight Connect (HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\9b904d93acc634d4) (Version: 1.1.2.5 - LiveFlight Connect)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    McAfee LiveSafe Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
    McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.171 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Softonic Assistant (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\SoftonicAssistant) (Version: 0.2.3 - Softonic International S.A.) <==== ATTENTION
    Softonic Assistant (HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SoftonicAssistant) (Version: 0.2.3 - Softonic International S.A.) <==== ATTENTION
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
    TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
    Web Companion (HKLM-x32\...\{e929c220-5ac3-4526-8b74-d874ad046a5e}) (Version: 2.1.1265.2535 - Lavasoft)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0276E679-3995-4A1F-8353-BDDF2B130731} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {07ED262F-3720-4CEC-BA15-F7FCF68B66BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {0A2BA86E-1A26-46ED-9E16-D11DBC4620BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {0BD60729-C05A-4B7D-B62B-EF4982A346D3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0D5F6861-4F5B-4E2C-B54F-09A95995D183} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {19CCFC85-FB9E-46CE-B569-9C2F7A50F865} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1B4062BF-7CEC-4F05-967F-DACEAC5AB513} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {1C9E90B2-0AE5-40AE-AA21-D6FEA391E549} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
    Task: {2683A72E-EACC-4CFA-B328-3FCCA0CD4E1B} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {28B1E53D-B361-45C1-95C6-C7DAD10A19A3} - System32\Tasks\Genius => C:\Users\Steve\AppData\Roaming\Genius\Genius.exe [2015-12-05] () <==== ATTENTION
    Task: {3DE14D81-F179-4A21-AC72-F8C7973B1B99} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {43950CA6-EB49-4F34-BAF5-913E2C538B5F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {4AFD81AA-A03B-4907-A66F-4BCD68F585FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)
    Task: {4F1C2B96-A306-4089-97C6-01F0A13CC1B8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
    Task: {509D75B0-0562-41D3-9ED5-859839F25FAB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
    Task: {572E134B-E66C-468D-BBF6-B36575B8F789} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
    Task: {5F026724-BB09-4E2E-B612-9E1F116B0FE1} - System32\Tasks\Seventh => C:\Users\Steve\AppData\Roaming\Seventh\Seventh.exe [2015-12-05] () <==== ATTENTION
    Task: {628E6755-30D6-4A07-88EF-37A835EA698D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
    Task: {6E3BEFC3-01C9-417E-9B9C-4A9AB829DFB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6E858054-FD41-4C53-BF90-B707D0EBD095} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {74C39CE7-E37C-4A65-9239-44BE57FC3B8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {8E8891EC-1D7E-4482-B7C0-A65DE2BA5D9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {9272B9A3-938C-43C6-9904-FF75799B5424} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
    Task: {945078EB-2B7D-4EEE-82C9-743D7100C65A} - System32\Tasks\Sixth => C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe [2015-12-05] () <==== ATTENTION
    Task: {9A45A3C1-93CD-4AD4-86B2-FB7C5CF6DCEA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
    Task: {9B7926B6-7F9F-4FC3-9879-DDE3C0124B03} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)
    Task: {A090C982-C0B2-41B4-AC3D-114BE87856F9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
    Task: {B1E17AC5-BDC5-4A9E-8AD8-3F138BEF51B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {B60B5AED-C36A-4934-B462-EC9FF303E154} - System32\Tasks\UpdateTask => C:\Users\Steve\AppData\Local\{50BE6~1\UNINST~1.EXE
    Task: {C3E971C6-2421-41E7-80BC-5C4A30439279} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
    Task: {D2B19B6E-F83C-412F-B27A-7B0F8E9F0AD4} - System32\Tasks\Genius_Interval => C:\Users\Steve\AppData\Roaming\Genius\Genius.exe [2015-12-05] ()
    Task: {D3AD9E3A-0BC1-4C77-AD75-19F162F536F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DFC26691-1921-4F99-80DA-B308E76BB958} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {E99561E2-D132-409B-AB08-709AA1D51FAD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EFC20D7B-66DC-45E1-A33A-F06358796B36} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F133A78E-F0F8-4A53-B47B-C2F8FF2E3F8F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
    Task: {F623E016-7E3F-446D-A3C7-D7F8CA4972EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F9ACB80A-81A8-4034-B5C4-41A7297B5385} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Task: C:\WINDOWS\Tasks\UpdateTask.job =>

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-01-07 19:37 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
    2013-06-03 18:55 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-01-16 15:07 - 2016-01-16 15:07 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-16 15:07 - 2016-01-16 15:07 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-28 07:55 - 2016-01-28 07:55 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 07:50 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 07:50 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-16 15:08 - 2016-01-16 15:08 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2016-02-16 12:55 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-02-16 12:55 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-02-16 12:55 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-02-16 12:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-02-16 12:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-02-11 12:47 - 2016-02-11 12:47 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2ab8c6d2095a0b269cb2615def8208be\PSIClient.ni.dll
    2013-06-03 18:44 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-06-03 18:53 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
    HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\Run: => "Web Companion"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Web Companion"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{D76B9E39-6AF9-4802-8150-45C33352490F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{B2F2947E-959D-4C00-8859-3F7B7602EFCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3B45FB96-6A7C-4FC8-AD26-74473B7A8310}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A5192379-A6CE-4481-8914-23C15749EBFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{027A8163-B00D-4DBB-A5AA-D391A2BE35FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B7FB18FB-8D45-4711-A9E1-492DDF505C0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A76CB5DD-C868-4B48-B731-E9EC808E87BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{03B8696F-390D-4C01-9A82-63274E111C07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D43A645-9D99-4319-ADF5-9F4B3CA7FE27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A8D121B9-566D-4871-B500-C0760382402C}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1642B8B4-3A16-4593-BADE-ACC65C7BF6EF}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{21FAB45D-EC72-46E5-AC13-7992BF4D169B}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{DCC4CE6D-EFA0-44FE-BC1C-12FEC2A1B965}] => (Allow) LPort=5357
    FirewallRules: [{25EFED3D-AD8B-4E8B-8B0C-AF90D11D65DB}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
    FirewallRules: [{D59BF684-A7E2-4A21-A9E2-218961DFA22C}] => (Allow) C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{E5C1E8AA-7EDD-472E-AD67-889FC2D8B53C}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{88120E35-D1F7-4C9C-BCD4-D46BE3AAB4D6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{63EF59DC-8F1B-4C6A-B378-3A9836C12976}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{B5FF02B4-704E-4276-A3FD-AEBE06118686}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{EE6FAA3E-04AD-4BA2-8C2D-7A5FBED911F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{70D2FAB4-27CA-474E-8643-8B51BB477209}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{7A05D62F-7684-49D1-B116-DF2CDBE0A3AD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{66999C00-1504-42EC-BAE6-93BCFCF06443}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{33AD3D9A-F212-4528-B8BC-01AF9686EF5F}] => (Allow) LPort=2869
    FirewallRules: [{6EB53521-B4D6-4FBE-950B-70C6513355BD}] => (Allow) LPort=1900
    FirewallRules: [{9A35ECFE-F9CF-4E31-9241-BAA4A8BFE1B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{E97525A0-5226-4C33-B389-2A28E0F7FB8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4D902ACF-EE93-484D-9576-9D404FEB1103}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D1B041FD-BCF9-4788-AE5F-64AE6A0201D2}] => (Allow) C:\Users\Steve\AppData\Local\Chromium\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    09-02-2016 18:40:57 Windows Update
    12-02-2016 22:40:15 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/19/2016 09:31:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x2914
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/19/2016 03:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x1990
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/19/2016 01:34:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x868
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/19/2016 12:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x2b3c
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/18/2016 08:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x1a64
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/18/2016 04:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x12e0
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/18/2016 01:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0x1900
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (02/18/2016 01:11:54 PM) (Source: SideBySide) (EventID: 79) (User: )
    Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
    The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

    Error: (02/18/2016 12:51:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0xd50
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5

    Error: (02/17/2016 10:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLXPGSS.SCR, version: 16.4.3505.912, time stamp: 0x50510e6f
    Faulting module name: WLXPipeTran.dll, version: 16.4.3505.912, time stamp: 0x50510ffd
    Exception code: 0xc0000005
    Fault offset: 0x0000ac2e
    Faulting process id: 0x2310
    Faulting application start time: 0xWLXPGSS.SCR0
    Faulting application path: WLXPGSS.SCR1
    Faulting module path: WLXPGSS.SCR2
    Report Id: WLXPGSS.SCR3
    Faulting package full name: WLXPGSS.SCR4
    Faulting package-relative application ID: WLXPGSS.SCR5


    System errors:
    =============
    Error: (02/19/2016 03:24:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_de1d1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/19/2016 03:24:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_de1d1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/19/2016 03:24:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_de1d1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/19/2016 03:24:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_de1d1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/19/2016 03:24:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/18/2016 01:12:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SearchProtectionService service failed to start due to the following error:
    %%1053

    Error: (02/18/2016 01:12:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the SearchProtectionService service to connect.

    Error: (02/18/2016 01:11:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SDWSCService service failed to start due to the following error:
    %%14001

    Error: (02/18/2016 01:10:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_17f4a2e9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/18/2016 01:10:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_17f4a2e9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-02-17 08:14:38.161
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:14:38.147
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:14:38.052
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:13:56.417
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:13:56.403
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:13:56.382
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:13:55.719
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-17 08:13:55.533
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-16 03:10:41.180
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-16 03:10:41.158
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
    Percentage of memory in use: 68%
    Total physical RAM: 3965.27 MB
    Available physical RAM: 1249.62 MB
    Total Virtual: 4669.27 MB
    Available Virtual: 1517.42 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:454.75 GB) (Free:336.11 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: CE9D088C)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    aswMBR Log:

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-02-20 00:05:43
    -----------------------------
    00:05:43.520 OS Version: Windows x64 6.2.9200
    00:05:43.520 Number of processors: 4 586 0x3A09
    00:05:43.521 ComputerName: STEVESLAPTOP UserName: Steve
    00:05:45.143 Initialize success
    00:05:45.244 VM: initialized successfully
    00:05:45.246 VM: Intel CPU supported
    00:05:48.437 VM: disk I/O iaStorA.sys
    00:09:28.256 AVAST engine defs: 16021901
    00:09:36.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
    00:09:36.134 Disk 0 Vendor: ST500LT012-9WS142 0002SDM1 Size: 476940MB BusType: 11
    00:09:36.320 Disk 0 MBR read successfully
    00:09:36.320 Disk 0 MBR scan
    00:09:36.351 Disk 0 unknown MBR code
    00:09:36.351 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    00:09:36.489 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:10:07.040 Service scanning
    00:11:14.921 Modules scanning
    00:11:14.936 Disk 0 trace - called modules:
    00:11:15.022 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
    00:11:15.038 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0007cd0a060]
    00:11:15.054 3 CLASSPNP.SYS[fffff800bce77d95] -> nt!IofCallDriver -> \Device\0000002c[0xffffe0007b1e3060]
    00:11:16.207 AVAST engine scan C:\WINDOWS
    00:11:20.024 AVAST engine scan C:\WINDOWS\system32
    00:19:23.332 AVAST engine scan C:\WINDOWS\system32\drivers
    00:20:09.542 AVAST engine scan C:\Users\Steve
    00:45:20.155 File: C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe **INFECTED** Win32:Dropper-gen [Drp]
    00:46:26.554 File: C:\Users\Steve\Downloads\Setup.exe **INFECTED** Win32:Malware-gen
    00:47:58.566 AVAST engine scan C:\ProgramData
    00:52:15.640 Disk 0 statistics 5596264/0/0 @ 296.15 MB/s
    00:52:15.643 Scan finished successfully
    00:53:03.738 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    00:53:03.738 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
    00:57:31.331 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    00:57:31.331 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
    00:58:40.091 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    00:58:40.412 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
    00:59:24.332 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    00:59:24.633 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
    01:00:03.456 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    01:00:03.472 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
    01:02:42.375 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
    01:02:42.390 The log file has been saved successfully to "C:\Users\Steve\Desktop\2aswMBR.txt"

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Your running FRST64 from your Downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.




    Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
    Please copy the entire contents Inside of the code box below beginning with START and ending with END
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please


    Code:
    Start
    CloseProcesses:
    CreateRestorePoint: 
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    Task: {945078EB-2B7D-4EEE-82C9-743D7100C65A} - System32\Tasks\Sixth => C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe [2015-12-05] () <==== ATTENTION
    C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe
    C:\Users\Steve\Downloads\Setup.exe
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    End







    -AdwCleaner-by Xplode


    Click on this link to download : ADWCleaner TO YOUR DESKTOP


    Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers








    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.






    ===============================================================================






    Please download Junkware Removal Tool TO YOUR DESKTOP

    • Download the one from Bleeping Computer
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.








    ===============================================================================


    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP



    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"









    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes



    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by Steve (2016-02-20 19:53:30) Run:1
    Running from C:\Users\Steve\Desktop
    Loaded Profiles: Steve & (Available Profiles: Steve)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D122415-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20141104&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    Task: {945078EB-2B7D-4EEE-82C9-743D7100C65A} - System32\Tasks\Sixth => C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe [2015-12-05] () <==== ATTENTION
    C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe
    C:\Users\Steve\Downloads\Setup.exe
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    "HKU\S-1-5-21-2633259000-3325982389-204066327-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8}" => key removed successfully
    HKCR\CLSID\{E5E0719E-BCE2-47E4-B3D5-510FE1E26BC8} => key not found.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{945078EB-2B7D-4EEE-82C9-743D7100C65A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{945078EB-2B7D-4EEE-82C9-743D7100C65A}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Sixth => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth" => key removed successfully
    "C:\Users\Steve\AppData\Roaming\Sixth\Sixth.exe" => not found.
    C:\Users\Steve\Downloads\Setup.exe => moved successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 1.4 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 19:57:26 ====

  4. #4
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    # AdwCleaner v5.035 - Logfile created 20/02/2016 at 20:14:51
    # Updated 18/02/2016 by Xplode
    # Database : 2016-02-20.3 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Steve - STEVESLAPTOP
    # Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\Steve\AppData\Local\ext_funfeedr
    [-] Folder Deleted : C:\Users\Steve\AppData\Local\SoftonicAssistant
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Common\LuaRT
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\FunFeedr
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Genius
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Seventh
    [-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Sixth
    [#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Genius
    [#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Seventh

    ***** [ Files ] *****

    [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    [-] File Deleted : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514\searchplugins\Search Provided by Yahoo.xml
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    [-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
    [-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
    [-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : updateTask
    [-] Task Deleted : Genius
    [-] Task Deleted : Genius_Interval
    [-] Task Deleted : Seventh

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11B16A3D-F03E-4565-A532-E66B219C9B0E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11B16A3D-F03E-4565-A532-E66B219C9B03}
    [-] Key Deleted : HKCU\Software\darwendlm
    [-] Key Deleted : HKCU\Software\FFUPD
    [-] Key Deleted : HKCU\Software\FunFeedr
    [-] Key Deleted : HKCU\Software\PRODUCTSETUP
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKCU\Software\AppDataLow\Sams.Browser
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftonicAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SoftonicAssistant]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3833 bytes] ##########

  5. #5
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Steve (Administrator) on Sat 02/20/2016 at 20:23:12.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 5

    Failed to delete: C:\Program Files (x86)\lavasoft\web companion (Folder)
    Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder)
    Successfully deleted: C:\Users\Steve\AppData\Roaming\lavasoft\web companion (Folder)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 02/20/2016 at 20:26:19.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/20/2016
    Scan Time: 8:34 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.20.04
    Rootkit Database: v2016.02.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Steve

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368031
    Time Elapsed: 19 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO.1, , [9f55c59dd4c5e650de61e5c3c93908f8],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO.1, , [00f452105445270fe45b8b1daa588779],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SamsPluginFunFeedr.BHO.1, , [00f452105445270fe45b8b1daa588779],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser, , [1ed6313182175dd95dbcec34f212827e],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsFunFeedr.Browser.1, , [757f1c46b5e4a096b564eb35a2626e92],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\CLASSES\SamsPluginFunFeedr.BHO, , [b83c21415e3b171f0d0d79a75da7d52b],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser, , [41b3ca98a6f3f83e4ecbc35d5da72dd3],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsFunFeedr.Browser.1, , [c232a8ba2871171fd74245dbc63ecf31],
    PUP.Optional.FunFeedr, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SamsPluginFunFeedr.BHO, , [17ddadb59702989ecd4d1f017f85c040],
    PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\playthruplayer.com, , [649019491782ef474fc348116d979769],

    Registry Values: 1
    PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-2633259000-3325982389-204066327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PlaythruPlayer.exe, 11000, , [48acb1b1cbce6ec86f087fd4e51fc937]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.PlayThru, C:\Windows\Installer\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}, , [619372f004950135d9a066ef689c42be],

    Files: 11
    PUP.Optional.SofTonic, C:\Users\Steve\Downloads\SoftonicDownloader_for_microsoft-flight-simulator.exe, , [a84c6ef477222d09d93e74b76a967d83],
    PUP.Optional.InstallCore, C:\Users\Steve\Downloads\Spybot Search & Destroy Setup.exe, , [6b894022a0f9f4423d3a00135fa6f30d],
    HackTool.BruteForce, C:\Users\Steve\Downloads\CForce V1.01b.exe, , [866eb6ac3564a69043a6d0a41fe14bb5],
    HackTool.BruteForce, C:\Users\Steve\Downloads\CForce_1.01b.rar, , [906476ec6930fe38e702db9929d740c0],
    PUP.Optional.ClientConnect, C:\Users\Steve\Downloads\Charon_v0.6_TSV3GA0DT(1).exe, , [817377ebbbde171f8339f9d51fe1df21],
    PUP.Optional.ClientConnect, C:\Users\Steve\Downloads\Charon_v0.6_TSV3GA0DT.exe, , [24d03d255742e55109b30fbf867a8c74],
    PUP.Optional.PlayThru, C:\Windows\Installer\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}\ProductIcon, , [619372f004950135d9a066ef689c42be],
    PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, , [13e1580a6f2a6accafa3eb7916ee57a9],
    PUP.Optional.Conduit, C:\Prefs.js, , [bb3993cf3d5c0e283e624ecdec1909f7],
    PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\components.manifest, Good: (), Bad: (component aab33809-6f9f-45f7-9065-2241f0998415 mrt.js), ,[f20263ff772239fdbee00c1033d2ac54]
    PUP.Optional.WinYahoo, C:\Users\Steve\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_16_07&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtDyDyC0CtAyE0EyEyC0AtN0D0Tzu0StCyDtDyBtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0EyBtCyC0A0B0FtGtD0DtA0CtG0B0F0EyDtGtA0A0A0BtGtA0B0D0EyEtAtB0A0EyDyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DyBzz0C0DyCyEtG0AzzyCyCtGyE0A0DyEtGzz0A0B0FtG0D0AyBtDtC0CtDyDyEyC0B0B2QtN0A0LzuyE%26cr%3D1557552372%26a%3Dwncy_dwndlm_16_07%26os_ver%3D10.0%26os%3DWindows,[f400540ed4c5ec4a99e9c35ad431be42]B10,[f400540ed4c5ec4a99e9c35ad431be42]BHome&uref=chmm"]}}), %5

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  7. #7
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looking good. When you ran Malwarebytes, did you have it Quarantine all those entries ?? They need to be gone. If not run Malwarebytes again and do this




    • You can highlight one of the detections by left clicking on it.
    • Then, right click on the highlighted detection, and select 'Check All Items'.
    • Next, click 'Remove Selected'. That should remove them all





    Then Right Click on FRST64 and select RUN AS ADMINISTRATOR, when it opens make sure there is a checkmark in Additions, leave everything else as is, click on Scan and post both the new FRST64 and Additions logs
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/20/2016
    Scan Time: 9:44 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.20.04
    Rootkit Database: v2016.02.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Steve

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368859
    Time Elapsed: 21 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  9. #9
    Junior Member
    Join Date
    Feb 2016
    Posts
    9

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
    Ran by Steve (administrator) on STEVESLAPTOP (20-02-2016 22:10:18)
    Running from C:\Users\Steve\Desktop
    Loaded Profiles: Steve (Available Profiles: Steve)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.16941.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-04-07] (McAfee, Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-22] (Dropbox, Inc.)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Run: [Chromium] => c:\users\steve\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [322048 2012-09-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2014-11-04]
    ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-11-04]
    ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-02-10]
    ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
    Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-22]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-02-20]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8f9b0205-0891-408b-819b-71fdaa775a01}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{d3a51370-e434-4ddc-a093-b0c816b98cd0}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-28] (Microsoft Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
    BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-04] (McAfee)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-28] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-04] (McAfee)
    Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-11-04] (McAfee)
    Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-11-04] (McAfee)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-28] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF DefaultSearchEngine.US: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxp://google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-28] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\q2dwdvly.default-1454369762514\searchplugins\McSiteAdvisor.xml [2016-02-16]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-12-22]
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-21] [not signed]
    FF HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-13]
    CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-13]
    CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
    CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
    CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
    CHR Extension: (Google Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-13]
    CHR Extension: (SiteAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
    CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [221568 2015-12-09] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-24] (Lavasoft Limited)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-02-11] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
    S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-20] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek )
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-20 22:10 - 2016-02-20 22:11 - 00026672 _____ C:\Users\Steve\Desktop\FRST.txt
    2016-02-20 20:28 - 2016-02-20 20:30 - 22908888 _____ (Malwarebytes ) C:\Users\Steve\Desktop\mbam-setup-2.2.0.1024.exe
    2016-02-20 20:26 - 2016-02-20 20:26 - 00000951 _____ C:\Users\Steve\Desktop\JRT.txt
    2016-02-20 20:22 - 2016-02-20 20:23 - 01609216 _____ (Malwarebytes) C:\Users\Steve\Desktop\JRT.exe
    2016-02-20 20:08 - 2016-02-20 20:14 - 00000000 ____D C:\AdwCleaner
    2016-02-20 20:08 - 2016-02-20 20:08 - 01511424 _____ C:\Users\Steve\Desktop\AdwCleaner.exe
    2016-02-20 19:53 - 2016-02-20 19:57 - 00012996 _____ C:\Users\Steve\Desktop\Fixlog.txt
    2016-02-20 01:02 - 2016-02-20 01:02 - 00003024 _____ C:\Users\Steve\Desktop\2aswMBR.txt
    2016-02-20 00:53 - 2016-02-20 01:02 - 00000512 _____ C:\Users\Steve\Desktop\MBR.dat
    2016-02-20 00:53 - 2016-02-20 01:00 - 00012280 _____ C:\Users\Steve\Desktop\aswMBR.txt
    2016-02-20 00:05 - 2016-02-20 00:05 - 05198336 _____ (AVAST Software) C:\Users\Steve\Downloads\aswMBR.exe
    2016-02-20 00:03 - 2016-02-20 00:03 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-STEVESLAPTOP-Windows-10-Home-(64-bit).dat
    2016-02-20 00:03 - 2016-02-20 00:03 - 00000000 ____D C:\RegBackup
    2016-02-20 00:02 - 2016-02-20 00:03 - 00016389 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-02-20 00:02 - 2016-02-20 00:02 - 04777232 _____ (Tweaking.com) C:\Users\Steve\Downloads\tweaking.com_registry_backup_setup.exe
    2016-02-20 00:02 - 2016-02-20 00:02 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-02-20 00:02 - 2016-02-20 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-20 00:02 - 2016-02-20 00:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-19 23:49 - 2016-02-19 23:51 - 00049615 _____ C:\Users\Steve\Downloads\Addition.txt
    2016-02-19 23:47 - 2016-02-19 23:51 - 00069925 _____ C:\Users\Steve\Downloads\FRST.txt
    2016-02-19 23:46 - 2016-02-20 22:10 - 00000000 ____D C:\FRST
    2016-02-19 23:44 - 2016-02-19 23:46 - 02371072 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
    2016-02-19 23:14 - 2016-02-20 21:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-19 23:14 - 2016-02-20 20:31 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-19 23:14 - 2016-02-20 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-19 23:14 - 2016-02-20 20:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-19 23:14 - 2016-02-19 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-19 23:14 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-02-19 23:14 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-02-19 23:14 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-02-19 23:12 - 2016-02-19 23:13 - 22908888 _____ (Malwarebytes ) C:\Users\Steve\Downloads\mbam-setup-org-2.2.0.1024.exe
    2016-02-17 08:35 - 2016-02-17 08:36 - 11199448 _____ (VS Revo Group ) C:\Users\Steve\Downloads\RevoUninProSetup.exe
    2016-02-16 13:52 - 2016-02-16 13:52 - 00000000 __SHD C:\ProgramData\360Quarant
    2016-02-16 13:52 - 2016-02-16 13:52 - 00000000 __SHD C:\$360Section
    2016-02-16 13:33 - 2016-02-16 13:33 - 00000000 ____D C:\Users\Steve\Documents\ProcAlyzer Dumps
    2016-02-16 12:55 - 2016-02-17 00:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-02-16 12:55 - 2016-02-16 12:55 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-02-16 12:55 - 2016-02-16 12:55 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-02-16 12:55 - 2016-02-16 12:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-02-16 12:55 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2016-02-16 12:54 - 2016-02-17 08:07 - 00000000 ____D C:\Users\Steve\AppData\Local\Chromium
    2016-02-16 12:54 - 2016-02-16 12:54 - 00002380 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2016-02-16 12:54 - 2016-02-16 12:54 - 00002372 _____ C:\Users\Steve\Desktop\Chromium.lnk
    2016-02-16 12:53 - 2016-02-18 13:18 - 00000000 ____D C:\ProgramData\0109546b-4db7-0
    2016-02-16 12:53 - 2016-02-18 13:18 - 00000000 ____D C:\ProgramData\0109546b-4d97-1
    2016-02-16 12:52 - 2016-02-18 13:11 - 00000000 ____D C:\Program Files (x86)\360
    2016-02-16 12:52 - 2016-02-16 13:52 - 00000000 ____D C:\Users\Steve\AppData\Local\{50BE66E2-7416-0A5A-198E-2FB23DE6D32A}
    2016-02-16 12:52 - 2016-02-16 12:52 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Steve\Downloads\Spybot Search & Destroy Setup [1].exe
    2016-02-16 12:52 - 2016-02-16 12:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-02-16 12:29 - 2016-02-16 12:29 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
    2016-02-16 12:28 - 2016-02-16 12:28 - 02763104 _____ C:\Users\Steve\Downloads\RemoteSupport.exe
    2016-02-16 12:15 - 2016-02-16 12:15 - 00000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
    2016-02-11 21:11 - 2016-02-15 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-09 17:42 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 17:42 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 17:41 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 17:41 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 17:41 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 17:41 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 17:41 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 17:41 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 17:41 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 17:41 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 17:41 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 17:41 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 17:41 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 17:41 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 17:41 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 17:41 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 17:41 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 17:41 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 17:41 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 17:41 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 17:41 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 17:41 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 17:41 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 17:41 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 17:41 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 17:41 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 17:41 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 17:41 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 17:41 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 17:41 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 17:41 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 17:41 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 17:41 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 17:41 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 17:41 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 17:41 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 17:41 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 17:41 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 17:41 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 17:41 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 17:41 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 17:41 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 17:41 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 17:41 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 17:41 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 17:41 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 17:41 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 17:41 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 17:41 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 17:41 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 17:41 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 17:41 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 17:41 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 17:41 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 17:41 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 17:41 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 17:41 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 17:41 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 17:41 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 17:41 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 17:41 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 17:41 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 17:41 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-02 22:06 - 2016-02-19 10:42 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
    2016-02-01 18:28 - 2016-02-15 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-01 18:28 - 2016-02-01 18:28 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-02-01 18:28 - 2016-02-01 18:28 - 00001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-02-01 18:27 - 2016-02-01 18:27 - 00242000 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 44.0 (1).exe
    2016-01-30 16:20 - 2016-01-30 16:20 - 00003416 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2016-01-30 16:20 - 2016-01-30 16:20 - 00003302 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2016-01-30 16:19 - 2016-01-30 16:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2016-01-30 16:19 - 2016-01-30 16:19 - 00000000 ____D C:\Program Files\Dell Support Center
    2016-01-30 08:56 - 2016-01-30 08:57 - 00242000 _____ C:\Users\Steve\Downloads\Firefox Setup Stub 44.0.exe
    2016-01-29 18:03 - 2016-01-29 18:03 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
    2016-01-28 07:50 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 07:50 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 07:50 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 07:50 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 07:50 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 07:50 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 07:50 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 07:50 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 07:50 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 07:50 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 07:50 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 07:50 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 07:50 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 07:50 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 07:50 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 07:50 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 07:50 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 07:50 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 07:50 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 07:50 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 07:50 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 07:50 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 07:50 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 07:50 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 07:50 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 07:50 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 07:50 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 07:50 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 07:50 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 07:50 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 07:50 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 07:50 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 07:50 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 07:50 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 07:50 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 07:50 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 07:50 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 07:50 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 07:50 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 07:50 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 07:50 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 07:49 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 07:49 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 07:49 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 07:49 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 07:49 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 07:49 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 07:49 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 07:49 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 07:49 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 07:49 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 07:49 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 07:49 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 07:49 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 07:49 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 07:49 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 07:49 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 07:49 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 07:49 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 07:49 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 07:49 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 07:49 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 07:49 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 07:49 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 07:49 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 07:49 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 07:49 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 07:49 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 07:49 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 07:49 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 07:49 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 07:49 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 07:49 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 07:49 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 07:49 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 07:49 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 07:49 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 07:49 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 07:49 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 07:49 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-01-25 17:40 - 2016-01-25 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2016-01-25 17:39 - 2016-01-25 17:39 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-20 22:00 - 2015-11-22 11:55 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA.job
    2016-02-20 21:47 - 2016-01-16 12:41 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-20 21:47 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-20 21:42 - 2014-10-14 20:28 - 00000000 __SHD C:\Users\Steve\IntelGraphicsProfiles
    2016-02-20 21:41 - 2016-01-16 12:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-20 21:40 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-20 21:22 - 2014-10-03 14:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-20 20:24 - 2015-12-24 11:02 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Lavasoft
    2016-02-20 20:24 - 2015-12-24 11:01 - 00000000 ____D C:\ProgramData\Lavasoft
    2016-02-20 20:14 - 2015-12-24 11:03 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Common
    2016-02-20 19:40 - 2014-10-20 20:32 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{809E30A1-512E-4B90-9B34-726D44ACA9A0}
    2016-02-20 12:00 - 2015-11-22 11:55 - 00000892 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core.job
    2016-02-20 08:42 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-20 08:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-20 00:55 - 2014-10-03 13:42 - 00000000 ____D C:\Users\Steve\AppData\Local\Packages
    2016-02-18 13:12 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-18 13:11 - 2014-11-04 11:12 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-02-17 04:30 - 2013-06-03 18:57 - 00000000 ____D C:\ProgramData\McAfee
    2016-02-16 12:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2016-02-16 12:52 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-02-12 22:45 - 2014-10-05 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-12 22:40 - 2014-10-05 19:57 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-11 17:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-10 17:09 - 2014-10-03 15:21 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-10 16:58 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-09 18:43 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-01 18:36 - 2015-09-11 18:04 - 00000000 ____D C:\Users\Steve\Desktop\Old Firefox Data
    2016-01-30 16:19 - 2013-06-03 18:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2016-01-30 16:18 - 2013-06-03 18:50 - 00000000 ____D C:\ProgramData\PCDr
    2016-01-29 18:03 - 2015-02-12 14:52 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2016-01-29 17:29 - 2014-12-28 19:51 - 00000000 ____D C:\Users\Steve\AppData\Local\Windows Live
    2016-01-29 07:59 - 2015-12-24 11:05 - 00000000 ____D C:\ProgramData\808c904c-41d3-1
    2016-01-29 07:59 - 2015-12-24 11:05 - 00000000 ____D C:\ProgramData\808c904c-1a35-0
    2016-01-29 07:55 - 2016-01-16 12:15 - 00353968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-28 23:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-28 08:04 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-28 08:02 - 2013-06-03 19:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-01-21 09:04 - 2016-01-17 16:15 - 00000000 ____D C:\Users\Steve\AppData\Local\MicrosoftEdge

    ==================== Files in the root of some directories =======

    2014-11-04 11:14 - 2014-11-04 11:14 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2016-02-19 10:23 - 2016-02-19 10:43 - 0002861 _____ () C:\Users\Steve\AppData\Roaming\LiveFlight_Connect_Windows.log
    2015-12-26 00:28 - 2015-12-26 00:28 - 0003584 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-01-03 00:07 - 2016-01-03 00:07 - 0000017 _____ () C:\Users\Steve\AppData\Local\resmon.resmoncfg
    2014-11-08 09:52 - 2014-11-08 09:52 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-01-16 12:20 - 2016-01-16 12:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-06-03 18:56 - 2013-06-03 18:57 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-06-03 18:52 - 2013-06-03 18:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-06-03 18:53 - 2013-06-03 18:55 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-06-03 18:52 - 2013-06-03 18:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2013-06-03 18:55 - 2013-06-03 18:56 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\Steve\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-12 10:06

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
    Ran by Steve (2016-02-20 22:11:53)
    Running from C:\Users\Steve\Desktop
    Windows 10 Home (X64) (2016-01-16 17:59:26)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2633259000-3325982389-204066327-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2633259000-3325982389-204066327-503 - Limited - Disabled)
    Guest (S-1-5-21-2633259000-3325982389-204066327-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2633259000-3325982389-204066327-1005 - Limited - Enabled)
    Steve (S-1-5-21-2633259000-3325982389-204066327-1001 - Administrator - Enabled) => C:\Users\Steve

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    AccessDiver v4.402 (HKLM-x32\...\AccessDiver v4.402_is1) (Version: - Jean Fages)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Chromium (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Chromium) (Version: 50.0.2632.0 - Chromium)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
    Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{D2A4E5EA-5FAF-4252-A38B-08CF5EC55139}) (Version: 1.7.1033.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    LiveFlight Connect (HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\9b904d93acc634d4) (Version: 1.1.2.5 - LiveFlight Connect)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    McAfee LiveSafe Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
    McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.171 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden
    Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
    TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
    TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Web Companion (HKLM-x32\...\{e929c220-5ac3-4526-8b74-d874ad046a5e}) (Version: 2.1.1265.2535 - Lavasoft)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2633259000-3325982389-204066327-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0276E679-3995-4A1F-8353-BDDF2B130731} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {07ED262F-3720-4CEC-BA15-F7FCF68B66BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {0A2BA86E-1A26-46ED-9E16-D11DBC4620BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {0BD60729-C05A-4B7D-B62B-EF4982A346D3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0D5F6861-4F5B-4E2C-B54F-09A95995D183} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {18A103CA-B2BE-4B98-BC5F-721B84ECD98C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
    Task: {19CCFC85-FB9E-46CE-B569-9C2F7A50F865} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1B4062BF-7CEC-4F05-967F-DACEAC5AB513} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {1C9E90B2-0AE5-40AE-AA21-D6FEA391E549} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
    Task: {2683A72E-EACC-4CFA-B328-3FCCA0CD4E1B} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {3DE14D81-F179-4A21-AC72-F8C7973B1B99} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {43950CA6-EB49-4F34-BAF5-913E2C538B5F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {4AFD81AA-A03B-4907-A66F-4BCD68F585FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)
    Task: {4F1C2B96-A306-4089-97C6-01F0A13CC1B8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation)
    Task: {509D75B0-0562-41D3-9ED5-859839F25FAB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
    Task: {628E6755-30D6-4A07-88EF-37A835EA698D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
    Task: {6E3BEFC3-01C9-417E-9B9C-4A9AB829DFB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6E858054-FD41-4C53-BF90-B707D0EBD095} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {74C39CE7-E37C-4A65-9239-44BE57FC3B8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
    Task: {8E8891EC-1D7E-4482-B7C0-A65DE2BA5D9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {9272B9A3-938C-43C6-9904-FF75799B5424} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
    Task: {9B7926B6-7F9F-4FC3-9879-DDE3C0124B03} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)
    Task: {A090C982-C0B2-41B4-AC3D-114BE87856F9} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
    Task: {B1E17AC5-BDC5-4A9E-8AD8-3F138BEF51B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {D3AD9E3A-0BC1-4C77-AD75-19F162F536F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DFC26691-1921-4F99-80DA-B308E76BB958} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {E99561E2-D132-409B-AB08-709AA1D51FAD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EFC20D7B-66DC-45E1-A33A-F06358796B36} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F133A78E-F0F8-4A53-B47B-C2F8FF2E3F8F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
    Task: {F623E016-7E3F-446D-A3C7-D7F8CA4972EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F9ACB80A-81A8-4034-B5C4-41A7297B5385} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001Core.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633259000-3325982389-204066327-1001UA.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-06-03 18:55 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2016-01-07 19:37 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
    2016-01-16 15:07 - 2016-01-16 15:07 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-01-16 15:07 - 2016-01-16 15:07 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-28 07:55 - 2016-01-28 07:55 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-16 15:08 - 2016-01-16 15:08 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-16 15:08 - 2016-01-16 15:08 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 07:50 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 07:50 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-02-16 12:55 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-02-16 12:55 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-02-16 12:55 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-02-16 12:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-02-16 12:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-21 13:25 - 2016-01-21 13:27 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2013-06-03 18:53 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-02-11 12:47 - 2016-02-11 12:47 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2ab8c6d2095a0b269cb2615def8208be\PSIClient.ni.dll
    2013-06-03 18:44 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2016-02-20 19:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
    HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
    HKLM\...\StartupApproved\Run32: => "mcui_exe"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\Run: => "Dropbox Update"
    HKU\S-1-5-21-2633259000-3325982389-204066327-1001\...\StartupApproved\Run: => "Web Companion"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{D76B9E39-6AF9-4802-8150-45C33352490F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{B2F2947E-959D-4C00-8859-3F7B7602EFCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3B45FB96-6A7C-4FC8-AD26-74473B7A8310}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A5192379-A6CE-4481-8914-23C15749EBFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{027A8163-B00D-4DBB-A5AA-D391A2BE35FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B7FB18FB-8D45-4711-A9E1-492DDF505C0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A76CB5DD-C868-4B48-B731-E9EC808E87BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{03B8696F-390D-4C01-9A82-63274E111C07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D43A645-9D99-4319-ADF5-9F4B3CA7FE27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A8D121B9-566D-4871-B500-C0760382402C}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1642B8B4-3A16-4593-BADE-ACC65C7BF6EF}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{21FAB45D-EC72-46E5-AC13-7992BF4D169B}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{DCC4CE6D-EFA0-44FE-BC1C-12FEC2A1B965}] => (Allow) LPort=5357
    FirewallRules: [{25EFED3D-AD8B-4E8B-8B0C-AF90D11D65DB}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
    FirewallRules: [{D59BF684-A7E2-4A21-A9E2-218961DFA22C}] => (Allow) C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{E5C1E8AA-7EDD-472E-AD67-889FC2D8B53C}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{88120E35-D1F7-4C9C-BCD4-D46BE3AAB4D6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{63EF59DC-8F1B-4C6A-B378-3A9836C12976}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{B5FF02B4-704E-4276-A3FD-AEBE06118686}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{EE6FAA3E-04AD-4BA2-8C2D-7A5FBED911F0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{70D2FAB4-27CA-474E-8643-8B51BB477209}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{7A05D62F-7684-49D1-B116-DF2CDBE0A3AD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{66999C00-1504-42EC-BAE6-93BCFCF06443}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{33AD3D9A-F212-4528-B8BC-01AF9686EF5F}] => (Allow) LPort=2869
    FirewallRules: [{6EB53521-B4D6-4FBE-950B-70C6513355BD}] => (Allow) LPort=1900
    FirewallRules: [{9A35ECFE-F9CF-4E31-9241-BAA4A8BFE1B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{E97525A0-5226-4C33-B389-2A28E0F7FB8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4D902ACF-EE93-484D-9576-9D404FEB1103}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D1B041FD-BCF9-4788-AE5F-64AE6A0201D2}] => (Allow) C:\Users\Steve\AppData\Local\Chromium\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    09-02-2016 18:40:57 Windows Update
    12-02-2016 22:40:15 Windows Update
    20-02-2016 19:53:36 Restore Point Created by FRST
    20-02-2016 20:23:17 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/20/2016 09:41:25 PM) (Source: SideBySide) (EventID: 79) (User: )
    Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
    The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

    Error: (02/20/2016 08:23:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/20/2016 08:16:18 PM) (Source: SideBySide) (EventID: 79) (User: )
    Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
    The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

    Error: (02/20/2016 07:58:59 PM) (Source: SideBySide) (EventID: 79) (User: )
    Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
    The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered.

    Error: (02/20/2016 07:53:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/20/2016 07:53:35 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {c0b7a458-d9d8-426d-82ac-455157eb15b9}

    Error: (02/20/2016 07:36:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 25692703

    Error: (02/20/2016 07:36:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 25692703

    Error: (02/20/2016 07:36:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/20/2016 05:18:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1203


    System errors:
    =============
    Error: (02/20/2016 09:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SDWSCService service failed to start due to the following error:
    %%14001

    Error: (02/20/2016 09:41:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SearchProtectionService service failed to start due to the following error:
    %%2

    Error: (02/20/2016 09:40:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_6a280 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/20/2016 09:40:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_6a280 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/20/2016 09:40:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_6a280 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/20/2016 09:40:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_6a280 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/20/2016 09:40:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/20/2016 08:16:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMScheduler service failed to start due to the following error:
    %%1053

    Error: (02/20/2016 08:16:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

    Error: (02/20/2016 08:16:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SearchProtectionService service failed to start due to the following error:
    %%1053


    CodeIntegrity:
    ===================================
    Date: 2016-02-20 19:57:33.373
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.357
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.333
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.122
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.107
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.091
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:57:33.073
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:55:13.798
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:55:13.777
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 19:55:13.754
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
    Percentage of memory in use: 53%
    Total physical RAM: 3965.27 MB
    Available physical RAM: 1828.53 MB
    Total Virtual: 4669.27 MB
    Available Virtual: 2023.77 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:454.75 GB) (Free:335.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: CE9D088C)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  10. #10
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Your logs are looking just fine, all the tools we used did there job. How is your system behaving now ??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •