DNS Unlocker

gregw123 · Mar 5, 2016

I know I have at least 1 issue, DNS Unlocker.
I tried to follow the info on the 1st post. I backed un the Registry, but Fabar would not download. Just kept saying "connecting... waiting"

I tred to get the Home SpyBot, but it did not install any files. Waiting to hear about that. Will it get rid of DNS Unlocker, or do I still need to manually uninstall?
We have 2 infected computers, Laptop and mini laptop.

Pleas let me know my next step. Thank you,

Greg

Juliet · Mar 6, 2016

You need to reset your router.

Turn your modem/router off. Let this rest for a couple of minutes.
Turn it back on and wait for all lights to stop blinking (if yours does this most do but all don't)
Next, follow the below.

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot.

~~~~~~~~~~~~~~~~~~
NEXT

Download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser! This will also hide all desktop shortcuts, so just be aware! They will come back after rebooting.
Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Manually reboot the machine to ensure a complete clean.

~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEXT**

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEXT**
Try to download

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select

Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Please post
Malwarebytes' Anti-Malware log
FRST.txt & Addition.txt

gregw123 · Mar 6, 2016

Novice

I'm a novice, I can try this, but are there any programs you can buy that will fix it (DNS Unlcke) for me?
Will Spybot Home?
Thanks

Juliet · Mar 6, 2016

I'm not sure if there is.

I do know there is an option to buy the premium edition of Malwarebytes' Anti-Malware.
Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply

~~~~~~~~~~~~~~
NEXT**

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Malwarebytes' Anti-Malware
AdwCleaner[CX].txt
JRT.txt

gregw123 · Mar 7, 2016

Issues Still

I did it exactly as listed, so far. The green leaf icon DNS Unlocker is gone, but as I try to go to Malwarebytes to download, it keeps showing ads, changing screens, gong to a Windows help download fix page, etc. Soy issue is still there.
Should I run Sybot Search Destroy? I just bought it but haven't got it installed yet. Thank you so much,
Greg

Juliet · Mar 7, 2016

Please see what happens when you try these 2 tools.

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~
please post
AdwCleaner[CX].txt
JRT.txt

gregw123 · Mar 7, 2016

Got Malwarebytes Finely

I was finely able to get Malwarebytes downloaded. I did it all, except the Farbar program Ill do now.
But 1st, my other computer, Mini computer, 10 inch, Asus, Win 8? has same issue. Do I do same exact thing?
Thanks so much,
Greg

Below is my scan log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2016
Scan Time: 11:07 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.07.06
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: gregsw

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421926
Time Elapsed: 25 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, 6900, Delete-on-Reboot, [5d95c4c0d0c90432652108db45bce818]
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, 6900, Delete-on-Reboot, [25cddaaa1386b08624143c9dad5512ee]

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [0ae80e76a1f885b1ba9149eaf60e8f71],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [df134f35aeeb4ee82bb50662ad57e31d],
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [bb37d6aed7c2221495958ce5e222b34d],
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B7373A10-6BC7-46AB-A907-D40DAF430121}, Delete-on-Reboot, [5d9572121d7cca6c68b2027928dc5aa6],
PUP.Optional.ClousdScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSLOCKINGTON, Delete-on-Reboot, [cf23b0d456431224ef95759fa75ca957],
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, [2ec4f58fdcbdc670afc585f74aba6b95],
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [d61c1470dfbacb6bd378c370dc2824dc],
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [09e96123d5c4a19535f56f02857f26da],
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, [549e5c288f0a39fd398052292ed6e020],
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{61C981CE}, Quarantined, [3cb62b5921789c9a4dbd7d00798bb749],
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [589af98b9108181e16c7f3754abad32d],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-418580636-829134441-2959382271-500\SOFTWARE\ONE SYSTEM CARE, Quarantined, [d9194f357821bb7bc635967b50b40df3],

Registry Values: 9
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B7373A10-6BC7-46AB-A907-D40DAF430121}|Path, \DNSLOCKINGTON, Delete-on-Reboot, [5d9572121d7cca6c68b2027928dc5aa6]
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{61c981ce}|1, 1457039444, Quarantined, [3cb62b5921789c9a4dbd7d00798bb749]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{5e45fa53-0c8a-4043-af2f-746c2588257f}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [2fc32262b9e0f44272ce77fcb25236ca]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{6ab92cbe-c872-45fb-a36d-5d570c7d8cde}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [40b29de7b1e8e3537dc38ce7d62e916f]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{ddf053aa-3464-420b-99f0-075a013f3743}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [d51d98ec009932045be5e78c14f04fb1]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{ec133465-665d-4994-8246-91b528a002a2}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [a74bc0c4c3d661d55ce4e1925ca8619f]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-418580636-829134441-2959382271-500\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Quarantined, [d9194f357821bb7bc635967b50b40df3]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-418580636-829134441-2959382271-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002133/DriverPro.exe, Quarantined, [38bab2d2dbbe0333df1b1ff20ff5b24e]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-418580636-829134441-2959382271-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002133/LiveSupport.exe, Quarantined, [00f27e064c4d0d2905f5f71a4cb806fa]

Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Good: (8.8.8.8), Bad: (82.163.142.7 95.211.158.134),Replaced,[10e2a5dfbddc91a5eaaa967514f1c13f]

Folders: 3
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [e50df88c168357df80db9d3bfd050df3],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker, Delete-on-Reboot, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer, Quarantined, [3cb686fed0c966d0a37a5aad61a222de],

Files: 42
Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, Delete-on-Reboot, [5d95c4c0d0c90432652108db45bce818],
PUP.Optional.ClousdScout.BrwsrFlsh, C:\Windows\System32\Tasks\DNSLOCKINGTON, Quarantined, [50a2eb999009999d5e24d53f2dd68e72],
PUP.Optional.PricePeep, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [35bda6def4a5e84e0db9c94c0301db25],
PUP.Optional.PricePeep, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [eb07d2b2277278be9d292bea4eb6758b],
PUP.Optional.ReMarkable, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [7e74ed97a7f20d29eee7dc3b13f1cf31],
PUP.Optional.ReMarkable, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [a9492e563663ad8922b327f09d6747b9],
PUP.Optional.PastaLeads, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage, Quarantined, [40b221635d3ca98d2fa687ad10f4dd23],
PUP.Optional.PastaLeads, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage-journal, Quarantined, [2ac8d2b21a7fa78f9441062e90748977],
PUP.Optional.PastaLeads, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [17dba3e11881fb3bc11470c4b054926e],
PUP.Optional.PastaLeads, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [3cb6295bdbbede584e8785affb09b64a],
PUP.Optional.BestPriceNinja, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [b33fceb68811e84ef32ca1cb9371758b],
PUP.Optional.BestPriceNinja, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [10e2453fd1c80531081764080cf8be42],
PUP.Optional.BestPriceNinja, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [51a15c28277267cfa57a07652bd926da],
PUP.Optional.BestPriceNinja, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [2cc65232584140f645dab9b38f7552ae],
PUP.Optional.eShopComp, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, Quarantined, [cc26ee96bbdeb68055b1da97699bf010],
PUP.Optional.eShopComp, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [955d0e762475c4728383d899b94b5aa6],
PUP.Optional.eShopComp, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [37bb00848a0f6fc710f6274aac584db3],
PUP.Optional.eShopComp, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [45adb9cbf6a35bdb25e199d819ebce32],
PUP.Optional.CrossRider, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [3cb696ee801993a32b3a3f351aea8c74],
PUP.Optional.CrossRider, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [7979c2c214852610d5907df71fe5e61a],
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, Quarantined, [965cbcc8e9b07db9d099d5a46f953fc1],
PUP.Optional.ReMarkIt.PrxySvrRST, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, Quarantined, [27cbc4c01c7df2447aefef8a000429d7],
PUP.Optional.Amonetize.Gen, C:\ProgramData\a4448147-0541-0\BIT75BF.tmp, Quarantined, [faf8f292b1e870c615c9c8b10afa48b8],
PUP.Optional.Amonetize.Gen, C:\ProgramData\a4448147-4337-0\BIT4834.tmp, Quarantined, [6290e2a29cfd57df12cc95e43bc9b050],
PUP.Optional.UTop, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_utop.it_0.localstorage, Quarantined, [f1016d170b8e102649d74d30f21260a0],
PUP.Optional.UTop, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_utop.it_0.localstorage-journal, Quarantined, [8b67d5af3960ed4947d9b9c423e17888],
PUP.Optional.UTop, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [3cb6186c1c7d13238799205dda2aad53],
PUP.Optional.UTop, C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [db17f98b40591e18d94769144eb6a858],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\config.ini, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\DNSLOCKINGTON.cer, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, Delete-on-Reboot, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Info.rtf, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\License.rtf, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\settings.ini, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.dat, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.exe, Quarantined, [25cddaaa1386b08624143c9dad5512ee],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, Quarantined, [25cddaaa1386b08624143c9dad5512ee],

Physical Sectors: 0
(No malicious items detected)

(end)

gregw123 · Mar 7, 2016

Farbar Report

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by gregsw (2016-03-07 11:56:10)
Running from C:\Users\gregsw\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-19 11:49:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-418580636-829134441-2959382271-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-418580636-829134441-2959382271-503 - Limited - Disabled)
gregsw (S-1-5-21-418580636-829134441-2959382271-1001 - Administrator - Enabled) => C:\Users\gregsw
Guest (S-1-5-21-418580636-829134441-2959382271-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3M(TM) Cloud Library PC App 1.50 (HKLM-x32\...\3M(TM) Cloud Library PC App) (Version: 1.50 - 3M)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Amazon 1Button App (HKLM-x32\...\{8A7A4673-CB99-40B2-8699-FF46DFD05473}) (Version: 1.0.3 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother's Keeper 6.6 (HKLM-x32\...\Brother's Keeper 6.6) (Version: - )
Brother's Keeper 7.0 (HKLM-x32\...\Brother's Keeper 7.0) (Version: - )
calibre (HKLM-x32\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Cox TV Connect (HKLM-x32\...\{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}) (Version: 11.53.00 - Cox Communications)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DIRECTV Player (HKLM-x32\...\{d5698223-16c2-4651-a518-092994329493}) (Version: 12.1 - DIRECTV)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Infinite HD™ App (HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Multi Access - Total Protection (PC) (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.1.0.4 - NETGEAR)
NWZ-E360 WALKMAN Guide (HKLM-x32\...\{653A0F15-C146-46E8-8309-92A97ACEBEF6}) (Version: 2.1.0.14010 - Sony Corporation)
PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 13.0 - Corel)
PhotoImpact X3 (x32 Version: 13.0 - Corel) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
PocoMail 4.8 (Build 4400) (HKLM-x32\...\pocomail4_is1) (Version: - Pocomail.com)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SoftZipper (HKLM-x32\...\SoftZipper) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wondershare PDFelement(Build 5.5.2) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.5.2.2 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-418580636-829134441-2959382271-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\gregsw\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-418580636-829134441-2959382271-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D46CF14-D410-4A70-8708-87D7D518441A} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {15317404-B271-4D33-8C58-ADAD82641616} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {181D3F9D-7925-4A59-8E49-C4F984C50D70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1A505D4E-1921-472C-AF0A-C46EBF3C529B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F2ABCA-27AF-419A-BC13-53130C398BDA} - System32\Tasks\4836 => Wscript.exe C:\Users\gregsw\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {23006D17-518D-42A6-9838-C6FA2A079A7A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {24068976-E26E-4297-BDDB-72D2A3F7C313} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {242EA295-2EBB-4F59-A2F7-0F4FC16A6A35} - System32\Tasks\GoogleUpdateTaskMachineUA1cf493424fd5238 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {25B01EC3-AC64-4C7D-8501-BB378A0DBD93} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {2A60AD06-6C62-4C1D-BF48-AFC4A00787B2} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2DDB6049-18D7-470D-8D9D-A98319310997} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2E1D5CBE-280E-4428-BAD3-D0299F6A576E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {2F2E9E5B-B2EF-4851-8DAC-1B2706161229} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {3BD0503A-3F41-4BF2-9344-9AA94608C18B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D3D42EE-0A70-46A3-8E18-40172EEBC59C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {400877A2-CD85-4A39-8196-232642638C43} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-14] (Microsoft Corporation)
Task: {41CFB630-0A6F-4C6D-AB43-EF21BCDE0EC6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {450CA820-D1A3-438C-9F81-67FE506F8952} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {4F1B7639-2C08-4A56-B613-EACA44D54B74} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {6003D0BC-B29B-48B7-B562-BA1F253E1150} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-16] (Synaptics Incorporated)
Task: {65D0F664-7340-4975-AA1E-2A95E35CCC73} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6684A84D-C736-49D2-8C07-8E2CF2CA9342} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {691201B5-F7A0-4E99-8C97-0EC73ED5034F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {719F8A72-6D1A-4968-AE3B-E02AACB1C146} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7797E038-C5C8-458E-B003-3959AF3DCF88} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {90AD1974-B83F-493F-A0CD-0C78D9796DC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9902BB0C-0E7C-4E07-B8A6-4D980DFA650C} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-418580636-829134441-2959382271-1001
Task: {AAC685C2-EE68-48C1-AFD7-EA6669EC19F0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AD5A369C-CB1C-4B98-86ED-EED7728F14D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D332BC4C-7604-454D-8EE3-6F39CCBD2E96} - \{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A} -> No File <==== ATTENTION
Task: {D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DAF0C8DB-E7D0-4527-8145-13BE3DCC6331} - System32\Tasks\{69891C62-EF22-734B-4681-44A48C70D475} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
Task: {EE2B6976-B1FC-4424-838F-3878667BC4E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EFB38E09-123A-4784-B4BB-8B69A0E1903F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F208A1E4-7F3F-4C67-9E41-297DB5B9F99E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F520E062-2113-464E-ADAF-B4D0CFF29A1E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {FEA5DE20-5E8F-4AEC-B684-B54EDF20131A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf493424fd5238.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\WINDOWS\SysWOW64\PSIService.exe
2013-03-16 20:41 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-30 10:19 - 2012-09-03 16:41 - 00307488 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-03-02 10:05 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 10:05 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 08:11 - 2016-01-22 08:11 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-19 10:36 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 10:05 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 14:29 - 2016-01-04 18:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 14:29 - 2016-01-04 18:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 08:59 - 2016-01-15 22:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 08:59 - 2016-01-15 22:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-06-30 10:19 - 2012-11-01 18:03 - 08266016 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2012-10-24 09:18 - 2012-10-24 09:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-10-24 09:21 - 2012-10-24 09:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-10-24 09:21 - 2012-10-24 09:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-10-24 09:21 - 2012-10-24 09:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-30 10:19 - 2012-09-28 10:04 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2016-01-22 08:11 - 2016-01-22 08:11 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 08:11 - 2016-01-22 08:11 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-06-30 10:19 - 2012-07-19 17:13 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2013-03-16 20:40 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-25 13:33 - 2007-08-02 21:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2013-03-16 20:33 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [191]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-03-07 10:27 - 00000021 _RASH C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-418580636-829134441-2959382271-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "PocketCloud Location"
HKLM\...\StartupApproved\Run: => "Corel Photo Downloader"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Corel Photo Downloader"
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\StartupApproved\Run: => "PCShowServer"
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9A5D9DD2-A4E3-41AD-A27F-AE4B586C7729}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1E31486D-376A-4828-8D24-7AD115B006E0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{07857A59-642F-4DB2-8F8F-C50D7229E8D3}] => (Allow) LPort=51001
FirewallRules: [{EC934D2D-1A9C-4C53-868B-4D4A6B9F557C}] => (Allow) LPort=51001
FirewallRules: [{F2B46329-11AE-410F-ADF3-93F20FA7B4F9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FB53F857-254D-4EEE-9373-00687BF71248}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6B150F32-3A93-4C9A-9A94-9ADE5DE86532}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{68362DE4-233C-4E53-A09B-D760D8DB3310}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{50AA8813-75A6-4CB4-98DD-97F60A14B318}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{39125BC3-094E-4F83-B08F-F1B604E11AA4}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{6774F063-D632-4F12-9817-6171B2714F7C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0D23A642-EEC6-4C49-9E5B-7F4ECD3913EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D273E600-D36D-495B-ACF0-47E05EAF9E70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DA84197-420C-482C-889E-BF36E1F78FD7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD28E20A-46D4-4F1C-9991-D40394F21F82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E998F3D3-20E2-4CA6-861C-BCB545177027}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{F3803654-8E11-40C2-99FD-C2EFD5417813}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
FirewallRules: [{1375A619-BE80-4804-BF7A-C46AA97E73C8}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{5E93D6D9-33C2-4304-8E82-A211BC1674B8}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{C14D1569-5AB8-4E49-9446-26DFD464CA67}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{8D38DAC2-10AF-4AC3-A883-D008796E6FA3}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{31AE9612-5A51-45B3-9835-54012E5B7278}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BE180FFD-C80E-4B36-AA61-CCB58F6B39D9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{66422EFB-B0AB-4260-8886-9FA9D622D930}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{5985D6DB-E5FE-4A3B-987E-AF58967E852E}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe
FirewallRules: [{C277CADE-3F5E-435F-8A7B-6826090F4A38}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe
FirewallRules: [{F6915FCD-0D95-4A3B-8538-259DA248D7A0}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe
FirewallRules: [{600C68C9-DDBF-421D-8116-9E960574BA33}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{50D1A6EC-8C2E-400B-86E1-DD16BA96E660}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{04F2C152-82A8-4E6B-BACD-96EDDCA5C51F}] => (Allow) LPort=1900
FirewallRules: [{A342085D-4894-4612-A838-4BA85B2D7E29}] => (Allow) LPort=2869
FirewallRules: [{61B4CBA5-303B-4E03-B247-EFA301B404C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FE9F5EC0-B399-46AB-8402-5915280FCA09}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{4C5892DA-D9B0-4B93-AFEC-E2D1163A062C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{E73C64BD-1B64-4B48-9A9A-6A795F08B64A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C1F3C035-8154-4882-9280-D6839FECD5AC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{DBBF9EB6-21E7-4141-828E-B159AD107F1E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{533DD88D-CFA2-4F7B-8CDB-BA33EE0F8F09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{D9BDA325-1597-4215-B5AB-1AA819EFEF8B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{C028B4C6-99D7-4C06-9E46-57B4357547D0}] => (Allow) LPort=5357
FirewallRules: [{B79AFDA3-8742-4836-9C6E-872C239F469B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ED37B97D-70B6-457D-96E0-0F7F9C94FCB4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-02-2016 16:01:18 McAfee Vulnerability Scanner
26-02-2016 08:37:51 McAfee Vulnerability Scanner
02-03-2016 11:26:23 Windows Update
02-03-2016 11:27:42 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2016 11:52:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 11:40:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 11:38:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 11:34:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 11:29:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 11:14:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 10:59:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 10:32:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 10:30:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/07/2016 10:28:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREG)
Description: Activation of app B-sideSoftware.Tweetium_eq7kkbyjh4j3c!App failed with error: -1058406399 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (03/07/2016 11:52:11 AM) (Source: DCOM) (EventID: 10001) (User: GREG)
Description: "C:\WINDOWS\system32\wwahost.exe" -ServerName:App.wwa.bt3236560897App.AppXs0vytrnhqjdkv6s38h1wt28h5apvxtvd.wwaUnavailableUnavailable

Error: (03/07/2016 11:40:56 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (03/07/2016 11:40:51 AM) (Source: DCOM) (EventID: 10001) (User: GREG)
Description: "C:\WINDOWS\system32\wwahost.exe" -ServerName:App.wwa.bt3236560897App.AppXs0vytrnhqjdkv6s38h1wt28h5apvxtvd.wwaUnavailableUnavailable

Error: (03/07/2016 11:38:59 AM) (Source: DCOM) (EventID: 10001) (User: GREG)
Description: "C:\WINDOWS\system32\wwahost.exe" -ServerName:App.wwa.bt3236560897App.AppXs0vytrnhqjdkv6s38h1wt28h5apvxtvd.wwaUnavailableUnavailable

Error: (03/07/2016 11:37:16 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402.

Error: (03/07/2016 11:36:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4f500 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/07/2016 11:36:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4f500 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/07/2016 11:36:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4f500 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/07/2016 11:36:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4f500 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/07/2016 11:36:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
Date: 2016-03-02 11:40:04.661
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 07:42:43.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-11 03:36:42.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-29 03:38:30.355
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-13 07:44:00.234
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 08:23:39.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 17:39:35.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-30 07:54:35.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-26 07:52:56.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-21 03:34:38.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 46%
Total physical RAM: 3965.27 MB
Available physical RAM: 2109.62 MB
Total Virtual: 4669.27 MB
Available Virtual: 2753.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.97 GB) (Free:394.55 GB) NTFS
Drive d: (DATCARD) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7E2C90C2)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End of Addition.txt ============================

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by gregsw (administrator) on GREG (07-03-2016 11:54:05)
Running from C:\Users\gregsw\Downloads
Loaded Profiles: gregsw (Available Profiles: gregsw & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Octoshape ApS) C:\Users\gregsw\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723392 2015-12-03] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\Run: [PCShowServer] => C:\Users\gregsw\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631520 2015-05-21] (Cisco)
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\Run: [Octoshape Streaming Services] => C:\Users\gregsw\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-418580636-829134441-2959382271-1001\...\MountPoints2: {04937597-8eaf-11e2-be66-806e6f6e6963} - "D:\dcsstart.exe"
HKU\S-1-5-21-418580636-829134441-2959382271-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-06-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2013-06-30]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\gregsw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk [2016-03-07]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{5e45fa53-0c8a-4043-af2f-746c2588257f}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{6ab92cbe-c872-45fb-a36d-5d570c7d8cde}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{ddf053aa-3464-420b-99f0-075a013f3743}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{ec133465-665d-4994-8246-91b528a002a2}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-418580636-829134441-2959382271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-418580636-829134441-2959382271-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> DefaultScope {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {47927663-4FAA-462D-B456-7FFB0F644880} URL =
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-20] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-418580636-829134441-2959382271-1001: @nds.com/PlayerPlugin -> C:\Users\gregsw\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
FF Plugin HKU\S-1-5-21-418580636-829134441-2959382271-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\gregsw\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-418580636-829134441-2959382271-1001: NDS.com/PlayerPlugin -> C:\Users\gregsw\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
FF Plugin ProgramFiles/Appdata: C:\Users\gregsw\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-09-13] (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US636D20140710&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Profile: C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Unicode) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahgignikbpeboaanhpliahmojhiacjcn [2016-01-19]
CHR Extension: (Google Docs) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (SiteAdvisor) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-07]
CHR Extension: (Emojis Twitter) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcilbaojimpjmkhnhhmelignafnhegmp [2016-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Emoji Keyboard Online) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpddadjijiaimjhklcogfooopekkdiah [2016-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\gregsw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-17] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307488 2012-09-03] ()
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-17] (Qualcomm Atheros Communications, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-12-17] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 11:54 - 2016-03-07 11:55 - 00029201 _____ C:\Users\gregsw\Downloads\FRST.txt
2016-03-07 11:53 - 2016-03-07 11:54 - 00000000 ____D C:\FRST
2016-03-07 11:51 - 2016-03-07 11:52 - 02374144 _____ (Farbar) C:\Users\gregsw\Downloads\FRST64.exe
2016-03-07 11:42 - 2016-03-07 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-07 10:59 - 2016-03-07 10:59 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-07 10:59 - 2016-03-07 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-07 10:59 - 2016-03-07 10:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-07 10:59 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-07 10:59 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-07 10:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-07 10:49 - 2016-03-07 10:52 - 22908888 _____ (Malwarebytes ) C:\Users\gregsw\Downloads\mbam-setup-web.NT-2.2.0.1024.exe
2016-03-07 10:19 - 2016-03-07 11:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 10:16 - 2016-03-07 10:16 - 22908888 _____ (Malwarebytes ) C:\Users\gregsw\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-07 09:42 - 2016-03-07 09:42 - 00448512 _____ (OldTimer Tools) C:\Users\gregsw\Downloads\TFC.exe
2016-03-07 07:26 - 2016-03-07 07:26 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-03-06 12:54 - 2016-03-06 12:54 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-03-05 13:24 - 2016-03-05 13:24 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-GREG-Windows-10-Home-(64-bit).dat
2016-03-05 13:24 - 2016-03-05 13:24 - 00000000 ____D C:\RegBackup
2016-03-05 13:23 - 2016-03-05 13:23 - 00016399 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-03-05 13:23 - 2016-03-05 13:23 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-03-05 13:23 - 2016-03-05 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-05 13:23 - 2016-03-05 13:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-03-05 13:22 - 2016-03-05 13:22 - 04777232 _____ (Tweaking.com) C:\Users\gregsw\Downloads\tweaking.com_registry_backup_setup.exe
2016-03-05 13:22 - 2016-03-05 13:22 - 04777232 _____ (Tweaking.com) C:\Users\gregsw\Downloads\tweaking.com_registry_backup_setup (1).exe
2016-03-05 09:41 - 2016-03-05 09:41 - 00197594 _____ C:\Users\gregsw\Documents\Print documents - Alaska Airlines.pdf
2016-03-05 08:27 - 2016-03-05 08:27 - 00193502 _____ C:\Users\gregsw\Downloads\[L.M._Montgomery]_Rainbow_Valley_(Anne_of_Green_Ga(BookSee.org).epub
2016-03-05 08:27 - 2016-03-05 08:27 - 00193502 _____ C:\Users\gregsw\Downloads\[L.M._Montgomery]_Rainbow_Valley_(Anne_of_Green_Ga(BookSee.org) (1).epub
2016-03-04 16:10 - 2016-03-04 16:10 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (7).exe
2016-03-04 12:44 - 2016-03-04 12:44 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (6).exe
2016-03-04 12:43 - 2016-03-04 12:43 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (5).exe
2016-03-04 08:46 - 2016-03-04 08:47 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (4).exe
2016-03-04 08:42 - 2016-03-04 08:42 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (3).exe
2016-03-04 08:37 - 2016-03-04 12:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-04 08:36 - 2016-03-04 08:36 - 00558312 _____ (Safer-Networking Ltd. ) C:\Users\gregsw\Downloads\spybot2-license (2).exe
2016-03-03 14:15 - 2016-03-07 11:35 - 00000000 ____D C:\ProgramData\a4448147-4337-0
2016-03-03 14:10 - 2016-03-07 11:35 - 00000000 ____D C:\ProgramData\a4448147-0541-0
2016-03-03 14:10 - 2016-03-03 14:10 - 00003882 _____ C:\WINDOWS\System32\Tasks\{69891C62-EF22-734B-4681-44A48C70D475}
2016-03-03 14:10 - 2016-03-03 14:10 - 00000000 ____D C:\ProgramData\61c981ce
2016-03-03 14:10 - 2016-03-03 14:10 - 00000000 ____D C:\ProgramData\{1e32524b-412c-0}
2016-03-03 14:10 - 2016-03-03 14:10 - 00000000 ____D C:\ProgramData\{13c53c4e-012c-1}
2016-03-03 14:10 - 2016-03-03 14:10 - 00000000 ____D C:\ProgramData\{13c53c4e-012c-0}
2016-03-02 10:06 - 2016-02-23 04:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-02 10:06 - 2016-02-23 04:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 10:06 - 2016-02-23 04:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-02 10:06 - 2016-02-23 04:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-02 10:06 - 2016-02-23 04:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-02 10:06 - 2016-02-23 03:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 10:06 - 2016-02-23 03:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 10:06 - 2016-02-23 03:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 10:06 - 2016-02-23 03:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 10:06 - 2016-02-23 03:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-02 10:06 - 2016-02-23 02:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-02 10:06 - 2016-02-23 02:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 10:06 - 2016-02-23 02:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 10:06 - 2016-02-23 02:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-02 10:06 - 2016-02-23 01:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 10:06 - 2016-02-23 01:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 10:06 - 2016-02-23 01:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 10:06 - 2016-02-23 01:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 10:06 - 2016-02-23 01:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 10:06 - 2016-02-23 01:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 10:06 - 2016-02-23 01:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 10:06 - 2016-02-23 00:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 10:06 - 2016-02-23 00:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 10:06 - 2016-02-23 00:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-02 10:06 - 2016-02-23 00:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-02 10:06 - 2016-02-23 00:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 10:06 - 2016-02-23 00:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 10:06 - 2016-02-23 00:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 10:06 - 2016-02-23 00:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 10:06 - 2016-02-22 23:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 10:06 - 2016-02-22 23:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 10:06 - 2016-02-22 23:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 10:06 - 2016-02-22 23:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 10:06 - 2016-02-22 23:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-02 10:06 - 2016-02-22 23:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 10:06 - 2016-02-22 23:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-02 10:06 - 2016-02-22 23:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 10:06 - 2016-02-22 23:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-02 10:06 - 2016-02-22 23:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-02 10:06 - 2016-02-22 23:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 10:06 - 2016-02-22 23:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 10:06 - 2016-02-08 20:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 10:06 - 2016-02-08 20:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 10:06 - 2016-02-08 20:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-02 10:05 - 2016-02-23 04:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 10:05 - 2016-02-23 04:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 10:05 - 2016-02-23 04:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 10:05 - 2016-02-23 04:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 10:05 - 2016-02-23 04:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 10:05 - 2016-02-23 04:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 10:05 - 2016-02-23 04:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 10:05 - 2016-02-23 04:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 10:05 - 2016-02-23 04:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-02 10:05 - 2016-02-23 04:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 10:05 - 2016-02-23 03:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 10:05 - 2016-02-23 03:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 10:05 - 2016-02-23 03:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 10:05 - 2016-02-23 03:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 10:05 - 2016-02-23 03:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 03:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 10:05 - 2016-02-23 03:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 10:05 - 2016-02-23 03:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 03:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-02 10:05 - 2016-02-23 03:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 10:05 - 2016-02-23 03:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 10:05 - 2016-02-23 03:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 10:05 - 2016-02-23 03:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 10:05 - 2016-02-23 03:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 10:05 - 2016-02-23 03:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 10:05 - 2016-02-23 03:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 10:05 - 2016-02-23 02:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-02 10:05 - 2016-02-23 02:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 10:05 - 2016-02-23 02:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-02 10:05 - 2016-02-23 02:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-02 10:05 - 2016-02-23 02:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-02 10:05 - 2016-02-23 02:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-02 10:05 - 2016-02-23 02:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-02 10:05 - 2016-02-23 02:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 10:05 - 2016-02-23 02:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 10:05 - 2016-02-23 02:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 10:05 - 2016-02-23 02:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 10:05 - 2016-02-23 02:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 10:05 - 2016-02-23 02:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 10:05 - 2016-02-23 02:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 10:05 - 2016-02-23 02:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 10:05 - 2016-02-23 02:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 10:05 - 2016-02-23 02:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 10:05 - 2016-02-23 02:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 10:05 - 2016-02-23 02:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 10:05 - 2016-02-23 02:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 10:05 - 2016-02-23 02:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 10:05 - 2016-02-23 02:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 10:05 - 2016-02-23 02:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 10:05 - 2016-02-23 02:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 10:05 - 2016-02-23 02:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 10:05 - 2016-02-23 02:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 10:05 - 2016-02-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 10:05 - 2016-02-23 01:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-02 10:05 - 2016-02-23 01:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 10:05 - 2016-02-23 01:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 10:05 - 2016-02-23 01:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 10:05 - 2016-02-23 01:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-02 10:05 - 2016-02-23 01:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 10:05 - 2016-02-23 01:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-02 10:05 - 2016-02-23 01:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-02 10:05 - 2016-02-23 01:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-02 10:05 - 2016-02-23 01:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 10:05 - 2016-02-23 01:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 10:05 - 2016-02-23 01:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 10:05 - 2016-02-23 01:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 10:05 - 2016-02-23 01:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 10:05 - 2016-02-23 01:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 10:05 - 2016-02-23 01:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 10:05 - 2016-02-23 01:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 10:05 - 2016-02-23 01:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 10:05 - 2016-02-23 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 10:05 - 2016-02-23 01:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 10:05 - 2016-02-23 01:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 10:05 - 2016-02-23 01:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 10:05 - 2016-02-23 01:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 10:05 - 2016-02-23 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 10:05 - 2016-02-23 01:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 10:05 - 2016-02-23 01:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 10:05 - 2016-02-23 01:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 10:05 - 2016-02-23 01:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 10:05 - 2016-02-23 01:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 10:05 - 2016-02-23 01:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-02 10:05 - 2016-02-23 01:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 10:05 - 2016-02-23 01:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-02 10:05 - 2016-02-23 01:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 10:05 - 2016-02-23 01:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 10:05 - 2016-02-23 01:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-02 10:05 - 2016-02-23 01:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-02 10:05 - 2016-02-23 01:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 10:05 - 2016-02-23 01:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 10:05 - 2016-02-23 01:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-02 10:05 - 2016-02-23 01:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 10:05 - 2016-02-23 01:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 10:05 - 2016-02-23 01:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 01:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 10:05 - 2016-02-23 01:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 10:05 - 2016-02-23 01:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 10:05 - 2016-02-23 01:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 10:05 - 2016-02-23 01:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 10:05 - 2016-02-23 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 10:05 - 2016-02-23 01:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-02 10:05 - 2016-02-23 01:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-02 10:05 - 2016-02-23 01:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-02 10:05 - 2016-02-23 01:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 10:05 - 2016-02-23 01:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-02 10:05 - 2016-02-23 01:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 10:05 - 2016-02-23 01:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 10:05 - 2016-02-23 01:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 10:05 - 2016-02-23 01:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-02 10:05 - 2016-02-23 01:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 10:05 - 2016-02-23 01:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 10:05 - 2016-02-23 01:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-02 10:05 - 2016-02-23 01:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 10:05 - 2016-02-23 01:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 10:05 - 2016-02-23 01:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 10:05 - 2016-02-23 01:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 10:05 - 2016-02-23 01:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 10:05 - 2016-02-23 01:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 10:05 - 2016-02-23 01:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 10:05 - 2016-02-23 01:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 10:05 - 2016-02-23 00:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 10:05 - 2016-02-23 00:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 10:05 - 2016-02-23 00:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 10:05 - 2016-02-23 00:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 10:05 - 2016-02-23 00:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-02 10:05 - 2016-02-23 00:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 10:05 - 2016-02-23 00:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 10:05 - 2016-02-23 00:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 10:05 - 2016-02-23 00:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-02 10:05 - 2016-02-23 00:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 10:05 - 2016-02-23 00:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 10:05 - 2016-02-23 00:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 10:05 - 2016-02-23 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 10:05 - 2016-02-23 00:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-02 10:05 - 2016-02-23 00:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 10:05 - 2016-02-23 00:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 10:05 - 2016-02-23 00:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 10:05 - 2016-02-23 00:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 10:05 - 2016-02-23 00:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 10:05 - 2016-02-23 00:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-02 10:05 - 2016-02-23 00:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-02 10:05 - 2016-02-23 00:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 10:05 - 2016-02-23 00:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-02 10:05 - 2016-02-23 00:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 10:05 - 2016-02-23 00:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 10:05 - 2016-02-23 00:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 10:05 - 2016-02-23 00:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-02 10:05 - 2016-02-23 00:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-02 10:05 - 2016-02-23 00:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-02 10:05 - 2016-02-23 00:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 10:05 - 2016-02-23 00:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 10:05 - 2016-02-23 00:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 10:05 - 2016-02-23 00:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 10:05 - 2016-02-23 00:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 10:05 - 2016-02-23 00:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 10:05 - 2016-02-23 00:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 10:05 - 2016-02-23 00:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 10:05 - 2016-02-23 00:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 10:05 - 2016-02-23 00:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 10:05 - 2016-02-22 23:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 10:05 - 2016-02-22 23:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 10:05 - 2016-02-22 23:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-02 10:05 - 2016-02-22 23:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 10:05 - 2016-02-22 23:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 10:05 - 2016-02-22 23:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 10:05 - 2016-02-22 23:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 10:05 - 2016-02-22 23:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 10:05 - 2016-02-22 23:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 10:05 - 2016-02-22 23:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-02 10:05 - 2016-02-22 23:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 10:05 - 2016-02-22 23:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 10:05 - 2016-02-22 23:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 10:05 - 2016-02-22 23:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 10:05 - 2016-02-22 23:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-02 10:05 - 2016-02-08 21:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 10:05 - 2016-02-08 21:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 10:05 - 2016-02-08 20:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 10:05 - 2016-02-08 20:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 10:05 - 2016-02-08 20:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-28 13:35 - 2016-02-28 13:35 - 00987728 _____ (Google Inc.) C:\Users\gregsw\Downloads\ChromeSetup (1).exe
2016-02-28 13:33 - 2016-02-28 13:33 - 00987728 _____ (Google Inc.) C:\Users\gregsw\Downloads\ChromeSetup.exe
2016-02-15 12:57 - 2016-02-15 12:57 - 00000000 ____D C:\Users\gregsw\AppData\Local\DatCard Systems, Inc
2016-02-14 16:54 - 2016-02-14 16:54 - 00000000 ____D C:\Users\gregsw\Documents\New folder
2016-02-10 08:48 - 2016-01-28 23:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 08:48 - 2016-01-28 23:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 08:48 - 2016-01-26 23:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 08:48 - 2016-01-26 23:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 08:48 - 2016-01-26 22:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 08:48 - 2016-01-26 22:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 08:48 - 2016-01-26 22:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 08:48 - 2016-01-26 22:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 08:48 - 2016-01-26 22:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 08:48 - 2016-01-26 22:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 08:48 - 2016-01-26 22:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 08:48 - 2016-01-26 22:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 08:48 - 2016-01-26 22:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 08:48 - 2016-01-26 21:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 08:48 - 2016-01-26 21:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 08:48 - 2016-01-26 21:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 08:48 - 2016-01-26 21:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 08:48 - 2016-01-26 21:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 08:47 - 2016-01-26 22:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 08:47 - 2016-01-26 22:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 08:47 - 2016-01-26 22:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 08:47 - 2016-01-26 22:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 08:47 - 2016-01-26 22:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 08:47 - 2016-01-26 22:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 08:47 - 2016-01-26 22:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 08:47 - 2016-01-26 22:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 08:47 - 2016-01-26 22:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 08:47 - 2016-01-26 22:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 08:47 - 2016-01-26 22:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 08:47 - 2016-01-26 21:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 08:47 - 2016-01-26 21:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 08:47 - 2016-01-26 21:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 08:47 - 2016-01-26 21:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 08:47 - 2016-01-26 21:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 12:19 - 2016-02-08 11:25 - 00188540 _____ C:\Users\gregsw\Documents\20160205123207.pdf
2016-02-08 11:34 - 2016-02-08 11:25 - 00221245 _____ C:\Users\gregsw\Documents\20160205130322.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-07 11:38 - 2014-07-13 12:58 - 00000000 __SHD C:\Users\gregsw\IntelGraphicsProfiles
2016-03-07 11:38 - 2013-06-07 15:04 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-07 11:37 - 2015-12-19 04:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-07 11:36 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-07 11:35 - 2014-12-31 18:30 - 00000000 ____D C:\ProgramData\APN
2016-03-07 11:25 - 2014-03-26 13:44 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf493424fd5238.job
2016-03-07 10:50 - 2013-05-16 16:31 - 00000000 ____D C:\Users\gregsw\AppData\Roaming\Pocomail
2016-03-07 10:41 - 2013-05-16 14:53 - 00000000 ____D C:\Users\gregsw\Documents\my notes and stuff
2016-03-07 09:13 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-07 09:13 - 2015-07-31 13:56 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-07 07:31 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-07 07:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-07 07:26 - 2014-07-11 19:47 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E00BFC40-96FD-4A9B-A6B6-E6C176D66B26}
2016-03-06 20:32 - 2016-01-30 10:23 - 00000000 ____D C:\Users\gregsw\Documents\Fan
2016-03-06 19:34 - 2015-07-31 15:16 - 00001536 _____ C:\WINDOWS\MKDEWE.TRN
2016-03-03 16:51 - 2015-10-10 13:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-03 16:50 - 2015-12-19 04:12 - 00000000 ____D C:\Users\gregsw
2016-03-03 16:48 - 2013-06-07 15:06 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-03 16:48 - 2013-06-07 15:06 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-03 14:11 - 2016-01-22 20:45 - 00000000 ____D C:\ProgramData\7affe628-7075-1
2016-03-03 14:11 - 2016-01-22 20:45 - 00000000 ____D C:\ProgramData\7affe628-3891-0
2016-03-03 09:09 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-02 11:42 - 2013-05-16 14:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-02 11:38 - 2015-12-19 04:04 - 00357752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-02 11:34 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-02 11:34 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-02 11:34 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-02 11:34 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-02 11:31 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-02 09:37 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-29 07:57 - 2013-03-16 20:43 - 00000000 ____D C:\ProgramData\McAfee
2016-02-21 21:07 - 2015-12-24 12:20 - 00030208 ____H C:\Users\gregsw\Documents\~WRL2515.tmp
2016-02-21 12:46 - 2013-05-16 13:24 - 00000000 ____D C:\Users\gregsw\AppData\Local\Packages
2016-02-20 19:10 - 2015-11-20 12:08 - 00000000 ____D C:\Users\gregsw\.oracle_jre_usage
2016-02-20 19:10 - 2015-01-01 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-20 19:10 - 2015-01-01 13:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-20 19:10 - 2014-09-07 12:13 - 00000000 ____D C:\ProgramData\Oracle
2016-02-20 19:09 - 2015-01-01 13:42 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-19 16:10 - 2015-09-01 18:15 - 00000000 ____D C:\Users\gregsw\AppData\Roaming\Skype
2016-02-19 16:03 - 2015-09-01 18:15 - 00000000 ____D C:\ProgramData\Skype
2016-02-16 14:42 - 2015-12-24 12:20 - 00034816 ____H C:\Users\gregsw\Documents\~WRL0517.tmp
2016-02-14 08:42 - 2013-07-20 09:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-14 08:34 - 2013-05-17 12:13 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-13 19:39 - 2015-12-24 12:20 - 00034304 ____H C:\Users\gregsw\Documents\~WRL2148.tmp
2016-02-10 20:16 - 2015-12-24 12:20 - 00032768 ____H C:\Users\gregsw\Documents\~WRL2364.tmp
2016-02-10 16:48 - 2015-12-24 12:20 - 00033280 ____H C:\Users\gregsw\Documents\~WRL0879.tmp

==================== Files in the root of some directories =======

2013-05-18 18:11 - 2013-12-05 16:29 - 0092682 _____ () C:\Users\gregsw\AppData\Roaming\AbsoluteReminder.xml
2013-06-06 19:14 - 2014-06-23 15:15 - 0001355 _____ () C:\Users\gregsw\AppData\Roaming\SAS7_000.DAT
2014-01-31 14:52 - 2014-01-31 14:52 - 0007609 _____ () C:\Users\gregsw\AppData\Local\Resmon.ResmonCfg
2013-05-17 14:20 - 2013-05-17 14:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-19 04:09 - 2015-12-19 04:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-16 20:43 - 2013-03-16 20:43 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-03-16 20:39 - 2013-03-16 20:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-03-16 20:40 - 2013-03-16 20:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-03-16 20:39 - 2013-03-16 20:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-03-16 20:41 - 2013-03-16 20:43 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-06 09:43

==================== End of FRST.txt ============================

Juliet · Mar 7, 2016

My Goodness!
That took out a lot.

Please try the below and post the logs please, also,

I did it all, except the Farbar program Ill do now.
But 1st, my other computer, Mini computer, 10 inch, Asus, Win 8? has same issue. Do I do same exact thing?

As for the other computers we can help there after we clean this and, please 1 at a time.

Juliet said:
Please see what happens when you try these 2 tools.

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.

Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.

Follow the prompts.

Click Scan.

Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.

Ensure anything you know to be legitimate does not have a checkmark, and click Clean.

Follow the prompts and allow your computer to reboot.

After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~
please post
AdwCleaner[CX].txt
JRT.txt

Juliet · Mar 7, 2016

Want to make sure you saw my last post?

gregw123 · Mar 7, 2016

The one about posting FRST

I saw the one about posting the 2 logs from FRST, I did that?
And starting the other computer after this is done?

Greg

Juliet · Mar 7, 2016

Let's do this, should be for the first computer.

Running from C:\Users\gregsw\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:

Task: {181D3F9D-7925-4A59-8E49-C4F984C50D70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1A505D4E-1921-472C-AF0A-C46EBF3C529B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F2ABCA-27AF-419A-BC13-53130C398BDA} - System32\Tasks\4836 => Wscript.exe C:\Users\gregsw\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {24068976-E26E-4297-BDDB-72D2A3F7C313} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {2DDB6049-18D7-470D-8D9D-A98319310997} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3BD0503A-3F41-4BF2-9344-9AA94608C18B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D3D42EE-0A70-46A3-8E18-40172EEBC59C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6684A84D-C736-49D2-8C07-8E2CF2CA9342} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719F8A72-6D1A-4968-AE3B-E02AACB1C146} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AD5A369C-CB1C-4B98-86ED-EED7728F14D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D332BC4C-7604-454D-8EE3-6F39CCBD2E96} - \{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A} -> No File <==== ATTENTION
Task: {D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE2B6976-B1FC-4424-838F-3878667BC4E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F520E062-2113-464E-ADAF-B4D0CFF29A1E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {FEA5DE20-5E8F-4AEC-B684-B54EDF20131A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [191]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> DefaultScope {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {47927663-4FAA-462D-B456-7FFB0F644880} URL =
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
Toolbar: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

gregw123 · Mar 7, 2016

FixList

i hope I did it right, I put both on the desktop..

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by gregsw (2016-03-07 13:00:13) Run:1
Running from C:\Users\gregsw\Desktop
Loaded Profiles: gregsw (Available Profiles: gregsw & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:

Task: {181D3F9D-7925-4A59-8E49-C4F984C50D70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1A505D4E-1921-472C-AF0A-C46EBF3C529B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {20F2ABCA-27AF-419A-BC13-53130C398BDA} - System32\Tasks\4836 => Wscript.exe C:\Users\gregsw\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {24068976-E26E-4297-BDDB-72D2A3F7C313} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {2DDB6049-18D7-470D-8D9D-A98319310997} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3BD0503A-3F41-4BF2-9344-9AA94608C18B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D3D42EE-0A70-46A3-8E18-40172EEBC59C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6684A84D-C736-49D2-8C07-8E2CF2CA9342} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719F8A72-6D1A-4968-AE3B-E02AACB1C146} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AD5A369C-CB1C-4B98-86ED-EED7728F14D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D332BC4C-7604-454D-8EE3-6F39CCBD2E96} - \{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A} -> No File <==== ATTENTION
Task: {D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE2B6976-B1FC-4424-838F-3878667BC4E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F520E062-2113-464E-ADAF-B4D0CFF29A1E} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {FEA5DE20-5E8F-4AEC-B684-B54EDF20131A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [191]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> DefaultScope {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {47927663-4FAA-462D-B456-7FFB0F644880} URL =
SearchScopes: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> {546AE48D-C42D-45B9-B67E-99801CFAA413} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US636D20140710&p={searchTerms}
Toolbar: HKU\S-1-5-21-418580636-829134441-2959382271-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181D3F9D-7925-4A59-8E49-C4F984C50D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181D3F9D-7925-4A59-8E49-C4F984C50D70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A505D4E-1921-472C-AF0A-C46EBF3C529B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A505D4E-1921-472C-AF0A-C46EBF3C529B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20F2ABCA-27AF-419A-BC13-53130C398BDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F2ABCA-27AF-419A-BC13-53130C398BDA}" => key removed successfully
C:\WINDOWS\System32\Tasks\4836 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4836" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24068976-E26E-4297-BDDB-72D2A3F7C313}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24068976-E26E-4297-BDDB-72D2A3F7C313}" => key removed successfully
C:\WINDOWS\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DDB6049-18D7-470D-8D9D-A98319310997}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DDB6049-18D7-470D-8D9D-A98319310997}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BD0503A-3F41-4BF2-9344-9AA94608C18B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BD0503A-3F41-4BF2-9344-9AA94608C18B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D3D42EE-0A70-46A3-8E18-40172EEBC59C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D3D42EE-0A70-46A3-8E18-40172EEBC59C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6684A84D-C736-49D2-8C07-8E2CF2CA9342}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6684A84D-C736-49D2-8C07-8E2CF2CA9342}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719F8A72-6D1A-4968-AE3B-E02AACB1C146}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719F8A72-6D1A-4968-AE3B-E02AACB1C146}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD5A369C-CB1C-4B98-86ED-EED7728F14D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5A369C-CB1C-4B98-86ED-EED7728F14D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D332BC4C-7604-454D-8EE3-6F39CCBD2E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D332BC4C-7604-454D-8EE3-6F39CCBD2E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D7F7E47-0A0B-0A08-0D11-0B090A0A117A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4BB8FD6-8F64-47A9-8372-4BDA2C39D4E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE2B6976-B1FC-4424-838F-3878667BC4E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE2B6976-B1FC-4424-838F-3878667BC4E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F520E062-2113-464E-ADAF-B4D0CFF29A1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F520E062-2113-464E-ADAF-B4D0CFF29A1E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA5DE20-5E8F-4AEC-B684-B54EDF20131A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA5DE20-5E8F-4AEC-B684-B54EDF20131A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47927663-4FAA-462D-B456-7FFB0F644880}" => key removed successfully
HKCR\CLSID\{47927663-4FAA-462D-B456-7FFB0F644880} => key not found.
"HKU\S-1-5-21-418580636-829134441-2959382271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{546AE48D-C42D-45B9-B67E-99801CFAA413}" => key removed successfully
HKCR\CLSID\{546AE48D-C42D-45B9-B67E-99801CFAA413} => key not found.
HKU\S-1-5-21-418580636-829134441-2959382271-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
Chrome HomePage => removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => not found.
C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A66D8006-0714-4913-B408-685439F46246}.
{DFFE5B05-CB94-48D7-91A8-EE6854B1F000} canceled.
{CA771615-4507-4DC5-91DC-3E31BCEF6B96} canceled.
{7FD5F69D-1725-4D9E-9F15-BF973EBEDE09} canceled.
{B2B5E1A5-E6F9-4B39-ACFA-5CB37FE6FDAB} canceled.
{9D12EC69-F894-4C96-B132-B946B6C70A10} canceled.
{A3D681FA-3417-4375-BE8C-D832A3922A4B} canceled.
6 out of 7 jobs canceled.

========= End of CMD: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

EmptyTemp: => 536.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 13:02:19 ====

Juliet · Mar 7, 2016

Good
Waiting for
AdwCleaner[CX].txt
JRT.txt

gregw123 · Mar 7, 2016

Adwcleaner

# AdwCleaner v5.101 - Logfile created 07/03/2016 at 13:26:28
# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : gregsw - GREG
# Running from : C:\Users\gregsw\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\OneSystemCare
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\61c981ce
Folder Found : C:\ProgramData\7affe628-3891-0
Folder Found : C:\ProgramData\7affe628-7075-1
Folder Found : C:\ProgramData\a4448147-0541-0
Folder Found : C:\ProgramData\a4448147-4337-0
Folder Found : C:\ProgramData\{13c53c4e-012c-0}
Folder Found : C:\ProgramData\{13c53c4e-012c-1}
Folder Found : C:\ProgramData\{1e32524b-412c-0}

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1869 bytes] - [07/03/2016 13:26:28]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [1962 bytes] ##########

gregw123 · Mar 7, 2016

Could This Be Virus Malware Issue?

I know Twitter is not your issue, but could something with a this virus or malware be causing this issue? Twiter has no help.

I can send tweets fine and watch them go by. But the people I send tweets to do not receive notifications of my tweets. They can see them go by if watching right then. But get no notice.

I tried 3 accounts, starting 1 on a differet computer. It worked fine for a short time. It does leave a notificstion, but only rarely. One account worked for 10 minutes yesterday, another for a few minutes this mornig. Makes no sense to me. Using the Web Twitter, Chrome an IE, and on my Kindle. How can this happen?
Thanks so much.

Juliet · Mar 7, 2016

Please open AdwCleaner

Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. At this time please click clean/remove
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~`

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~`
please post
AdwCleaner[CX].txt
JRT.txt

The deal with Twitter
It could be something as simple as changing your password, or the forum is having some kind of glitch.

~~~~~~~~~~~~~~~~~~~~~

Juliet · Mar 8, 2016

Can you follow through with the last set of instructions?

gregw123 · Mar 8, 2016

AdwCleaner[C1].txt

Juliet said:
Can you follow through with the last set of instructions?

Made a file caled AdwCleaner[C1].txt

# AdwCleaner v5.101 - Logfile created 07/03/2016 at 17:28:56
# Updated 07/03/2016 by Xplode
# Database : 2016-03-06.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : gregsw - GREG
# Running from : C:\Users\gregsw\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\61c981ce
[-] Folder Deleted : C:\ProgramData\7affe628-3891-0
[-] Folder Deleted : C:\ProgramData\7affe628-7075-1
[-] Folder Deleted : C:\ProgramData\a4448147-0541-0
[-] Folder Deleted : C:\ProgramData\a4448147-38c7-0
[-] Folder Deleted : C:\ProgramData\a4448147-4337-0
[-] Folder Deleted : C:\ProgramData\a4448147-7f01-1
[-] Folder Deleted : C:\ProgramData\{13c53c4e-012c-0}
[-] Folder Deleted : C:\ProgramData\{13c53c4e-012c-1}
[-] Folder Deleted : C:\ProgramData\{1e32524b-412c-0}

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2184 bytes] - [07/03/2016 17:28:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2073 bytes] - [07/03/2016 13:26:28]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [2260 bytes] - [07/03/2016 17:26:50]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2463 bytes] ##########

gregw123 · Mar 8, 2016

Junkware, hope I got them all right/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by gregsw (Administrator) on Mon 03/07/2016 at 17:45:17.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/07/2016 at 17:48:22.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DNS Unlocker

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus

Security Expert-emeritus

New member

New member