Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mcafee security issue


  • Please log in to reply

#1
renyaw

renyaw

    Member

  • Member
  • PipPip
  • 10 posts

I had macafee on my laptop. Earlier this week I notice my search engine default to yahoo instead of google. When I tried to delete the yahoo option it disappeared but it still searches via yahoo. I removed macafee security but can't change back to google.  

 

I assume I have a malware but I don't know how to find it or eliminate it.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Thanks for your help.

     

     

    # AdwCleaner v6.030 - Logfile created 27/11/2016 at 07:40:28
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-11-26.2 [Server]
    # Operating System : Windows 10 Home  (X64)
    # Username : Wayne - WAYNE
    # Running from : C:\Users\Wayne\Downloads\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Wayne\AppData\Roaming\myturbopc.com
    [-] Folder deleted: C:\Users\Wayne\Favorites\StumbleUpon
    [-] Folder deleted: C:\ProgramData\myturbopc.com
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\myturbopc.com


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bngh0j09.default\invalidprefs.js


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\CoinisRevShare
    [-] Key deleted: HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\MyTurboPC.com
    [#] Key deleted on reboot: HKCU\Software\CoinisRevShare
    [#] Key deleted on reboot: HKCU\Software\MyTurboPC.com
    [-] Key deleted: HKLM\SOFTWARE\MyTurboPC.com
    [#] Key deleted on reboot: [x64] HKCU\Software\CoinisRevShare
    [#] Key deleted on reboot: [x64] HKCU\Software\MyTurboPC.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\palikan.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\palikan.com


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2121 Bytes] - [27/11/2016 07:40:28]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2269 Bytes] - [27/11/2016 07:40:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2267 Bytes] ##########

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 10 Home x64
    Ran by Wayne (Administrator) on Sun 11/27/2016 at  7:47:51.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\ProgramData\1471818865.bdinstall.bin (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\REN6545.tmp (File)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 11/27/2016 at  7:54:43.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
    Ran by Wayne (administrator) on WAYNE (27-11-2016 08:06:37)
    Running from C:\Users\Wayne\Downloads
    Loaded Profiles: Wayne (Available Profiles: Wayne)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
    () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-09-11] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402520 2016-05-27] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] ()
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [80384 2015-07-14] (Plantronics)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Power2GoExpress] => 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [PCShowServer] => C:\Users\Wayne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Chromium] => c:\users\wayne\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\RunOnce: [Uninstall C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-23]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41
    Tcpip\..\Interfaces\{85ca883e-d6c7-48a7-9343-a28d600f30a3}: [DhcpNameServer] 192.168.254.254 74.40.74.41
    Tcpip\..\Interfaces\{a2173767-5295-477c-9b93-609793b8211b}: [DhcpNameServer] 40.52.1.201 40.52.1.203

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-2185679930-222367793-746031767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
    DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default [2015-04-12]
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> no_proxies_on", "*.local"
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> type", 4
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\7digital.xml [2014-08-05]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\d8686a0c-81ee-4ec1-979c-61950edf4860.xml [2014-08-05]
    FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bngh0j09.default [2016-11-27]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
    FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-14] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-02] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2185679930-222367793-746031767-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Wayne\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-05-30] (Octoshape ApS)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.malwarebytes.com/restorebrowser/index.html","hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US91088D20161008&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default [2016-11-27]
    CHR Extension: (Google Slides) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
    CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
    CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
    CHR Extension: (Google Docs Offline) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation)
    R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-09-11] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-09-11] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-09-11] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-09-11] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-03] (WildTangent)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
    R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
    S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2015-07-14] (CSR plc.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [143568 2013-09-11] (Intel Corporation)
    R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-09-11] (Intel Corporation)
    R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-09-11] (Intel Corporation)
    R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-09-11] (Intel Corporation)
    R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-27 08:06 - 2016-11-27 08:07 - 00026910 _____ C:\Users\Wayne\Downloads\FRST.txt
    2016-11-27 08:06 - 2016-11-27 08:06 - 00000000 ____D C:\FRST
    2016-11-27 07:59 - 2016-11-27 08:06 - 02412032 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe
    2016-11-27 07:54 - 2016-11-27 07:54 - 00000821 _____ C:\Users\Wayne\Desktop\JRT.txt
    2016-11-27 07:47 - 2016-11-27 07:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-27 07:47 - 2016-11-27 07:47 - 01631928 _____ (Malwarebytes) C:\Users\Wayne\Downloads\JRT.exe
    2016-11-27 07:45 - 2016-11-27 07:45 - 00002366 _____ C:\Users\Wayne\Desktop\AdwCleaner[C0].txt
    2016-11-27 07:35 - 2016-11-27 07:40 - 00000000 ____D C:\AdwCleaner
    2016-11-27 07:35 - 2016-11-27 07:35 - 03910208 _____ C:\Users\Wayne\Downloads\AdwCleaner.exe
    2016-11-24 19:50 - 2016-11-25 07:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2016-11-23 21:58 - 2016-11-23 21:58 - 00000735 _____ C:\Users\Wayne\Documents\Videos - Shortcut.lnk
    2016-11-19 10:20 - 2016-11-19 10:20 - 00338164 _____ C:\Users\Wayne\Desktop\Marine letter.pdf
    2016-11-10 07:23 - 2016-11-10 07:23 - 00000000 ____D C:\Program Files\McAfee
    2016-11-07 17:30 - 2016-11-07 17:31 - 00543020 _____ C:\WINDOWS\Minidump\110716-29546-01.dmp
    2016-11-04 06:39 - 2016-11-04 06:39 - 00028755 _____ C:\ProgramData\agent.1478263154.bdinstall.bin
    2016-11-03 21:12 - 2016-11-03 21:14 - 00551212 _____ C:\WINDOWS\Minidump\110316-75218-01.dmp
    2016-10-29 12:27 - 2016-10-29 12:29 - 00411796 _____ C:\WINDOWS\Minidump\102916-37234-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-27 07:57 - 2014-08-28 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 07:48 - 2016-03-10 00:17 - 01586246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-27 07:46 - 2014-09-05 18:22 - 00000000 ____D C:\Users\Wayne\Documents\Church
    2016-11-27 07:45 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2016-11-27 07:44 - 2014-08-02 15:27 - 00000074 _____ C:\Users\Wayne\AppData\Roaming\sp_data.sys
    2016-11-27 07:43 - 2016-08-10 17:44 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
    2016-11-27 07:42 - 2016-10-01 16:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-11-27 07:42 - 2016-05-10 22:05 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-11-27 07:42 - 2016-03-10 07:12 - 00000000 __SHD C:\Users\Wayne\IntelGraphicsProfiles
    2016-11-27 07:41 - 2016-10-01 16:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-11-27 07:41 - 2016-07-16 00:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2016-11-27 07:32 - 2016-10-01 15:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-11-26 21:07 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-11-26 18:08 - 2014-09-01 18:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-11-26 12:20 - 2016-10-01 16:20 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2016-11-26 12:20 - 2016-10-01 16:20 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2016-11-24 20:17 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-11-23 22:16 - 2016-10-08 19:51 - 00000000 ____D C:\ProgramData\McAfee
    2016-11-23 22:15 - 2016-10-01 16:04 - 00000000 ____D C:\Users\Wayne
    2016-11-23 19:49 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-11-22 08:24 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-11-22 08:23 - 2014-08-02 18:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-11-17 06:40 - 2014-08-02 18:10 - 00000707 _____ C:\Users\Wayne\AppData\Roaming\burnaware.ini
    2016-11-16 15:11 - 2014-08-28 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-11-14 20:04 - 2014-08-28 21:06 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-14 20:04 - 2014-08-28 21:06 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-13 00:37 - 2016-07-09 09:04 - 00000000 ____D C:\Users\Wayne\Desktop\New folder
    2016-11-11 21:36 - 2014-08-04 19:00 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Nitro PDF
    2016-11-08 22:05 - 2014-08-05 21:23 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-11-08 22:02 - 2014-08-05 21:23 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-11-08 21:22 - 2016-10-01 16:20 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-07 21:31 - 2016-10-01 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-11-07 17:30 - 2016-10-04 21:41 - 00000000 ____D C:\WINDOWS\Minidump
    2016-11-07 17:30 - 2014-10-04 09:21 - 684400863 _____ C:\WINDOWS\MEMORY.DMP
    2016-11-03 21:15 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
    2016-11-01 06:27 - 2014-08-28 20:56 - 00000000 ____D C:\Users\Wayne\AppData\Local\Google
    2016-10-30 18:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-10-29 12:37 - 2014-08-03 06:49 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-10-29 12:34 - 2016-10-01 15:57 - 00231288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-10-29 12:32 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-10-29 12:31 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-10-28 23:07 - 2016-03-10 19:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-08-02 16:05 - 2014-11-15 23:00 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2014-08-02 18:10 - 2016-11-17 06:40 - 0000707 _____ () C:\Users\Wayne\AppData\Roaming\burnaware.ini
    2015-12-15 21:39 - 2015-12-15 22:11 - 0000115 _____ () C:\Users\Wayne\AppData\Roaming\LogFile.txt
    2015-02-27 07:39 - 2015-02-27 07:39 - 0000021 _____ () C:\Users\Wayne\AppData\Roaming\my_intel.sys
    2014-08-02 15:27 - 2016-11-27 07:44 - 0000074 _____ () C:\Users\Wayne\AppData\Roaming\sp_data.sys
    2016-09-19 21:23 - 2016-09-19 21:23 - 0026705 _____ () C:\ProgramData\agent.1474341804.bdinstall.bin
    2016-11-04 06:39 - 2016-11-04 06:39 - 0028755 _____ () C:\ProgramData\agent.1478263154.bdinstall.bin
    2016-10-01 15:59 - 2016-10-01 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-12-13 14:22 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-12-13 14:22 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-12-13 14:22 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    2014-08-02 17:03 - 2014-08-02 17:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-08-02 17:03 - 2014-08-02 17:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some files in TEMP:
    ====================
    C:\Users\Wayne\AppData\Local\Temp\jre-8u111-windows-au.exe
    C:\Users\Wayne\AppData\Local\Temp\libeay32.dll
    C:\Users\Wayne\AppData\Local\Temp\msvcr120.dll
    C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-26 18:20

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
    Ran by Wayne (27-11-2016 08:08:49)
    Running from C:\Users\Wayne\Downloads
    Windows 10 Home Version 1607 (X64) (2016-10-01 22:33:11)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2185679930-222367793-746031767-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2185679930-222367793-746031767-503 - Limited - Disabled)
    Guest (S-1-5-21-2185679930-222367793-746031767-501 - Limited - Disabled)
    Wayne (S-1-5-21-2185679930-222367793-746031767-1001 - Administrator - Enabled) => C:\Users\Wayne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
    ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.0 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
    ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BurnAware Free 9.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
    CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
    DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
    Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
    Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
    Infinite HD™ App (HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
    Intel® Smart Connect Technology (HKLM\...\{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}) (Version: 4.2.41.2633 - Intel Corporation)
    InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
    iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
    Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    Mozilla Thunderbird 45.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.0 (x86 en-US)) (Version: 45.5.0 - Mozilla)
    Nitro PDF Professional (HKLM\...\{0C7EA81E-F787-4A14-8632-1371AD31C41B}) (Version: 6.2.3.6 - Nitro PDF Software)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.)
    Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.9.384 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
    Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
    Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {075EE61D-4CF4-4051-A8D4-D60D40E0740C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {083BA6E5-D324-4C77-81FB-7073B6F8EFFE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
    Task: {0D4373FB-8C96-4877-937C-0E97B034FEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {16EEEA9C-2D1C-48BC-A109-877B61A0A322} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
    Task: {1BD135A6-9AE2-426B-9C84-B2E99B6B4DE3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {1EA6B8C7-199B-4CDA-80AA-B445F92F48FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
    Task: {25B20BB9-4D27-491C-8656-B8F8DD73C3CF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
    Task: {2652F97A-8007-4B71-834E-EA8E656D9B29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {2DFC572E-3052-4284-98AF-B8DA9358AFCF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2EF25A46-7CD6-4A1C-886E-ABFD4B21A98A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {357CF99C-6A16-482C-A69F-8CB039AD0D69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3598E908-EBD8-4318-850A-AB20AAA1EC78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3DC52A51-1CE6-41FD-A331-F9B51A8F25AE} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
    Task: {45A110AB-27AE-48B9-A1A7-CF79BF668B12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {4B47D589-C0FD-427B-958D-C5C4DE67E309} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {52BC3A6E-BDD5-4FE7-B21B-62534F403D5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {55B75E72-6173-405D-8CE3-E2ED3239362E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
    Task: {58E75E8B-BFFE-4398-9487-86C8317DBFC9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {60F8EE3B-7A30-487A-B7D0-404FA95BE173} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6572D44F-1AC9-40DE-B762-416BE30353F4} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
    Task: {68BA1CDB-4B3F-48E4-8A42-6D9972FCC67D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {845227EA-2E06-4099-AF15-9882D1EF26D0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
    Task: {8BCCFE26-4E1B-446E-B3F1-B820C72EEF10} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {949C7554-A322-49EC-99C6-B1924CC8E9E1} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
    Task: {AB0500E4-475E-45AC-B66E-FD07C4D14ED1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
    Task: {AFC635D0-7632-4085-83BF-4A4B3E93C3D6} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
    Task: {B16E8525-74A5-4FA7-BB50-3E766D28C705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BD8C044E-FCC1-410F-9AA9-F6146C5F7DB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {BDDC9910-5923-402D-A04F-27B568E84304} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C00F0DD4-6EF2-4604-8ADE-787C79EDFD47} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
    Task: {C0E19812-0814-4198-90ED-46690324A5E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CCF70460-4C8F-4FE9-A190-940C0DA67AFB} - \WPD\SqmUpload_S-1-5-21-2185679930-222367793-746031767-1001 -> No File <==== ATTENTION
    Task: {D24B90CA-A3FD-4C37-884D-F524F9797317} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {E2475731-69F5-4B6B-B406-4C8847D384FA} - System32\Tasks\{5BA814E5-158B-4889-B0DE-71C2AF6961CA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.85.102/en/abandoninstall?page=tsPlugin
    Task: {E8297EDF-2388-4E3A-90F3-F11F9702CA38} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {F5B68330-A492-4B58-9459-95590AEEA7AA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
    Task: {F99356EE-B551-412D-A3D9-5067EF63EBC1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-10-02 06:33 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-11-07 18:12 - 2013-11-07 18:12 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    2013-11-07 18:12 - 2013-11-07 18:12 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-11-07 18:12 - 2013-11-07 18:12 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
    2014-08-02 18:55 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-10-02 06:33 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-02 17:00 - 2016-10-02 17:00 - 01864384 _____ () C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2016-07-25 20:51 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-11-17 20:49 - 2016-11-17 20:50 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-11-17 20:49 - 2016-11-17 20:50 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-11-17 20:49 - 2016-11-17 20:50 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-10-01 18:52 - 2016-10-01 18:52 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-10-12 20:51 - 2016-10-05 03:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-10-27 21:22 - 2016-10-14 21:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-10-27 21:22 - 2016-10-14 21:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2014-05-13 08:59 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\thehartford.com -> hxxps://thehartford.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2016-08-21 16:29 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wayne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\umbrella.jpg
    DNS Servers: 192.168.254.254 - 74.40.74.41
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{3C9C768C-EB10-4930-9643-08F98CB2A7E1}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [TCP Query User{B61340C4-1621-4453-8E1F-6FCF0CCFA3C5}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [UDP Query User{22C412C4-99CD-4711-BB30-A5A666533017}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [TCP Query User{3C29E99D-72D3-4B07-8E6D-B21AAB1441C6}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [{01C4F2C7-CF6A-4151-9676-82A059C5D0B8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6B10F6C7-5CFC-4EFE-8C3A-69713FB205A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EE68DC32-D428-48DE-A9E0-70CC4E8586C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B71C2B85-0582-4779-8465-9D427FA55533}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E9B1DFBA-4078-466C-B313-ED3B362DD478}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{18844974-9EFC-4453-B7EF-F5810682CBC5}] => (Allow) C:\Users\Wayne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [TCP Query User{F2AE7139-8BBD-4054-96D0-022B676B74B1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{831EAD51-E9D4-45FB-B9FD-9ABBD152E37D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{55E4531E-17E2-4E5F-B3B0-3F83FD537A67}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{BA48F295-2F4E-4882-B275-2FAD795D80AB}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{017A6B7E-3259-4641-BA02-EE10FB9A67EB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{7F68565B-C688-40D2-95A9-C9547B25E149}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{12CD5657-3589-4FA8-9340-25941BCDE315}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{D71BB0F1-B6D3-47AA-94F2-FD7E6F68128F}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [{82BEC0F7-AB04-47B9-A9D0-B3B45F28618A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{69AB8632-AE96-41E6-874E-9288F9FC1868}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{C7F8C26A-BC24-49EF-BEFB-1B4687108708}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{20F85993-BEB3-4284-ACD9-76B7E62B670A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{687BA960-D8C7-472C-BC86-7A78BBAA297F}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{E182C9CB-CF45-46B6-AAF3-808114DE7560}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
    FirewallRules: [{49862507-09F8-4AE9-BB2D-663AE0D2B25C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F7D5A77B-DD46-4649-93E6-BF383EC9AB31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CDBCDE5E-546A-4651-AF3E-D25F3DACC719}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    11-11-2016 22:29:15 Windows Update
    15-11-2016 07:18:56 Windows Update
    18-11-2016 20:48:20 Windows Update
    21-11-2016 23:20:47 Windows Update
    25-11-2016 22:18:11 Windows Update
    27-11-2016 07:48:03 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/27/2016 07:49:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x54dc4378
    Faulting module name: alvupdt.dll, version: 1.0.0.10, time stamp: 0x5510b8fc
    Exception code: 0xc0000005
    Fault offset: 0x00016eb6
    Faulting process id: 0x18d4
    Faulting application start time: 0x01d248b4c05c77ba
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    Report Id: 9b1594f0-3281-4cfd-bb95-b273c39bb592
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/27/2016 07:48:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (11/27/2016 07:43:02 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Wayne\AppData\Local\chromium\Application\chrome.exe".
    Dependent Assembly 50.0.2631.0,language="&#x2a;",type="win32",version="50.0.2631.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/27/2016 07:41:58 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 07:32:58 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 904906

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 904906

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/27/2016 06:00:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7581266

    Error: (11/27/2016 06:00:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7581266


    System errors:
    =============
    Error: (11/27/2016 07:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:42:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Apple Mobile Device Service service failed to start due to the following error:
    The pipe has been ended.

    Error: (11/27/2016 07:40:45 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/27/2016 07:40:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
      Date: 2016-10-30 19:07:12.841
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.824
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.773
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.756
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.731
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.703
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.670
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.655
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.611
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.594
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 37%
    Total physical RAM: 6027.38 MB
    Available physical RAM: 3767.34 MB
    Total Virtual: 6987.38 MB
    Available Virtual: 4856.03 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:352.22 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: FAE7D78D)

    Partition: GPT.

    ==================== End of Addition.txt ============================

     

     

     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 8 Update 77 (64-bit) 
    Java 8 Update 77 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
     
    Uninstall Bonjour.  It doesn't seem to work on upgraded win 10 systems.  Perhaps there is a newer version - which you will get when you install any Apple software.
     
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     
    Did that help?
     
    I see you have had some blue screens.  If you want to we can look into the problem.
     
     
    Download BlueScreenView
     
    Double click on Download BlueScreenView with full install/uninstall support 
    to install the program.
    When scanning is done, go Edit, Select All.
     
    Go File, Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     

     


    • 0

    #5
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Thanks again for the help.  I never knew why I needed Java or Bonjours.  Deleting them doesn't hurt my feelings at all.

    Before posting the logs I want to mention that last night after posting here I could no longer open Chrome at all.  Your fixes today took care of that. However my original issue is still here. When I search this macafee secure search comes up in Yahoo.  I can't delete it.  I deleted. I deleted yahoo and it is still there.

    Here are the logs:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
    Ran by Wayne (administrator) on WAYNE (27-11-2016 15:49:28)
    Running from C:\Users\Wayne\Downloads
    Loaded Profiles: Wayne (Available Profiles: Wayne)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
    () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-09-11] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402520 2016-05-27] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] ()
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [80384 2015-07-14] (Plantronics)
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Power2GoExpress] => 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [PCShowServer] => C:\Users\Wayne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Chromium] => c:\users\wayne\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\RunOnce: [Uninstall C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation)
    Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-23]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41
    Tcpip\..\Interfaces\{85ca883e-d6c7-48a7-9343-a28d600f30a3}: [DhcpNameServer] 192.168.254.254 74.40.74.41
    Tcpip\..\Interfaces\{a2173767-5295-477c-9b93-609793b8211b}: [DhcpNameServer] 40.52.1.201 40.52.1.203

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-2185679930-222367793-746031767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
    DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default [2015-04-12]
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> no_proxies_on", "*.local"
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> type", 4
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\7digital.xml [2014-08-05]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\d8686a0c-81ee-4ec1-979c-61950edf4860.xml [2014-08-05]
    FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bngh0j09.default [2016-11-27]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-02] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2185679930-222367793-746031767-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Wayne\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-05-30] (Octoshape ApS)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.malwarebytes.com/restorebrowser/index.html","hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US91088D20161008&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default [2016-11-27]
    CHR Extension: (Google Slides) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
    CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
    CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
    CHR Extension: (Google Docs Offline) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation)
    R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-09-11] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-09-11] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-09-11] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-09-11] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-03] (WildTangent)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
    R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
    S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2015-07-14] (CSR plc.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [143568 2013-09-11] (Intel Corporation)
    R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-09-11] (Intel Corporation)
    R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-09-11] (Intel Corporation)
    R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-09-11] (Intel Corporation)
    R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
    R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
    R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
    R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-27 15:49 - 2016-11-27 15:49 - 00025839 _____ C:\Users\Wayne\Downloads\FRST.txt
    2016-11-27 15:48 - 2016-11-27 15:48 - 00023482 _____ C:\Users\Wayne\Downloads\fixlist.txt
    2016-11-27 15:30 - 2016-11-27 15:48 - 00000000 ____D C:\Users\Wayne\Downloads\FRST-OlderVersion
    2016-11-27 08:06 - 2016-11-27 15:49 - 00000000 ____D C:\FRST
    2016-11-27 07:59 - 2016-11-27 15:30 - 02411520 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe
    2016-11-27 07:54 - 2016-11-27 07:54 - 00000821 _____ C:\Users\Wayne\Desktop\JRT.txt
    2016-11-27 07:47 - 2016-11-27 07:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-27 07:47 - 2016-11-27 07:47 - 01631928 _____ (Malwarebytes) C:\Users\Wayne\Downloads\JRT.exe
    2016-11-27 07:45 - 2016-11-27 07:45 - 00002366 _____ C:\Users\Wayne\Desktop\AdwCleaner[C0].txt
    2016-11-27 07:35 - 2016-11-27 07:40 - 00000000 ____D C:\AdwCleaner
    2016-11-27 07:35 - 2016-11-27 07:35 - 03910208 _____ C:\Users\Wayne\Downloads\AdwCleaner.exe
    2016-11-24 19:50 - 2016-11-25 07:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2016-11-23 21:58 - 2016-11-23 21:58 - 00000735 _____ C:\Users\Wayne\Documents\Videos - Shortcut.lnk
    2016-11-19 10:20 - 2016-11-19 10:20 - 00338164 _____ C:\Users\Wayne\Desktop\Marine letter.pdf
    2016-11-10 07:23 - 2016-11-10 07:23 - 00000000 ____D C:\Program Files\McAfee
    2016-11-07 17:30 - 2016-11-07 17:31 - 00543020 _____ C:\WINDOWS\Minidump\110716-29546-01.dmp
    2016-11-04 06:39 - 2016-11-04 06:39 - 00028755 _____ C:\ProgramData\agent.1478263154.bdinstall.bin
    2016-11-03 21:12 - 2016-11-03 21:14 - 00551212 _____ C:\WINDOWS\Minidump\110316-75218-01.dmp
    2016-10-29 12:27 - 2016-10-29 12:29 - 00411796 _____ C:\WINDOWS\Minidump\102916-37234-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-27 15:19 - 2016-03-20 19:16 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Sun
    2016-11-27 15:19 - 2015-02-04 07:47 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Oracle
    2016-11-27 15:19 - 2014-09-09 06:17 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Oracle
    2016-11-27 15:19 - 2014-08-03 16:18 - 00000000 ____D C:\ProgramData\Oracle
    2016-11-27 15:19 - 2014-08-03 16:16 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Sun
    2016-11-27 15:08 - 2016-10-01 15:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-11-27 15:08 - 2016-05-10 22:05 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2016-11-27 13:27 - 2016-10-01 16:20 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2016-11-27 13:27 - 2016-10-01 16:20 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2016-11-27 08:24 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-11-27 07:57 - 2014-08-28 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-27 07:48 - 2016-03-10 00:17 - 01586246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-27 07:46 - 2014-09-05 18:22 - 00000000 ____D C:\Users\Wayne\Documents\Church
    2016-11-27 07:45 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2016-11-27 07:44 - 2014-08-02 15:27 - 00000074 _____ C:\Users\Wayne\AppData\Roaming\sp_data.sys
    2016-11-27 07:43 - 2016-08-10 17:44 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
    2016-11-27 07:42 - 2016-10-01 16:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-11-27 07:42 - 2016-03-10 07:12 - 00000000 __SHD C:\Users\Wayne\IntelGraphicsProfiles
    2016-11-27 07:41 - 2016-10-01 16:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-11-27 07:41 - 2016-07-16 00:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
    2016-11-26 18:08 - 2014-09-01 18:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-11-24 20:17 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-11-23 22:16 - 2016-10-08 19:51 - 00000000 ____D C:\ProgramData\McAfee
    2016-11-23 22:15 - 2016-10-01 16:04 - 00000000 ____D C:\Users\Wayne
    2016-11-23 19:49 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-11-22 08:24 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-11-22 08:23 - 2014-08-02 18:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-11-17 06:40 - 2014-08-02 18:10 - 00000707 _____ C:\Users\Wayne\AppData\Roaming\burnaware.ini
    2016-11-16 15:11 - 2014-08-28 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-11-14 20:04 - 2014-08-28 21:06 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-14 20:04 - 2014-08-28 21:06 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-13 00:37 - 2016-07-09 09:04 - 00000000 ____D C:\Users\Wayne\Desktop\New folder
    2016-11-11 21:36 - 2014-08-04 19:00 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Nitro PDF
    2016-11-08 22:05 - 2014-08-05 21:23 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-11-08 22:02 - 2014-08-05 21:23 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-11-08 21:22 - 2016-10-01 16:20 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-07 21:31 - 2016-10-01 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-11-07 17:30 - 2016-10-04 21:41 - 00000000 ____D C:\WINDOWS\Minidump
    2016-11-07 17:30 - 2014-10-04 09:21 - 684400863 _____ C:\WINDOWS\MEMORY.DMP
    2016-11-03 21:15 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
    2016-11-01 06:27 - 2014-08-28 20:56 - 00000000 ____D C:\Users\Wayne\AppData\Local\Google
    2016-10-30 18:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-10-29 12:37 - 2014-08-03 06:49 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-10-29 12:34 - 2016-10-01 15:57 - 00231288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-10-29 12:32 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-10-29 12:31 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-10-28 23:07 - 2016-03-10 19:38 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-08-02 16:05 - 2014-11-15 23:00 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2014-08-02 18:10 - 2016-11-17 06:40 - 0000707 _____ () C:\Users\Wayne\AppData\Roaming\burnaware.ini
    2015-12-15 21:39 - 2015-12-15 22:11 - 0000115 _____ () C:\Users\Wayne\AppData\Roaming\LogFile.txt
    2015-02-27 07:39 - 2015-02-27 07:39 - 0000021 _____ () C:\Users\Wayne\AppData\Roaming\my_intel.sys
    2014-08-02 15:27 - 2016-11-27 07:44 - 0000074 _____ () C:\Users\Wayne\AppData\Roaming\sp_data.sys
    2016-09-19 21:23 - 2016-09-19 21:23 - 0026705 _____ () C:\ProgramData\agent.1474341804.bdinstall.bin
    2016-11-04 06:39 - 2016-11-04 06:39 - 0028755 _____ () C:\ProgramData\agent.1478263154.bdinstall.bin
    2016-10-01 15:59 - 2016-10-01 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-12-13 14:22 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-12-13 14:22 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-12-13 14:22 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    2014-08-02 17:03 - 2014-08-02 17:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-08-02 17:03 - 2014-08-02 17:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some files in TEMP:
    ====================
    C:\Users\Wayne\AppData\Local\Temp\jre-8u111-windows-au.exe
    C:\Users\Wayne\AppData\Local\Temp\libeay32.dll
    C:\Users\Wayne\AppData\Local\Temp\msvcr120.dll
    C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-26 18:20

    ==================== End of FRST.txt ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
    Ran by Wayne (27-11-2016 15:50:44)
    Running from C:\Users\Wayne\Downloads
    Windows 10 Home Version 1607 (X64) (2016-10-01 22:33:11)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2185679930-222367793-746031767-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2185679930-222367793-746031767-503 - Limited - Disabled)
    Guest (S-1-5-21-2185679930-222367793-746031767-501 - Limited - Disabled)
    Wayne (S-1-5-21-2185679930-222367793-746031767-1001 - Administrator - Enabled) => C:\Users\Wayne

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
    ASUS Product Demo Kit (HKLM-x32\...\{1714AD6E-D517-40C0-9B19-4CE0078F7694}) (Version: 2.0.0 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
    ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
    BurnAware Free 9.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
    CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
    DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
    Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
    Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
    Infinite HD™ App (HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
    Intel® Smart Connect Technology (HKLM\...\{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}) (Version: 4.2.41.2633 - Intel Corporation)
    InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
    iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
    Mozilla Thunderbird 45.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.0 (x86 en-US)) (Version: 45.5.0 - Mozilla)
    Nitro PDF Professional (HKLM\...\{0C7EA81E-F787-4A14-8632-1371AD31C41B}) (Version: 6.2.3.6 - Nitro PDF Software)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Plantronics CSR Driver (64-bit) (Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics CsrDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics HidDfu Installer (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater (HKLM-x32\...\{f3913714-6d44-49ee-9526-a47d548f2334}) (Version: 3.1.51094.21292 - Plantronics, Inc.)
    Plantronics MyHeadset Updater (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Plantronics MyHeadset Updater Startup (x32 Version: 3.1.51094.21292 - Plantronics, Inc.) Hidden
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.9.384 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
    Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
    Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {075EE61D-4CF4-4051-A8D4-D60D40E0740C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {083BA6E5-D324-4C77-81FB-7073B6F8EFFE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
    Task: {0D4373FB-8C96-4877-937C-0E97B034FEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {1BD135A6-9AE2-426B-9C84-B2E99B6B4DE3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {1EA6B8C7-199B-4CDA-80AA-B445F92F48FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
    Task: {25B20BB9-4D27-491C-8656-B8F8DD73C3CF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
    Task: {2652F97A-8007-4B71-834E-EA8E656D9B29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {2DFC572E-3052-4284-98AF-B8DA9358AFCF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2EF25A46-7CD6-4A1C-886E-ABFD4B21A98A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {357CF99C-6A16-482C-A69F-8CB039AD0D69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3598E908-EBD8-4318-850A-AB20AAA1EC78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3DC52A51-1CE6-41FD-A331-F9B51A8F25AE} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
    Task: {45A110AB-27AE-48B9-A1A7-CF79BF668B12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {4B47D589-C0FD-427B-958D-C5C4DE67E309} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {52BC3A6E-BDD5-4FE7-B21B-62534F403D5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {55B75E72-6173-405D-8CE3-E2ED3239362E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
    Task: {58E75E8B-BFFE-4398-9487-86C8317DBFC9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {5EF0C01D-34EA-471C-ADDD-5D4603AE242A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
    Task: {60F8EE3B-7A30-487A-B7D0-404FA95BE173} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6572D44F-1AC9-40DE-B762-416BE30353F4} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
    Task: {68BA1CDB-4B3F-48E4-8A42-6D9972FCC67D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {845227EA-2E06-4099-AF15-9882D1EF26D0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
    Task: {8BCCFE26-4E1B-446E-B3F1-B820C72EEF10} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {949C7554-A322-49EC-99C6-B1924CC8E9E1} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
    Task: {AFC635D0-7632-4085-83BF-4A4B3E93C3D6} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
    Task: {B16E8525-74A5-4FA7-BB50-3E766D28C705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BD8C044E-FCC1-410F-9AA9-F6146C5F7DB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {BDDC9910-5923-402D-A04F-27B568E84304} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C00F0DD4-6EF2-4604-8ADE-787C79EDFD47} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
    Task: {C0E19812-0814-4198-90ED-46690324A5E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CCF70460-4C8F-4FE9-A190-940C0DA67AFB} - \WPD\SqmUpload_S-1-5-21-2185679930-222367793-746031767-1001 -> No File <==== ATTENTION
    Task: {D19F0BAB-7A6A-4589-B046-497478293616} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
    Task: {D24B90CA-A3FD-4C37-884D-F524F9797317} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {E2475731-69F5-4B6B-B406-4C8847D384FA} - System32\Tasks\{5BA814E5-158B-4889-B0DE-71C2AF6961CA} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.85.102/en/abandoninstall?page=tsPlugin
    Task: {E8297EDF-2388-4E3A-90F3-F11F9702CA38} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {F5B68330-A492-4B58-9459-95590AEEA7AA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
    Task: {F99356EE-B551-412D-A3D9-5067EF63EBC1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-10-02 06:33 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-11-07 18:12 - 2013-11-07 18:12 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    2013-11-07 18:12 - 2013-11-07 18:12 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-11-07 18:12 - 2013-11-07 18:12 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
    2014-08-02 18:55 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-10-02 06:33 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-02 17:00 - 2016-10-02 17:00 - 01864384 _____ () C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2016-07-25 20:51 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-11-17 20:49 - 2016-11-17 20:50 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-11-17 20:49 - 2016-11-17 20:50 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-11-17 20:49 - 2016-11-17 20:50 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-10-01 18:52 - 2016-10-01 18:52 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-10-12 20:51 - 2016-10-05 03:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-10-27 21:22 - 2016-10-14 21:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-10-27 21:22 - 2016-10-14 21:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-10-27 21:22 - 2016-10-14 21:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-11-23 19:48 - 2016-11-23 19:49 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-11-23 19:48 - 2016-11-23 19:49 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-06-02 17:56 - 2016-06-02 17:58 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2016-11-23 19:48 - 2016-11-23 19:49 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
    2016-11-23 19:48 - 2016-11-23 19:49 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
    2014-05-13 08:59 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\thehartford.com -> hxxps://thehartford.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2016-08-21 16:29 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wayne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\umbrella.jpg
    DNS Servers: 192.168.254.254 - 74.40.74.41
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{3C9C768C-EB10-4930-9643-08F98CB2A7E1}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [TCP Query User{B61340C4-1621-4453-8E1F-6FCF0CCFA3C5}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [UDP Query User{22C412C4-99CD-4711-BB30-A5A666533017}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [TCP Query User{3C29E99D-72D3-4B07-8E6D-B21AAB1441C6}C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\wayne\appdata\local\directv player\ndspcshowserver.exe
    FirewallRules: [{01C4F2C7-CF6A-4151-9676-82A059C5D0B8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{18844974-9EFC-4453-B7EF-F5810682CBC5}] => (Allow) C:\Users\Wayne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [TCP Query User{F2AE7139-8BBD-4054-96D0-022B676B74B1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{831EAD51-E9D4-45FB-B9FD-9ABBD152E37D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{55E4531E-17E2-4E5F-B3B0-3F83FD537A67}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{BA48F295-2F4E-4882-B275-2FAD795D80AB}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{017A6B7E-3259-4641-BA02-EE10FB9A67EB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{7F68565B-C688-40D2-95A9-C9547B25E149}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{12CD5657-3589-4FA8-9340-25941BCDE315}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{D71BB0F1-B6D3-47AA-94F2-FD7E6F68128F}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [{82BEC0F7-AB04-47B9-A9D0-B3B45F28618A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{69AB8632-AE96-41E6-874E-9288F9FC1868}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{C7F8C26A-BC24-49EF-BEFB-1B4687108708}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{20F85993-BEB3-4284-ACD9-76B7E62B670A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{687BA960-D8C7-472C-BC86-7A78BBAA297F}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{E182C9CB-CF45-46B6-AAF3-808114DE7560}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
    FirewallRules: [{49862507-09F8-4AE9-BB2D-663AE0D2B25C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F7D5A77B-DD46-4649-93E6-BF383EC9AB31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CDBCDE5E-546A-4651-AF3E-D25F3DACC719}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    11-11-2016 22:29:15 Windows Update
    15-11-2016 07:18:56 Windows Update
    18-11-2016 20:48:20 Windows Update
    21-11-2016 23:20:47 Windows Update
    25-11-2016 22:18:11 Windows Update
    27-11-2016 07:48:03 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/27/2016 03:08:10 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 09:16:20 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 07:49:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x54dc4378
    Faulting module name: alvupdt.dll, version: 1.0.0.10, time stamp: 0x5510b8fc
    Exception code: 0xc0000005
    Fault offset: 0x00016eb6
    Faulting process id: 0x18d4
    Faulting application start time: 0x01d248b4c05c77ba
    Faulting application path: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
    Faulting module path: C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    Report Id: 9b1594f0-3281-4cfd-bb95-b273c39bb592
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/27/2016 07:48:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (11/27/2016 07:43:02 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\Wayne\AppData\Local\chromium\Application\chrome.exe".
    Dependent Assembly 50.0.2631.0,language="&#x2a;",type="win32",version="50.0.2631.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (11/27/2016 07:41:58 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 07:32:58 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
    Description: ISCT - CAgentState::ResetBIOS       Reset SASD failed, error=0

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 904906

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 904906

    Error: (11/27/2016 07:18:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (11/27/2016 09:32:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 09:14:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 08:24:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3200970).

    Error: (11/27/2016 07:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:42:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:42:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/27/2016 07:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Apple Mobile Device Service service failed to start due to the following error:
    The pipe has been ended.

    Error: (11/27/2016 07:40:45 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (11/27/2016 07:40:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).


    CodeIntegrity:
    ===================================
      Date: 2016-10-30 19:07:12.841
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.824
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.773
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.756
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.731
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.703
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.670
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.655
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.611
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2016-10-30 19:07:12.594
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 42%
    Total physical RAM: 6027.38 MB
    Available physical RAM: 3474.52 MB
    Total Virtual: 6987.38 MB
    Available Virtual: 4470.28 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:352.24 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: FAE7D78D)

    Partition: GPT.

    ==================== End of Addition.txt ============================

     

    ==================================================
    Dump File         : 110716-29546-01.dmp
    Crash Time        : 11/7/2016 5:29:54 PM
    Bug Check String  :
    Bug Check Code    : 0x0000012b
    Parameter 1       : ffffffff`c00002c4
    Parameter 2       : 00000000`00000428
    Parameter 3       : 00000000`0165f340
    Parameter 4       : ffffe601`5208b000
    Caused By Driver  : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+14a3b0
    File Description  :
    Product Name      :
    Company           :
    File Version      :
    Processor         : x64
    Crash Address     : ntoskrnl.exe+14a3b0
    Stack Address 1   :
    Stack Address 2   :
    Stack Address 3   :
    Computer Name     :
    Full Path         : C:\WINDOWS\Minidump\110716-29546-01.dmp
    Processors Count  : 4
    Major Version     : 15
    Minor Version     : 14393
    Dump File Size    : 543,020
    Dump File Time    : 11/7/2016 5:31:06 PM
    ==================================================

    ==================================================
    Dump File         : 110316-75218-01.dmp
    Crash Time        : 11/3/2016 9:10:53 PM
    Bug Check String  :
    Bug Check Code    : 0x0000012b
    Parameter 1       : ffffffff`c00002c4
    Parameter 2       : 00000000`000006d0
    Parameter 3       : 00000000`0ae750f0
    Parameter 4       : ffffbf81`78333000
    Caused By Driver  : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+14a3b0
    File Description  :
    Product Name      :
    Company           :
    File Version      :
    Processor         : x64
    Crash Address     : ntoskrnl.exe+14a3b0
    Stack Address 1   :
    Stack Address 2   :
    Stack Address 3   :
    Computer Name     :
    Full Path         : C:\WINDOWS\Minidump\110316-75218-01.dmp
    Processors Count  : 4
    Major Version     : 15
    Minor Version     : 14393
    Dump File Size    : 551,212
    Dump File Time    : 11/3/2016 9:14:33 PM
    ==================================================

    ==================================================
    Dump File         : 102916-37234-01.dmp
    Crash Time        : 10/29/2016 12:26:08 PM
    Bug Check String  : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code    : 0x1000007e
    Parameter 1       : ffffffff`c0000005
    Parameter 2       : fffff801`246ca037
    Parameter 3       : ffff8000`ccb992a8
    Parameter 4       : ffff8000`ccb98ad0
    Caused By Driver  : WdFilter.sys
    Caused By Address : WdFilter.sys+251f8
    File Description  :
    Product Name      :
    Company           :
    File Version      :
    Processor         : x64
    Crash Address     : ntoskrnl.exe+24b037
    Stack Address 1   :
    Stack Address 2   :
    Stack Address 3   :
    Computer Name     :
    Full Path         : C:\WINDOWS\Minidump\102916-37234-01.dmp
    Processors Count  : 4
    Major Version     : 15
    Minor Version     : 14393
    Dump File Size    : 411,796
    Dump File Time    : 10/29/2016 12:29:40 PM
    ==================================================

    ==================================================
    Dump File         : 100416-45718-01.dmp
    Crash Time        : 10/4/2016 9:40:32 PM
    Bug Check String  :
    Bug Check Code    : 0x0000012b
    Parameter 1       : ffffffff`c00002c4
    Parameter 2       : 00000000`000008d8
    Parameter 3       : 00000000`18db0000
    Parameter 4       : ffffb781`8077e000
    Caused By Driver  : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+14a2b0
    File Description  :
    Product Name      :
    Company           :
    File Version      :
    Processor         : x64
    Crash Address     : ntoskrnl.exe+14a2b0
    Stack Address 1   :
    Stack Address 2   :
    Stack Address 3   :
    Computer Name     :
    Full Path         : C:\WINDOWS\Minidump\100416-45718-01.dmp
    Processors Count  : 4
    Major Version     : 15
    Minor Version     : 14393
    Dump File Size    : 543,012
    Dump File Time    : 10/4/2016 9:41:59 PM
    ==================================================
     


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I don't see the fixlog.  Did you run the fixlist?

     

    Your blue screen may be heat related.  Let's check:

     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)

    • 0

    #7
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    I didn't remember the fixlist file.  Sorry.  There were so many I overlooked it. 

    Thank you for having me remove my serial number. I would never have thought to look for it.

     

    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFind] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKLM\...\Policies\Explorer: [NoDesktop] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Power2GoExpress] => 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    SearchScopes: HKU\S-1-5-21-2185679930-222367793-746031767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> no_proxies_on", "*.local"
    FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> type", 4
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\[email protected] [not found]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\7digital.xml [2014-08-05]
    FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\d8686a0c-81ee-4ec1-979c-61950edf4860.xml [2014-08-05]
    FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-14] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US91088D20161008&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    2016-11-10 07:23 - 2016-11-10 07:23 - 00000000 ____D C:\Program Files\McAfee
    Task: {075EE61D-4CF4-4051-A8D4-D60D40E0740C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {1BD135A6-9AE2-426B-9C84-B2E99B6B4DE3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {2DFC572E-3052-4284-98AF-B8DA9358AFCF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {357CF99C-6A16-482C-A69F-8CB039AD0D69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3598E908-EBD8-4318-850A-AB20AAA1EC78} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {45A110AB-27AE-48B9-A1A7-CF79BF668B12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {60F8EE3B-7A30-487A-B7D0-404FA95BE173} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {68BA1CDB-4B3F-48E4-8A42-6D9972FCC67D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B16E8525-74A5-4FA7-BB50-3E766D28C705} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BDDC9910-5923-402D-A04F-27B568E84304} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C0E19812-0814-4198-90ED-46690324A5E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CCF70460-4C8F-4FE9-A190-940C0DA67AFB} - \WPD\SqmUpload_S-1-5-21-2185679930-222367793-746031767-1001 -> No File <==== ATTENTION
    Task: {E8297EDF-2388-4E3A-90F3-F11F9702CA38} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
    Task: {F99356EE-B551-412D-A3D9-5067EF63EBC1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

    Attached Files


    • 0

    #8
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    You must have scared the virus.  Chrome now opens with this as one of my tabs. It seems to be fighting back.  :D

    Attached Files


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    After the fix I need a fresh FRST scan with Addition.txt checked.


    • 0

    #10
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Sorry I thought I did post the logs.  Here they are.

     

    Attached Files


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    No I need new logs that were run after you ran the fix.


    • 0

    #12
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Sorry I did run the fix program.  I probably did it wrong.  Even now I am not sure I did it the way you want it done.  I don;t know what to do with the fixlist doc that I downloaded.

     

    Hope it is correct this time.

    Attached Files


    • 0

    #13
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Google is back as my primary search engine!! Good job.  I was able to delete the yahoo secure search.

     

    I am pretty happy.  There are a couple of questions-

    1. I kind of got ticked off at my malware program and deleted it.  First because you used a different one and secondly I wondered if my program was part of the problem. I was still getting 2 tabs opening when I select Chrome.  One of them is the the malware question page that I posted yesterday  I removed it from my start up.  I am not sure how it got there.  I hope that is acceptable with you.

    2.Chrome settings page now has a box at the top of the page that is telling me some of my settings were corrupted and I can "reset all settings" by clicking the box.  There is a little "x" in the corner so I can make it go away if you say so.


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Logs look good.  If you have already removed the second Chrome startup tab then I don't have to tell you how to do it.  I think the Chrome settings reset button is legit so go ahead and click on it.


    • 1

    #15
    renyaw

    renyaw

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Looking pretty good.  You are a steely-eyed missile man.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP