Page 1 of 3 123 LastLast
Results 1 to 10 of 28
  1. #1
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default Computer Infected

    Logs attached, Trovi and a few other bad things.

    Is McAfee AV any good? I get it free from Optimum but I have my doubts about it.


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 02/06/2016 at 08:07 PM

    Application Version : 6.0.1212
    Database Version : 12397

    Scan type : Quick Scan
    Total Scan Time : 00:27:16

    Operating System Information
    Windows 10 Professional 32-bit (Build 10.00.10586)
    UAC Off - Administrator

    Memory items scanned : 1106
    Memory threats detected : 1
    Registry items scanned : 37006
    Registry threats detected : 2
    File items scanned : 7927
    File threats detected : 379

    Adware.Tracking Cookie
    .scorecardresearch.com\UID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .scorecardresearch.com\UIDR [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\id [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\IDE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com\BizoUserMatchHistory [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com\ATN [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bluekai.com\bkdc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com\uuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com\uuidc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net\cli [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_i_at [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .demdex.net\demdex [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .crwdcntrl.net\_cc_aud [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .crwdcntrl.net\_cc_cc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .crwdcntrl.net\_cc_id [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .crwdcntrl.net\_cc_dc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dpm.demdex.net\dpm [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reson8.com\surveygo [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reson8.com\SURVEYGO [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reson8.com\RCID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .reson8.com\RCOUNT [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cardlytics.com\mv3 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\IDSYNC [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrn.com\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrn.com\rscscap [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchaddthis [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dsply.com\ub_uuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dsply.com\nitpo [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.autodesk.com\_bizo_np_stats [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com\AC [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com\DMADT [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com\BizoID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com\BizoData [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com\C5 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com\D2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com\DW [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com\IXAI23036 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com\DW_Time [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com\TID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com\A6 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com\u2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com\eyeblaster [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\ruid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3876 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2307 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\ACID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\au [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2309 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2146 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1512 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2313 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\_drt_ [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\DSID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2974 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net\NETID01 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net\rtc_AAAA [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_i_rc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.creative-serving.com\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2810 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2245 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2820 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2243 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adrta.com\__aavi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adrta.com\__aavt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2021 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com\UserID1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3822 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tidaltv.com\tidal_ttid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1197 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2861 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .simpli.fi\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .servesharp.net\UUID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .servesharp.net\UREGION [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3468 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_4112 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .owneriq.net\si [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .opendsp.com\odsp [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1185 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .everesttech.net\gglck [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchcasale [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyeviewads.com\__ev_uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sitescout.com\_ssum [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bidswitch.net\c [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com\RA1balancer [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .jivox.com\jvxsync [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .jivox.com\jvxkxsync [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com\ck1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com\IMRID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .flashtalking.com\flashtalkingad1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adform.net\C [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsby.bidtheatre.com\__kuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2650 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2676 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .erne.co\u [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3734 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .wtp101.com\cookie_born [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.wtp101.com\lldt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2590 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2238 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2494 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1902 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2950 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .wtp101.com\synced [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2760 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2100 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tap-t.rubiconproject.com\dq [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyereturn.com\er_guid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2181 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2395 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .virool.com\vrlid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3778 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com\DotomiUser [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3416 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3838 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1994 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2046 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1523 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2082 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3320 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchfbx [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchgoogle [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2249 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adgrx.com\ADGRX_UID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .relestar.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adgrx.com\ADGRX_CM_RUBICON_BRIDGED [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3632 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .btrll.com\BR_APS [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\cd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tap.rubiconproject.com\dq [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_4032 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bidr.io\bito [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.p161.net\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2323 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_4114 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2751 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dpclk.com\__df_v1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dpclk.com\__df_v2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_3105 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com\fc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    t.brand-server.com\um3 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com\ra1_pd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ml314.com\pi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    t.brand-server.com\kuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    t.brand-server.com\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    t.brand-server.com\cal [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    t.brand-server.com\crl [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubemogul.com\_tmpi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com\OAX [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .krxd.net\ServedBy [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .krxd.net\_kuid_ [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com\adaptv_unique_user_cookie [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .outbrain.com\obuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .outbrain.com\_fcap_CAM4 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .outbrain.com\_ofcap_DOC1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .outbrain.com\_utastes_1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .newsday.122.2o7.net\s_vi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.360yield.com\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.360yield.com\um [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.360yield.com\umeh [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.i.matheranalytics.com\sp [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\ses2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\vis2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\csi2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\csc2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .audienceiq.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\purell [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .acuityplatform.com\auid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\ses15 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\vis15 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\csi15 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\csc15 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\ieid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com\rrs [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com\rds [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com\rv [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com\ra1_sid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mediaservices-d.openxenterprise.com\OX_u [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .wtp101.com\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .openx.net\pd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tap2-cdn.rubiconproject.com\pux [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_i_ox [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\kevin [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\dt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\udm1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .udmserve.net\udmts [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com\acs [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\OAID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_1986 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .swid.switchads.com\SWID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .swid.switchads.com\TDSK [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\LOTM [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com\id [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com\mdata [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com\syncdata_AN [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\APP [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rhythmxchange.com\_rxuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com\vstcnt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com\clid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com\sglst [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_80 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\UMAP [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_133 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_286 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_594 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_153 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_240 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\PUB [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mxptint.net\mxpim [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsymptotic.com\U [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .everesttech.net\everest_g_v2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\SWID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    delivery.c.switchadhub.com\MMTH [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_52 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_330 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_97 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_t [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_vt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com\_i_pm [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sitescout.com\ssi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    pixel.sitescout.com\_ssum [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net\pudm_AAAA [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net\rts_AAAA [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yashi.com\yshi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com\ra1_uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .netseer.com\netseer_v3_vi [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_653 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_22 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_200 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_758 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com\ui [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com\udt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eqads.com\EQUser [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_204 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_188 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_38 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_107 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_668 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_372 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_72 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_218 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ipredictive.com\cu [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_258 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adblade.com\__tuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adblade.com\__eids [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .metanetwork.net\mncookie [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com\O179638 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_279 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_296 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com\X1ID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .connexity.net\COu [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\SyncRTB2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bidswitch.net\tuuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchpubmatic [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_447 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_681 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .basebanner.com\cicouid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_734 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rtbidder.net\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_628 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tekblue.net\TRK [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tekblue.net\TRKMONTH [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tekblue.net\TRK30 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    match.rundsp.com\RUN_ID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bilinmedia.net\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.appier.net\_auid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_759 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_377 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_922 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_904 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KADUSERCOOKIE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pubmatic.com\pubsyncexp [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\ANUSERCOOKIE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\cuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KTPCACOOKIE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\KADUSERCOOKIE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\__qca [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\fbc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .infolinks.com\tv [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mm.chitika.net\_cc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dtscout.com\m [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dtscout.com\df [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dtscout.com\d [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dtscout.com\l [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\uvc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\ssc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chitika.net\_uuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\dt [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\bt2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\di2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\vc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\loc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .simpli.fi\uid_syncd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\ac [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\b [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\cmd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .abmr.net\01AI [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com\HRL8 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtry.com\aid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dmtry.com\ads [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nexac.com\na_tc [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    de.tynt.com\pids [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com\mt_mop [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\u [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\eud [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\rud [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com\smd [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\wfivefivec [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net\matchbluekai [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com\JEB2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_57 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_27 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tynt.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com\um [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com\rlas3 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com\rtn1 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com\dids1600791833 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2596 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com\ANON_ID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com\dmpsync [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .openx.net\i [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tapad.com\TapAd_TS [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tapad.com\TapAd_DID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exelator.com\hsk_469 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvr.org\TDID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvr.org\TDCPM [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_18 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com\CMST [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com\CMDD [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com\CMID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com\CMPS [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com\CMRUM3 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\DOMSYNC [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com\ATTACID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubemogul.com\_tmid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bluekai.com\bku [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liverail.com\lr_uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liverail.com\lr_uds [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com\uid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com\rtbData0 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com\APID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .exelator.com\ud [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intentiq.com\IQver [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intentiq.com\IQRubiconCookieSync [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intentiq.com\intentIQ [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intentiq.com\IQPData [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intentiq.com\IQMID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2528 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net\anProfile [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com\anj [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com\sess [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com\uuid2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .spotxchange.com\partner-1454801567_9560-0 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .spotxchange.com\user-0 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\rpb [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\put_2132 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pixel.rubiconproject.com\rpx [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com\khaos [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lijit.com\ljt_reader [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .contextweb.com\V [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .contextweb.com\pb_rtb_ev [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .contextweb.com\sto-id-20480-bh [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\KRTBCOOKIE_148 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com\PUBMDCID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adadvisor.net\ab [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lijit.com\_ljtrtb_2 [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .agkn.com\uuid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .agkn.com\u [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .googleadservices.com\AID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com\is_unique [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com\is_visitor_unique [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com\cluid [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nr-data.net\JSESSIONID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media.net\visitor-id [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    PUP.ConvertAd/Variant
    HKLM\System\CurrentControlSet\Services\ZUTUZUNI
    C:\PROGRAM FILES\06E7B77E-1454804614-DE8D-F724-32B58E82D88D\JNSHA273.TMP
    HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ZUTUZUNI
    C:\USERS\HERB\APPDATA\LOCAL\TEMP\NSJ525.TMP
    C:\PROGRAM FILES\06E7B77E-1454804614-DE8D-F724-32B58E82D88D\JNSHA273.TMP

    PUP.Amonetize/Variant
    C:\USERS\HERB\APPDATA\LOCAL\TEMP\AMISETUP2693__16782.EXE

    ============================
    Unwanted Programs Detected
    ============================
    Consumer Input
    VO Package
    AnySend
    Software Version Updater

    ============
    End of Log
    ============

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/6/2016
    Scan Time: 6:42 PM
    Logfile: MWB.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.06.07
    Rootkit Database: v2016.01.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: Herb

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 446418
    Time Elapsed: 29 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/6/2016
    Scan Time: 6:42 PM
    Logfile: MWB.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.06.07
    Rootkit Database: v2016.01.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: Herb

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 446418
    Time Elapsed: 29 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 8:15:37 PM, on 2/6/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.10586.0020)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    C:\WINDOWS\system32\SettingSyncHost.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Dropbox\Client\Dropbox.exe
    C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Users\Herb\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\Users\Herb\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
    O4 - HKLM\..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
    O4 - HKLM\..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    O4 - HKLM\..\Run: [s5markrun] C:\Program Files\S5\S5mark.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\Herb\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe
    O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

    --
    End of file - 9784 bytes

  2. #2
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Scan this am

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 8:26:39 AM, on 2/7/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.10586.0020)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    C:\WINDOWS\system32\SettingSyncHost.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Dropbox\Client\Dropbox.exe
    C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Users\Herb\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ApplicationFrameHost.exe
    C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Herb\Desktop\HijackThis.exe
    C:\WINDOWS\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
    O4 - HKLM\..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
    O4 - HKLM\..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    O4 - HKLM\..\Run: [s5markrun] C:\Program Files\S5\S5mark.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\Herb\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
    O4 - HKUS\S-1-5-21-57612297-3157999027-2505413976-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?')
    O4 - HKUS\S-1-5-21-57612297-3157999027-2505413976-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User '?')
    O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User '?')
    O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User '?')
    O4 - S-1-5-21-57612297-3157999027-2505413976-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = Herb\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe
    O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

    --
    End of file - 11392 bytes

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/7/2016
    Scan Time: 8:15 AM
    Logfile: MB 020716.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.07.02
    Rootkit Database: v2016.01.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: Herb

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 442026
    Time Elapsed: 20 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 02/07/2016 at 08:22 AM

    Application Version : 6.0.1212
    Database Version : 12398

    Scan type : Complete Scan
    Total Scan Time : 00:32:01

    Operating System Information
    Windows 10 Professional 32-bit (Build 10.00.10586)
    UAC Off - Administrator

    Memory items scanned : 1108
    Memory threats detected : 0
    Registry items scanned : 41127
    Registry threats detected : 0
    File items scanned : 25309
    File threats detected : 7

    Adware.OutBrowse/Variant
    C:\PROGRAM FILES\KMSPICO 10.0.6\REVENYOU\KMSPICO.EXE

    Adware.Tracking Cookie
    .everesttech.net\everest_g_v2 [ C:\USERS\ADMIIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .scorecardresearch.com\UID [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .scorecardresearch.com\UIDR [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\id [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net\IDE [ C:\USERS\HERB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.myfitnesspal.com\tracker [ C:\USERS\HERB_2\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    ============
    End of Log
    ============

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello.

    Is McAfee AV any good?
    Nothing wrong with McAfee ! It does not block Trovi nor does any other anti virus program, the companies have never been on board to block adware such as Trovi and others.


    Next

    Please download

    AdwCleaner
    by Xplode onto your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Last edited by zep516; 02-07-2016 at 01:31 PM.

  4. #4
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Pro x86
    Ran by Admiis (Administrator) on Sun 02/07/2016 at 14:33:18.83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/07/2016 at 14:36:22.40
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v5.033 - Logfile created 07/02/2016 at 14:21:09
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 10 Pro (x86)
    # Username : Admiis - HERB-PC
    # Running from : C:\Users\Herb\Desktop\adwcleaner_5.033.exe
    # Option : Scan
    # Support : Forum - ToolsLib

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www-mysearch.com/?pid=s&s=G27zTUTBL11,5facde8b-feeb-4192-b59b-d274f8bb80c8,&vp=ch&prd=set_ch
    [C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa

    ########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [905 bytes] ##########

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    On the adwCleaner make sure we do run the clean option,

    Lets take a more thorough look at the computer, using Farber recover scan tool. This is a diagnostics scan only. Post both log reports. You will want the 64Bit version.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  6. #6
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
    Ran by Herb (2016-02-07 15:01:17)
    Running from C:\Users\Herb\Desktop
    Microsoft Windows 10 Pro (X86) (2015-12-04 09:31:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Admiis (S-1-5-21-57612297-3157999027-2505413976-1005 - Administrator - Enabled) => C:\Users\Admiis
    Administrator (S-1-5-21-57612297-3157999027-2505413976-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-57612297-3157999027-2505413976-503 - Limited - Disabled)
    Guest (S-1-5-21-57612297-3157999027-2505413976-501 - Limited - Disabled)
    Herb (S-1-5-21-57612297-3157999027-2505413976-1001 - Limited - Enabled) => C:\Users\Herb
    HomeGroupUser$ (S-1-5-21-57612297-3157999027-2505413976-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    BbeXtreme (Version: 15.1.1 - Bluebeam Software) Hidden
    Bluebeam Revu 2015.1.1 (HKLM\...\{11206E68-98D8-4D69-8784-52D50C333C37}) (Version: 15.1.1 - Bluebeam Software, Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C4400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
    D2400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    D2400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dropbox (HKLM\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
    Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
    LavasoftTcpService (HKLM\...\{5916A24B-59A4-4FDB-9753-499CB1F65362}) (Version: 2.3.4.2 - Lavasoft)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Multi Access - Total Protection (HKLM\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
    partypoker (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\PartyPoker) (Version: - )
    PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BD6CE5-F6C9-45B2-9E91-28D23438AB78} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {058DD1DF-209A-4B14-AC32-1453E0249824} - Access Denied.
    Task: {07A7A1C5-4FBA-4F80-B591-185C203820A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0957777E-9BCC-40F9-9B69-5D562CC7F5DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {0C40E1FD-B0A3-4851-96A5-33418CDC96FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {0DD245D5-A5E5-473D-968E-50561E2E60F1} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {1C3C93F8-D055-4BD0-8C47-BCF2E0AE1EA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {24FE5FCD-4707-46A4-AF5B-FE04D8A06C07} - \avast! Emergency Update -> No File <==== ATTENTION
    Task: {25C0E321-78C2-48A6-BCD9-04027350BC5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-30] (Adobe Systems Incorporated)
    Task: {25D8B200-52EC-4DCB-8FB6-D7C1B2A3182D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2EC3405E-2303-416B-A292-101E3D55DF9F} - Access Denied.
    Task: {2F119B5E-0B14-44ED-A760-9719BE77EF7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3166A241-C56C-4761-8915-388F3CBED705} - Access Denied.
    Task: {328B8003-47E5-47D5-B08A-4BB979425E86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {37F4EC31-59BC-4C3E-A281-9501A11E566C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4266D9AC-830F-4FED-87B7-97EC8A7AA2DC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {46915634-16E9-452A-8DF6-DF59AF71C680} - Access Denied.
    Task: {49FE350C-0EE5-4393-8F54-D485CCE70CA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {50054420-21A4-46C3-AB11-304619AB7646} - Access Denied.
    Task: {51164354-CC73-4297-B068-4B63ABFD6A6D} - Access Denied.
    Task: {5F1F4D95-AE36-4FD3-B686-FD58D738306D} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {614B5358-FA04-47B6-99CA-B8741A8289DE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {657B4A29-C214-47D1-988C-175E7DD876A8} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
    Task: {67E48A01-DD94-479E-AB89-6679A3E0C83A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69E03C4E-690A-4264-8BCB-C13CBD0A71E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6C2EDC9B-0CC3-46A9-8C52-022FD3D61802} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {6DD2E3A8-1ED5-4FFF-836B-FBB1D9655537} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7C373A58-B024-4542-84F8-636B52369C35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7D308DB5-2867-4BD0-8CF1-A27BDB6F1D46} - Access Denied.
    Task: {7F2FEA2B-416F-4A56-AB58-042DDEE84278} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {828F8DA0-4008-495B-A1E9-82EE10DE2FC6} - Access Denied.
    Task: {82EF410C-BB9E-4E5D-96D9-60484D565DCA} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-10-26] (CyberLink)
    Task: {8520B45C-E676-4A48-83FE-CBF8A96A1063} - System32\Tasks\Microsoft\Windows\WS\License Validation
    Task: {8A6BE1A6-C0AF-4C35-A2A7-56FE2244A6EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8C024F5A-9E0C-4D8E-B735-318C32979483} - Access Denied.
    Task: {90299E75-DF68-4ABF-B52D-13CB2658EB99} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {93A53D80-4541-48BF-89F4-729F160AB6F2} - System32\Tasks\Microsoft\Windows\Clip\License Validation
    Task: {98BD5589-BFE2-414A-9166-CA04D6D49681} - System32\Tasks\ExpressPlayer Installer Starter => C:\Users\Herb\AppData\Local\Temp\ExpressPlayeri2qWbQwlOr.exe <==== ATTENTION
    Task: {9CB9C8B5-7CE2-4B09-8BCB-4891EBC9A062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9D115CB1-327F-403E-A23D-156C72246F4D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9ECC9B3E-4587-4F6E-87C6-8DFBE85BB5E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F83D613-B31B-4881-9A18-94A40DEDF75F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A270ACDA-BF7A-4DFF-B4C1-639F73700D13} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B2A3E12C-0DF1-46DF-AFE4-21AB4FA2E4CD} - System32\Tasks\{F1F9E6CA-6117-4E85-98D6-0D35134F53BE} => pcalua.exe -a C:\Users\Herb\Downloads\Vistawall-OldCastle-v15.exe -d C:\Users\Herb\Downloads
    Task: {B7A72F98-E8C2-43B3-B11E-EC3A5809FC1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C2EB035D-9CF2-4B26-AF7E-AE18FA5E463F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C52EF520-60A8-4932-AA4B-C3ECC19A956E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CB0541BA-C0D3-4030-8B8D-0D80640DFFCE} - Access Denied.
    Task: {CC73393C-88C5-48D7-8AD0-A83F4EC3001A} - Access Denied.
    Task: {CDC0DB9E-1BAF-4282-AAA3-A1D3788FF107} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CE8E677A-CB1A-43A6-9F5C-69A9808EE584} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D11A7F9E-FBC5-40D3-B34A-7B23840C8E3F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D170C768-7A43-4E11-BE71-B365247C5163} - Access Denied.
    Task: {D85D5480-FD97-4206-9D71-08F4B2142031} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DD031793-A475-48D8-808E-CD8DAEDC70B0} - System32\Tasks\{927ECC44-C9E0-4116-A279-418C6F56B559} => pcalua.exe -a "C:\Program Files\MaxDrivrUpdater\uninstall.exe"
    Task: {E631B780-04DD-46C3-A8D9-1CECE540646C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {F1FA00BA-6F72-4417-BE48-3012DA5536C5} - Access Denied.
    Task: {F71BF47C-4A4C-4289-82C6-A9FD61FB999B} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {FC2277F8-9A49-47AA-8AFD-FD361328A899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FD0057E8-39A0-41D7-9364-9F89BD5800E7} - Access Denied.
    Task: {FD6BC3B9-92AC-49B6-B143-4A6F926DE5FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FEB7F6CC-608C-48D4-90AB-519A81847553} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job =>
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job =>
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job =>

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-30 17:58 - 2016-01-04 20:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 01427456 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00477696 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
    2015-12-17 19:31 - 2015-12-06 23:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-17 19:31 - 2015-12-06 22:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-30 17:58 - 2016-01-04 20:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-30 17:58 - 2016-01-04 20:20 - 00696320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-01-30 17:58 - 2016-01-16 00:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-30 17:58 - 2016-01-16 00:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00022848 _____ () C:\Program Files\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00023352 _____ () C:\Program Files\Dropbox\Client\Crypto.Util._counter.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00042296 _____ () C:\Program Files\Dropbox\Client\Crypto.Cipher._AES.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
    2015-12-20 15:33 - 2015-12-21 19:22 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00109520 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 01734984 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00020800 _____ () C:\Program Files\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00021320 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00117056 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00031568 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2015-12-27 16:48 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
    2015-12-20 15:33 - 2015-12-21 19:22 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00021304 _____ () C:\Program Files\Dropbox\Client\Crypto.Util.strxor.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00084792 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
    2015-12-20 15:33 - 2015-12-21 19:22 - 01826608 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 03891504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 01950000 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00519984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00133936 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00225080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00486704 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00019920 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00786904 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00063448 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00019408 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
    2016-02-04 19:40 - 2016-02-03 02:27 - 01632584 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
    2016-02-04 19:40 - 2016-02-03 02:27 - 00087880 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.103\libegl.dll
    2016-01-30 18:15 - 2016-01-30 18:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-30 18:15 - 2016-01-30 18:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-30 18:15 - 2016-01-30 18:15 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-domains-registrations.com -> 1 Domains Technology Blog
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1001namen.com -> 1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123moviedownload.com -> 123Movies - Watch Free Movies Streaming Online Now
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2016-02-06 19:22 - 00450452 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 activate.wip3.adobe.com127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 15449 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Herb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [{1C645187-350D-4851-8CF4-B9673C7A3E69}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [TCP Query User{11C22F5B-8B86-40D7-9A4C-B3B33768846D}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{AC703DB0-BCD9-4332-9F61-2C4ED18AB4FD}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{A5D2ADB0-CD56-4C34-A515-49CF05BF3B54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{47D17812-F291-4225-AF3C-1F990308CA34}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{30D8C4AB-51BD-4544-A587-664A4C9B0200}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A81AFB34-87B0-499D-AA2E-22D287F26450}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{691684ED-20A3-426F-B777-DBCC1F775AAD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{EDDB3AC1-4497-48AE-9E4B-377BD4A36924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{5FC78721-87DC-4013-A0F2-4492D4A60DD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{6473C857-5691-408A-9F12-E01070D4166E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{19CA588C-0EB3-471A-8949-8140B1DC18EC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{1A5B2BC7-73B5-4849-A25E-3AE2FF9E71F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F6578C24-B2DF-4617-8A82-81E07440BBD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{8B67C9C0-F4AA-4C3D-BECE-F6A84630B034}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{8CE6B298-D88B-4D0E-B602-0E889AE34072}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{DBDDD5DB-606E-4200-A389-B5952297D192}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{06195D7F-61C9-4BED-A8EF-9953112C3C0A}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{95A35D96-2DBA-42B6-970D-0AFAC3B453C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{361EBA54-131C-428D-A8F9-230EEFB3F98F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{03702866-8729-4181-9A96-6255667C9C48}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{B178A7CB-125F-4672-940A-F55094127F80}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{E5739623-411E-4A0F-A9C7-B674302564C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{DBA1FB0E-9043-435D-8274-2C9C8756BBDA}] => (Allow) LPort=50248
    FirewallRules: [{A3B7BC7E-4655-4426-9D79-E21925F0EF77}] => (Allow) LPort=7939
    FirewallRules: [{6A9DC065-537D-4D34-8BB3-9C0645EAA7C7}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{0D2B7AF0-C064-4493-BA63-786ED60F4713}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{F6B58C45-8B96-4D60-8650-F64C45304119}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{8B803C55-702E-48CC-979C-CB2B31012643}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{2C254175-1EB9-4D55-9EFE-821934F51A62}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{A77426BC-B4F8-4F1B-B4D7-B441BA75C91C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D44DD7B3-5C2B-4D2B-ADBD-1BF1C161CF96}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{001A0993-9EFE-48D4-8FA5-36588018211F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{36AF6046-F7EC-4779-8190-0EBA707BBE8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{806A5E43-1053-4415-96C6-D76D4F7B2B02}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/07/2016 02:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0x14cc
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (02/07/2016 02:33:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/07/2016 01:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MsgRunner.exe, version: 1.0.6010.0, time stamp: 0x563bd9af
    Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540875
    Exception code: 0xc0000374
    Fault offset: 0x000e546e
    Faulting process id: 0x2434
    Faulting application start time: 0xMsgRunner.exe0
    Faulting application path: MsgRunner.exe1
    Faulting module path: MsgRunner.exe2
    Report Id: MsgRunner.exe3
    Faulting package full name: MsgRunner.exe4
    Faulting package-relative application ID: MsgRunner.exe5

    Error: (02/07/2016 10:48:20 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=41499869-4103-4d3b-9da6-d07df41b6e39

    Error: (02/07/2016 10:48:20 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/07/2016 10:11:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERB-PC)
    Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/07/2016 10:10:25 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0x80072EE7
    Sku Id=064383fa-1538-491c-859b-0ecab169a0ab

    Error: (02/07/2016 10:10:25 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0x80072EE7

    Error: (02/07/2016 09:43:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HERB-PC)
    Description: Package Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (02/07/2016 09:38:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERB-PC)
    Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (02/07/2016 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: HERB-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Herb-PCHerbS-1-5-21-57612297-3157999027-2505413976-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/07/2016 02:56:06 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:06 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:03 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-02-07 10:48:13.841
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:42:15.098
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:14:20.879
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:10:24.415
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:06:19.246
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 19:27:38.646
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 19:06:35.095
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:54:53.505
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:51:00.278
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:47:59.261
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II P360 Dual-Core Processor
    Percentage of memory in use: 47%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1882.51 MB
    Total Virtual: 7162.9 MB
    Available Virtual: 5274.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.82 GB) (Free:218.15 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================

  7. #7
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
    Ran by Herb (2016-02-07 15:01:17)
    Running from C:\Users\Herb\Desktop
    Microsoft Windows 10 Pro (X86) (2015-12-04 09:31:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Admiis (S-1-5-21-57612297-3157999027-2505413976-1005 - Administrator - Enabled) => C:\Users\Admiis
    Administrator (S-1-5-21-57612297-3157999027-2505413976-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-57612297-3157999027-2505413976-503 - Limited - Disabled)
    Guest (S-1-5-21-57612297-3157999027-2505413976-501 - Limited - Disabled)
    Herb (S-1-5-21-57612297-3157999027-2505413976-1001 - Limited - Enabled) => C:\Users\Herb
    HomeGroupUser$ (S-1-5-21-57612297-3157999027-2505413976-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    BbeXtreme (Version: 15.1.1 - Bluebeam Software) Hidden
    Bluebeam Revu 2015.1.1 (HKLM\...\{11206E68-98D8-4D69-8784-52D50C333C37}) (Version: 15.1.1 - Bluebeam Software, Inc.)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C4400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
    CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
    D2400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    D2400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
    Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dropbox (HKLM\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
    Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
    LavasoftTcpService (HKLM\...\{5916A24B-59A4-4FDB-9753-499CB1F65362}) (Version: 2.3.4.2 - Lavasoft)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Multi Access - Total Protection (HKLM\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
    partypoker (HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\PartyPoker) (Version: - )
    PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BD6CE5-F6C9-45B2-9E91-28D23438AB78} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {058DD1DF-209A-4B14-AC32-1453E0249824} - Access Denied.
    Task: {07A7A1C5-4FBA-4F80-B591-185C203820A1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0957777E-9BCC-40F9-9B69-5D562CC7F5DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {0C40E1FD-B0A3-4851-96A5-33418CDC96FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
    Task: {0DD245D5-A5E5-473D-968E-50561E2E60F1} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {1C3C93F8-D055-4BD0-8C47-BCF2E0AE1EA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {24FE5FCD-4707-46A4-AF5B-FE04D8A06C07} - \avast! Emergency Update -> No File <==== ATTENTION
    Task: {25C0E321-78C2-48A6-BCD9-04027350BC5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-30] (Adobe Systems Incorporated)
    Task: {25D8B200-52EC-4DCB-8FB6-D7C1B2A3182D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2EC3405E-2303-416B-A292-101E3D55DF9F} - Access Denied.
    Task: {2F119B5E-0B14-44ED-A760-9719BE77EF7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3166A241-C56C-4761-8915-388F3CBED705} - Access Denied.
    Task: {328B8003-47E5-47D5-B08A-4BB979425E86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {37F4EC31-59BC-4C3E-A281-9501A11E566C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4266D9AC-830F-4FED-87B7-97EC8A7AA2DC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {46915634-16E9-452A-8DF6-DF59AF71C680} - Access Denied.
    Task: {49FE350C-0EE5-4393-8F54-D485CCE70CA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {50054420-21A4-46C3-AB11-304619AB7646} - Access Denied.
    Task: {51164354-CC73-4297-B068-4B63ABFD6A6D} - Access Denied.
    Task: {5F1F4D95-AE36-4FD3-B686-FD58D738306D} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {614B5358-FA04-47B6-99CA-B8741A8289DE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {657B4A29-C214-47D1-988C-175E7DD876A8} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
    Task: {67E48A01-DD94-479E-AB89-6679A3E0C83A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {69E03C4E-690A-4264-8BCB-C13CBD0A71E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6C2EDC9B-0CC3-46A9-8C52-022FD3D61802} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {6DD2E3A8-1ED5-4FFF-836B-FBB1D9655537} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7C373A58-B024-4542-84F8-636B52369C35} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7D308DB5-2867-4BD0-8CF1-A27BDB6F1D46} - Access Denied.
    Task: {7F2FEA2B-416F-4A56-AB58-042DDEE84278} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {828F8DA0-4008-495B-A1E9-82EE10DE2FC6} - Access Denied.
    Task: {82EF410C-BB9E-4E5D-96D9-60484D565DCA} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-10-26] (CyberLink)
    Task: {8520B45C-E676-4A48-83FE-CBF8A96A1063} - System32\Tasks\Microsoft\Windows\WS\License Validation
    Task: {8A6BE1A6-C0AF-4C35-A2A7-56FE2244A6EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8C024F5A-9E0C-4D8E-B735-318C32979483} - Access Denied.
    Task: {90299E75-DF68-4ABF-B52D-13CB2658EB99} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {93A53D80-4541-48BF-89F4-729F160AB6F2} - System32\Tasks\Microsoft\Windows\Clip\License Validation
    Task: {98BD5589-BFE2-414A-9166-CA04D6D49681} - System32\Tasks\ExpressPlayer Installer Starter => C:\Users\Herb\AppData\Local\Temp\ExpressPlayeri2qWbQwlOr.exe <==== ATTENTION
    Task: {9CB9C8B5-7CE2-4B09-8BCB-4891EBC9A062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9D115CB1-327F-403E-A23D-156C72246F4D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9ECC9B3E-4587-4F6E-87C6-8DFBE85BB5E1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F83D613-B31B-4881-9A18-94A40DEDF75F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A270ACDA-BF7A-4DFF-B4C1-639F73700D13} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B2A3E12C-0DF1-46DF-AFE4-21AB4FA2E4CD} - System32\Tasks\{F1F9E6CA-6117-4E85-98D6-0D35134F53BE} => pcalua.exe -a C:\Users\Herb\Downloads\Vistawall-OldCastle-v15.exe -d C:\Users\Herb\Downloads
    Task: {B7A72F98-E8C2-43B3-B11E-EC3A5809FC1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C2EB035D-9CF2-4B26-AF7E-AE18FA5E463F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C52EF520-60A8-4932-AA4B-C3ECC19A956E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {CB0541BA-C0D3-4030-8B8D-0D80640DFFCE} - Access Denied.
    Task: {CC73393C-88C5-48D7-8AD0-A83F4EC3001A} - Access Denied.
    Task: {CDC0DB9E-1BAF-4282-AAA3-A1D3788FF107} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CE8E677A-CB1A-43A6-9F5C-69A9808EE584} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D11A7F9E-FBC5-40D3-B34A-7B23840C8E3F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D170C768-7A43-4E11-BE71-B365247C5163} - Access Denied.
    Task: {D85D5480-FD97-4206-9D71-08F4B2142031} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DD031793-A475-48D8-808E-CD8DAEDC70B0} - System32\Tasks\{927ECC44-C9E0-4116-A279-418C6F56B559} => pcalua.exe -a "C:\Program Files\MaxDrivrUpdater\uninstall.exe"
    Task: {E631B780-04DD-46C3-A8D9-1CECE540646C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {F1FA00BA-6F72-4417-BE48-3012DA5536C5} - Access Denied.
    Task: {F71BF47C-4A4C-4289-82C6-A9FD61FB999B} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {FC2277F8-9A49-47AA-8AFD-FD361328A899} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FD0057E8-39A0-41D7-9364-9F89BD5800E7} - Access Denied.
    Task: {FD6BC3B9-92AC-49B6-B143-4A6F926DE5FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FEB7F6CC-608C-48D4-90AB-519A81847553} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job =>
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job =>
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job =>
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job =>

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 06:52 - 2015-12-04 06:52 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-30 17:58 - 2016-01-04 20:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 01427456 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
    2015-10-30 00:44 - 2015-10-30 00:44 - 00477696 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
    2015-12-17 19:31 - 2015-12-06 23:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-17 19:31 - 2015-12-06 22:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-30 17:58 - 2016-01-04 20:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-30 17:58 - 2016-01-04 20:20 - 00696320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-01-30 17:58 - 2016-01-16 00:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-30 17:58 - 2016-01-16 00:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00022848 _____ () C:\Program Files\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00023352 _____ () C:\Program Files\Dropbox\Client\Crypto.Util._counter.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00042296 _____ () C:\Program Files\Dropbox\Client\Crypto.Cipher._AES.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
    2015-12-20 15:33 - 2015-12-21 19:22 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00109520 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 01734984 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00020800 _____ () C:\Program Files\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00021320 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00117056 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00031568 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2015-12-27 16:48 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
    2015-12-20 15:33 - 2015-12-21 19:22 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
    2015-12-27 16:48 - 2015-12-21 14:42 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00021304 _____ () C:\Program Files\Dropbox\Client\Crypto.Util.strxor.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
    2015-12-27 16:48 - 2015-12-21 19:22 - 00084792 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
    2015-12-20 15:33 - 2015-12-21 19:22 - 01826608 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 03891504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 01950000 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00519984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00133936 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00225080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00486704 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
    2015-12-20 15:33 - 2015-12-21 19:22 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
    2015-12-20 15:33 - 2015-12-21 14:42 - 00019920 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00786904 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00063448 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-12-20 15:33 - 2015-12-21 14:42 - 00019408 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
    2016-02-04 19:40 - 2016-02-03 02:27 - 01632584 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
    2016-02-04 19:40 - 2016-02-03 02:27 - 00087880 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.103\libegl.dll
    2016-01-30 18:15 - 2016-01-30 18:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-30 18:15 - 2016-01-30 18:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-30 18:15 - 2016-01-30 18:15 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\0scan.com -> 0scan.com*-*This website is for sale!*-*0scan Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1-domains-registrations.com -> 1 Domains Technology Blog
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\1001namen.com -> 1001namen.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123moviedownload.com -> 123Movies - Watch Free Movies Streaming Online Now
    IE restricted site: HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\123simsen.com -> WebMD - Better information. Better health.

    There are 7857 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:04 - 2016-02-06 19:22 - 00450452 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 activate.wip3.adobe.com127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 0scan.com*-*This website is for sale!*-*0scan Resources and Information.
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 15449 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Herb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [{1C645187-350D-4851-8CF4-B9673C7A3E69}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [TCP Query User{11C22F5B-8B86-40D7-9A4C-B3B33768846D}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{AC703DB0-BCD9-4332-9F61-2C4ED18AB4FD}C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\herb\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{A5D2ADB0-CD56-4C34-A515-49CF05BF3B54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{47D17812-F291-4225-AF3C-1F990308CA34}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{30D8C4AB-51BD-4544-A587-664A4C9B0200}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A81AFB34-87B0-499D-AA2E-22D287F26450}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{691684ED-20A3-426F-B777-DBCC1F775AAD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{EDDB3AC1-4497-48AE-9E4B-377BD4A36924}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{5FC78721-87DC-4013-A0F2-4492D4A60DD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{6473C857-5691-408A-9F12-E01070D4166E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{19CA588C-0EB3-471A-8949-8140B1DC18EC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{1A5B2BC7-73B5-4849-A25E-3AE2FF9E71F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{F6578C24-B2DF-4617-8A82-81E07440BBD7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{8B67C9C0-F4AA-4C3D-BECE-F6A84630B034}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{8CE6B298-D88B-4D0E-B602-0E889AE34072}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{DBDDD5DB-606E-4200-A389-B5952297D192}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{06195D7F-61C9-4BED-A8EF-9953112C3C0A}] => (Allow) C:\Users\Admiis\AppData\Local\Temp\7zS495B\hppiw.exe
    FirewallRules: [{95A35D96-2DBA-42B6-970D-0AFAC3B453C9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{361EBA54-131C-428D-A8F9-230EEFB3F98F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{03702866-8729-4181-9A96-6255667C9C48}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{B178A7CB-125F-4672-940A-F55094127F80}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{E5739623-411E-4A0F-A9C7-B674302564C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{DBA1FB0E-9043-435D-8274-2C9C8756BBDA}] => (Allow) LPort=50248
    FirewallRules: [{A3B7BC7E-4655-4426-9D79-E21925F0EF77}] => (Allow) LPort=7939
    FirewallRules: [{6A9DC065-537D-4D34-8BB3-9C0645EAA7C7}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{0D2B7AF0-C064-4493-BA63-786ED60F4713}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
    FirewallRules: [{F6B58C45-8B96-4D60-8650-F64C45304119}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{8B803C55-702E-48CC-979C-CB2B31012643}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{2C254175-1EB9-4D55-9EFE-821934F51A62}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{A77426BC-B4F8-4F1B-B4D7-B441BA75C91C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D44DD7B3-5C2B-4D2B-ADBD-1BF1C161CF96}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{001A0993-9EFE-48D4-8FA5-36588018211F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{36AF6046-F7EC-4779-8190-0EBA707BBE8D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{806A5E43-1053-4415-96C6-D76D4F7B2B02}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/07/2016 02:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0x14cc
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (02/07/2016 02:33:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/07/2016 01:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MsgRunner.exe, version: 1.0.6010.0, time stamp: 0x563bd9af
    Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540875
    Exception code: 0xc0000374
    Fault offset: 0x000e546e
    Faulting process id: 0x2434
    Faulting application start time: 0xMsgRunner.exe0
    Faulting application path: MsgRunner.exe1
    Faulting module path: MsgRunner.exe2
    Report Id: MsgRunner.exe3
    Faulting package full name: MsgRunner.exe4
    Faulting package-relative application ID: MsgRunner.exe5

    Error: (02/07/2016 10:48:20 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0xC004C003
    Sku Id=41499869-4103-4d3b-9da6-d07df41b6e39

    Error: (02/07/2016 10:48:20 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0xC004C003

    Error: (02/07/2016 10:11:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERB-PC)
    Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/07/2016 10:10:25 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
    Description: Acquisition of End User License failed. hr=0x80072EE7
    Sku Id=064383fa-1538-491c-859b-0ecab169a0ab

    Error: (02/07/2016 10:10:25 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0x80072EE7

    Error: (02/07/2016 09:43:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HERB-PC)
    Description: Package Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (02/07/2016 09:38:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERB-PC)
    Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (02/07/2016 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: HERB-PC)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Herb-PCHerbS-1-5-21-57612297-3157999027-2505413976-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/07/2016 02:56:06 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:06 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:03 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: C:\Users\Admiis\AppData\Local\Temp\7zS495B\hpslpsvc32.dll -Embedding2{10DA4F3C-CC99-4190-BE4D-58330754E882}

    Error: (02/07/2016 02:56:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/07/2016 02:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_40449 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-02-07 10:48:13.841
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:42:15.098
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:14:20.879
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:10:24.415
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-07 10:06:19.246
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 19:27:38.646
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 19:06:35.095
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:54:53.505
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:51:00.278
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-06 18:47:59.261
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II P360 Dual-Core Processor
    Percentage of memory in use: 47%
    Total physical RAM: 3578.9 MB
    Available physical RAM: 1882.51 MB
    Total Virtual: 7162.9 MB
    Available Virtual: 5274.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.82 GB) (Free:218.15 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.98 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    Please uninstall
    LavasoftTcpService

    Right click your start button in the lower left hand corner looks like 4 white windows, in the window that opens click program an features in the list find LavasoftTcpService and uninstall it.

    Also on your desktop look for FRST.txt and post it.

    We need to turn system restore on. We will get to that, right know uninstall LavasoftTcpService and post FRST.TXT

  9. #9
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
    Ran by Herb (ATTENTION: The user is not administrator) on HERB-PC (07-02-2016 14:59:50)
    Running from C:\Users\Herb\Desktop
    Loaded Profiles: Herb (Available Profiles: Herb & Admiis & DefaultAppPool)
    Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    Failed to access process -> smss.exe
    Failed to access process -> csrss.exe
    Failed to access process -> wininit.exe
    Failed to access process -> csrss.exe
    Failed to access process -> services.exe
    Failed to access process -> lsass.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> winlogon.exe
    Failed to access process -> dwm.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> atiesrxx.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> atieclxx.exe
    Failed to access process -> svchost.exe
    Failed to access process -> spoolsv.exe
    Failed to access process -> SASCORE.EXE
    Failed to access process -> armsvc.exe
    Failed to access process -> Connect.Service.ContentService.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> mfevtps.exe
    Failed to access process -> mcsacore.exe
    Failed to access process -> mfemms.exe
    Failed to access process -> svchost.exe
    Failed to access process -> mqsvc.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> SynTPEnhService.exe
    Failed to access process -> mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    Failed to access process -> mfefire.exe
    Failed to access process -> mfefire.exe
    Failed to access process -> McAPExe.exe
    Failed to access process -> McSvHost.exe
    Failed to access process -> dasHost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> svchost.exe
    Failed to access process -> SMSvcHost.exe
    Failed to access process -> SMSvcHost.exe
    Failed to access process -> taskeng.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    Failed to access process -> GoogleCrashHandler.exe
    Failed to access process -> SearchIndexer.exe
    (CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    Failed to access process -> svchost.exe
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
    (Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
    (Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    Failed to access process -> WmiPrvSE.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    Failed to access process -> SearchProtocolHost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    Failed to access process -> McCSPServiceHost.exe
    Failed to access process -> SearchFilterHost.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    Failed to access process -> WmiPrvSE.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [24952376 2015-12-21] (Dropbox, Inc.)
    HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2015-05-22] (Bluebeam Software, Inc.)
    HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [220728 2015-05-22] (Bluebeam Software, Inc.)
    HKLM\...\Run: [s5markrun] => C:\Program Files\S5\S5mark.exe
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\...\Policies\Explorer: []
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-02-06]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{aae55f4a-c140-4b21-81f7-080dbe43962e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bc84ffe2-6b6b-4277-bdb7-d0620dc5be93}: [DhcpNameServer] 167.206.13.180 167.206.13.181

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-57612297-3157999027-2505413976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
    BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\mcieplg.dll [2015-12-02] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-30] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-57612297-3157999027-2505413976-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Herb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-31] (Citrix Online)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-01] [not signed]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-18] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-01-31]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-31] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP24eo9kfZX0nx5RMnF8q7m-bdyJXQSNUUY4R1HRdYxuMfvWxYwKsbRLiDlSBw-UcmDy1vXQytKsIWZWKNUBocW6wxoi0UOKrJs5h5W9CP7fI6Vf0OPKjKFNACXINRIUmaM9acpggegG2WIbQ6dboASNtmrMJShyh30UxXm7u-DP_i1qENNmtyPQc,
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-13]
    CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-13]
    CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-13]
    CHR Extension: (YouTube) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
    CHR Extension: (Adblock Plus) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
    CHR Extension: (Google Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
    CHR Extension: (Google Sheets) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-13]
    CHR Extension: (SiteAdvisor) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-13]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-12-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-13]
    CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-13]
    CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (No Name) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-28]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-12-29]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-26] (SUPERAntiSpyware.com)
    R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-20] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-20] (Dropbox, Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-05-15] (Flexera Software LLC)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R3 lmhosts; C:\WINDOWS\System32\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [134208 2015-12-02] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [771296 2015-12-03] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1251264 2015-09-01] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [531288 2015-10-20] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-09-21] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [340232 2015-10-21] (McAfee, Inc.)
    R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [243432 2015-09-21] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [377288 2015-11-02] (McAfee, Inc.)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    R2 nsi; C:\WINDOWS\system32\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\WINDOWS\system32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72568 2015-09-23] (McAfee, Inc.)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [157288 2015-05-19] (McAfee, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [67800 2015-09-29] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [319672 2015-09-23] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [273840 2015-09-23] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [73344 2015-09-23] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [383040 2015-09-23] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [649864 2015-09-23] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [424768 2015-10-06] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [89552 2015-10-06] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [32816 2015-12-02] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [201808 2015-09-23] (McAfee, Inc.)
    R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [287488 2015-08-07] (Realtek Semiconductor Corp.)
    R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-07 14:59 - 2016-02-07 15:00 - 00023350 _____ C:\Users\Herb\Desktop\FRST.txt
    2016-02-07 14:59 - 2016-02-07 14:59 - 01721344 _____ (Farbar) C:\Users\Herb\Downloads\FRST.exe
    2016-02-07 14:59 - 2016-02-07 14:59 - 01721344 _____ (Farbar) C:\Users\Herb\Desktop\FRST.exe
    2016-02-07 14:59 - 2016-02-07 14:59 - 00000000 ____D C:\FRST
    2016-02-07 14:51 - 2016-02-07 14:51 - 02370560 _____ (Farbar) C:\Users\Herb\Downloads\FRST64.exe
    2016-02-07 14:30 - 2016-02-07 14:33 - 01609032 _____ (Malwarebytes) C:\Users\Herb\Desktop\JRT.exe
    2016-02-07 14:30 - 2016-02-07 14:30 - 01609032 _____ (Malwarebytes) C:\Users\Herb\Downloads\JRT.exe
    2016-02-07 14:25 - 2016-02-07 14:25 - 00001086 _____ C:\Users\Herb\Desktop\AdwCleaner[C1].txt
    2016-02-07 14:21 - 2016-02-07 14:23 - 00000981 _____ C:\Users\Herb\Desktop\AdwCleaner[S1].txt
    2016-02-07 14:20 - 2016-02-07 14:55 - 00000000 ____D C:\AdwCleaner
    2016-02-07 14:20 - 2016-02-07 14:20 - 01508352 _____ C:\Users\Herb\Desktop\adwcleaner_5.033.exe
    2016-02-07 14:19 - 2016-02-07 14:19 - 01508352 _____ C:\Users\Herb\Downloads\adwcleaner_5.033.exe
    2016-02-07 10:41 - 2016-02-07 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-02-07 10:40 - 2016-02-07 10:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2016-02-07 10:39 - 2016-02-07 10:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server
    2016-02-07 10:39 - 2016-02-07 10:39 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2016-02-07 10:39 - 2016-02-07 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-02-07 10:36 - 2016-02-07 10:36 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
    2016-02-06 20:15 - 2016-02-06 20:15 - 00388608 _____ (Trend Micro Inc.) C:\Users\Herb\Desktop\HijackThis.exe
    2016-02-06 20:14 - 2016-02-06 20:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Herb\Downloads\HijackThis.exe
    2016-02-06 19:27 - 2016-02-06 19:27 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Mozilla
    2016-02-06 19:26 - 2016-02-06 19:26 - 00000000 ____D C:\Program Files\Common Files\Indigodax
    2016-02-06 19:25 - 2016-02-06 20:03 - 00000000 ____D C:\Program Files\06E7B77E-1454804726-DE8D-F724-32B58E82D88D
    2016-02-06 19:24 - 2016-02-06 19:22 - 00450452 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2016-02-06 19:23 - 2016-02-06 20:08 - 00000000 ____D C:\Program Files\06E7B77E-1454804614-DE8D-F724-32B58E82D88D
    2016-02-06 19:21 - 2016-02-06 19:21 - 00000000 ____D C:\WINDOWS\Book Source
    2016-02-06 19:15 - 2016-02-06 19:15 - 00006638 _____ C:\WINDOWS\TEMPcoral.vbs
    2016-02-06 19:14 - 2016-02-06 20:03 - 00000000 ____D C:\Program Files\S5
    2016-02-06 19:14 - 2016-02-06 20:03 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
    2016-02-06 19:14 - 2016-02-06 19:14 - 00000000 ____D C:\Users\Herb\AppData\Roaming\c
    2016-02-06 19:14 - 2016-02-06 19:14 - 00000000 ____D C:\ProgramData\1454804090
    2016-02-06 16:30 - 2016-02-06 16:30 - 00000000 ____D C:\Users\Herb\Desktop\Office 2013
    2016-01-30 17:58 - 2016-01-16 01:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-30 17:58 - 2016-01-16 01:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-30 17:58 - 2016-01-16 01:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-30 17:58 - 2016-01-16 01:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-30 17:58 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-30 17:58 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-30 17:58 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-30 17:58 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-30 17:58 - 2016-01-16 01:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-30 17:58 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-30 17:58 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-30 17:58 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-01-30 17:58 - 2016-01-16 01:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-30 17:58 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-01-30 17:58 - 2016-01-16 01:08 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-01-30 17:58 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-30 17:58 - 2016-01-16 01:08 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-01-30 17:58 - 2016-01-16 01:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-30 17:58 - 2016-01-16 01:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-30 17:58 - 2016-01-16 00:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-30 17:58 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-30 17:58 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-30 17:58 - 2016-01-16 00:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-30 17:58 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-30 17:58 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-30 17:58 - 2016-01-16 00:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-30 17:58 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-30 17:58 - 2016-01-16 00:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-30 17:58 - 2016-01-16 00:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-30 17:58 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-30 17:58 - 2016-01-16 00:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-30 17:58 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-30 17:58 - 2016-01-16 00:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-30 17:58 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-30 17:58 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-30 17:58 - 2016-01-16 00:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-30 17:58 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-30 17:58 - 2016-01-16 00:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-30 17:58 - 2016-01-16 00:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-30 17:58 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-01-30 17:58 - 2016-01-16 00:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-30 17:58 - 2016-01-16 00:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-30 17:58 - 2016-01-16 00:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-30 17:58 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-30 17:58 - 2016-01-16 00:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-30 17:58 - 2016-01-16 00:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-30 17:58 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-30 17:58 - 2016-01-16 00:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-30 17:58 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-30 17:58 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-30 17:58 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-30 17:58 - 2016-01-16 00:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-30 17:58 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-30 17:58 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-30 17:58 - 2016-01-16 00:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-30 17:58 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-30 17:58 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-30 17:58 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-30 17:58 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-30 17:58 - 2016-01-16 00:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-30 17:58 - 2016-01-16 00:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-30 17:58 - 2016-01-16 00:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-30 17:58 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-30 17:58 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-30 17:58 - 2016-01-16 00:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-30 17:58 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-30 17:58 - 2016-01-16 00:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-30 17:58 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-30 17:58 - 2016-01-16 00:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-30 17:58 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-30 17:58 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-30 17:58 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-30 17:58 - 2016-01-16 00:14 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-01-30 17:58 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-30 17:58 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-30 17:58 - 2016-01-16 00:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-01-30 17:58 - 2016-01-04 21:49 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-30 17:58 - 2016-01-04 21:49 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-30 17:58 - 2016-01-04 21:49 - 00926560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-30 17:58 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-30 17:58 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-30 17:58 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-30 17:58 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-30 17:58 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-30 17:58 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-30 17:58 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-30 17:58 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-30 17:58 - 2016-01-04 21:18 - 00641728 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-30 17:58 - 2016-01-04 21:17 - 01137856 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-30 17:58 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-30 17:58 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-30 17:58 - 2016-01-04 20:48 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-30 17:58 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-30 17:58 - 2016-01-04 20:47 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-30 17:58 - 2016-01-04 20:45 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-30 17:58 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-30 17:58 - 2016-01-04 20:43 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-30 17:58 - 2016-01-04 20:43 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-30 17:58 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-30 17:58 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-30 17:58 - 2016-01-04 20:41 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-30 17:58 - 2016-01-04 20:41 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-30 17:58 - 2016-01-04 20:40 - 01496064 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-30 17:58 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-30 17:58 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-30 17:58 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-30 17:58 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-30 17:58 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-30 17:58 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-30 17:58 - 2016-01-04 20:37 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-30 17:58 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-30 17:58 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-30 17:58 - 2016-01-04 20:35 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-30 17:58 - 2016-01-04 20:35 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-30 17:58 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-30 17:58 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-30 17:58 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-30 17:58 - 2016-01-04 20:25 - 01925120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-14 20:36 - 2016-01-14 20:36 - 00000000 ____D C:\Users\Herb\AppData\Local\CEF
    2016-01-13 20:17 - 2016-01-04 21:16 - 01696176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-07 15:00 - 2015-10-31 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-02-07 14:58 - 2015-10-31 19:12 - 00000000 __RSD C:\Users\Herb\Documents\McAfee Vaults
    2016-02-07 14:57 - 2013-07-13 20:32 - 00000000 ___RD C:\Users\Herb\Dropbox
    2016-02-07 14:57 - 2013-07-13 20:23 - 00000000 ____D C:\Users\Herb\AppData\Roaming\Dropbox
    2016-02-07 14:56 - 2015-12-20 15:32 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2016-02-07 14:56 - 2013-07-13 16:06 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-07 14:55 - 2015-12-04 04:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-07 14:49 - 2015-06-19 19:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-07 14:39 - 2013-07-13 16:06 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-07 14:37 - 2015-12-20 15:32 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2016-02-07 14:26 - 2015-12-04 04:00 - 00417440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-02-07 10:40 - 2015-10-30 01:58 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-02-07 10:40 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-02-07 10:39 - 2015-10-30 00:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-07 10:39 - 2013-07-13 17:57 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-02-07 10:37 - 2009-07-13 21:04 - 00000513 _____ C:\WINDOWS\win.ini
    2016-02-07 10:27 - 2014-01-09 18:45 - 00000000 ____D C:\Users\Herb\Desktop\Receipts
    2016-02-07 08:15 - 2014-07-27 11:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-06 20:36 - 2015-10-31 19:12 - 00001955 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
    2016-02-06 20:11 - 2015-12-20 18:57 - 00001924 _____ C:\Users\Public\Desktop\Bluebeam Revu.lnk
    2016-02-06 20:11 - 2015-12-13 15:16 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-06 20:11 - 2015-12-13 15:16 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-06 20:11 - 2015-12-04 04:15 - 00001451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-02-06 20:11 - 2015-09-07 13:49 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-02-06 20:11 - 2015-08-07 04:22 - 00002395 _____ C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-06 20:11 - 2014-05-15 19:28 - 00002033 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
    2016-02-06 20:11 - 2014-05-15 19:27 - 00001971 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
    2016-02-06 20:11 - 2014-05-15 19:24 - 00002026 _____ C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
    2016-02-06 20:11 - 2014-05-05 19:28 - 00001602 _____ C:\Users\Herb\Desktop\Remote Desktop Connection.lnk
    2016-02-06 20:11 - 2014-02-23 15:48 - 00001245 _____ C:\Users\Herb\Desktop\Dropbox.lnk
    2016-02-06 20:11 - 2014-01-12 17:07 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2016-02-06 20:11 - 2013-09-01 20:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2016-02-06 20:11 - 2013-09-01 20:12 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2016-02-06 20:11 - 2013-09-01 09:14 - 00001279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
    2016-02-06 20:11 - 2013-07-23 18:43 - 00001028 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-02-06 20:11 - 2013-07-19 17:37 - 00001720 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
    2016-02-06 20:11 - 2013-07-19 17:37 - 00001714 _____ C:\Users\Herb\Desktop\partypoker.lnk
    2016-02-06 20:11 - 2013-07-13 18:27 - 00002675 _____ C:\Users\Herb\Desktop\Microsoft Office Word 2007.lnk
    2016-02-06 20:11 - 2013-07-13 18:27 - 00002637 _____ C:\Users\Herb\Desktop\Microsoft Office Excel 2007.lnk
    2016-02-06 20:11 - 2013-07-13 16:57 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-06 20:11 - 2013-07-13 16:54 - 00001955 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-02-06 20:09 - 2015-08-07 04:15 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-06 20:08 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
    2016-02-06 20:08 - 2015-08-16 16:35 - 00000000 ____D C:\SUPERDelete
    2016-02-06 19:37 - 2015-10-30 00:47 - 00000000 ____D C:\WINDOWS\INF
    2016-02-06 19:34 - 2015-06-19 19:01 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-02-06 19:14 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-06 18:15 - 2013-07-27 17:01 - 00000000 ____D C:\ProgramData\McAfee
    2016-02-06 18:09 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\System
    2016-02-06 16:52 - 2014-05-15 19:35 - 00000000 ____D C:\Users\Herb\AppData\Local\cache
    2016-02-06 16:32 - 2015-12-04 04:05 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-06 16:27 - 2013-07-13 16:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-02-05 19:15 - 2015-08-07 04:22 - 00000000 ___RD C:\Users\Herb\OneDrive
    2016-02-05 18:55 - 2015-10-30 00:48 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-04 19:32 - 2013-12-22 20:28 - 00002266 ____H C:\Users\Herb\Documents\Default.rdp
    2016-02-04 19:30 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-02-01 20:23 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-31 08:34 - 2015-12-20 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
    2016-01-31 08:31 - 2015-06-17 18:21 - 00000000 ____D C:\Users\Herb\AppData\Local\Dropbox
    2016-01-31 03:35 - 2015-10-31 19:09 - 00000000 ____D C:\Program Files\McAfee
    2016-01-31 03:34 - 2015-12-04 04:06 - 00000000 ____D C:\Users\Herb
    2016-01-31 03:34 - 2013-07-16 18:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-31 03:31 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-30 20:20 - 2015-10-30 00:39 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-30 20:19 - 2014-07-07 19:04 - 00000000 ____D C:\Users\Herb\AppData\Local\ElevatedDiagnostics
    2016-01-30 18:11 - 2013-08-14 21:45 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-30 18:08 - 2015-10-31 19:06 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2016-01-30 18:07 - 2015-10-30 00:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-01-30 18:01 - 2013-07-16 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-01-30 18:01 - 2013-07-16 18:46 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-30 17:40 - 2015-12-04 04:06 - 00000000 ____D C:\Users\DefaultAppPool
    2016-01-30 17:40 - 2015-12-04 04:06 - 00000000 ____D C:\Users\Admiis
    2016-01-30 17:40 - 2015-10-30 00:48 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2016-01-30 17:40 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-01-30 17:40 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2016-01-30 17:40 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-01-30 17:40 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-01-30 17:40 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\servicing
    2016-01-30 17:40 - 2013-07-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-30 17:39 - 2015-10-31 19:09 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-01-30 17:39 - 2014-05-12 19:43 - 00000000 ____D C:\Program Files\7-Zip
    2016-01-30 17:39 - 2013-07-23 18:43 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-30 17:30 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\registration
    2016-01-30 17:29 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-01-30 17:23 - 2015-10-30 01:58 - 00000000 ____D C:\Program Files\Windows Journal
    2016-01-30 17:23 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Windows NT
    2016-01-14 20:36 - 2013-07-20 20:29 - 00000000 ____D C:\Users\Herb\AppData\Local\Adobe

    ==================== Files in the root of some directories =======

    2015-08-16 16:46 - 2015-08-16 19:27 - 0000096 _____ () C:\Users\Herb\AppData\Roaming\redline2stapler.tmp
    2013-09-01 09:12 - 2015-03-05 18:58 - 0006624 _____ () C:\ProgramData\hpzinstall.log
    2014-04-24 20:14 - 2014-05-15 19:25 - 0000263 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2015-02-15 14:29 - 2015-02-15 14:29 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    ATTENTION: ==> Could not access BCD. The user is not administrator

    ==================== End of FRST.txt ============================

  10. #10
    Member
    Join Date
    May 2015
    Posts
    76
    Points
    0

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Pro x86
    Ran by Admiis (Administrator) on Sun 02/07/2016 at 15:36:44.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/07/2016 at 15:40:02.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    # AdwCleaner v5.033 - Logfile created 07/02/2016 at 15:31:01
    # Updated 07/02/2016 by Xplode
    # Database : 2016-02-07.2 [Server]
    # Operating system : Windows 10 Pro (x86)
    # Username : Admiis - HERB-PC
    # Running from : C:\Users\Herb\Desktop\adwcleaner_5.033.exe
    # Option : Scan
    # Support : Forum - ToolsLib

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    [C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

    ########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [777 bytes] ##########

Page 1 of 3 123 LastLast