# Download.exe,



## RoyP (Sep 23, 2012)

What is Download.exe, i have just noticed it in my start menu?


----------



## Cookiegal (Aug 27, 2003)

It's "likely" malware but you can't tell just with a file name. We'd need to know the exact location and what else was downloaded at the same time.


----------



## RoyP (Sep 23, 2012)

I have no idea what was downloaded with it, just came across it in my start menu, it was enabled but I have now disabled it.

Location is: C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada}


----------



## Cookiegal (Aug 27, 2003)

What is the location of the download.exe file please.


----------



## flavallee (May 12, 2002)

You didn't say which version of Windows your computer is running.

Are you referring to the Start menu or the startup list?

*Download.exe* is most likely a threat.

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

it's posted in the Windows 8 forum and in a recent Virus removal thread it was Windows 8.1.


----------



## RoyP (Sep 23, 2012)

Do the following help?


----------



## Cookiegal (Aug 27, 2003)

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## RoyP (Sep 23, 2012)

Info as requested:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015 Ran by Roy at 2015-02-08 08:53:53 Running from C:\Users\Roy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated) Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: - ) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) AnyRail5 (HKLM-x32\...\AnyRail5 5.18.1) (Version: 5.18.1 - DRail Modelspoor Software) AnyRail5 (x32 Version: 5.18.1 - DRail Modelspoor Software) Hidden AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated) Apowersoft Free Audio Recorder V2.3.2 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.2 - APOWERSOFT LIMITED) ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft) ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP) Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile) CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.) Duplicate Cleaner Free 3.2.6 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd) <==== ATTENTION EPSON Perfection V33/V330 Manual (HKLM-x32\...\EPSON Perfection V33_V330 Manual) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - ) Free Word To PDF (HKLM-x32\...\Free Word To PDF_is1) (Version: - Free Word To PDF) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Packard Bell) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Packard Bell) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Packard Bell) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee LiveSafe  Internet Security (HKLM-x32\...\MSC) (Version: 14.0.207 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.1.10 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Money 5.0 (HKLM-x32\...\MSMONEYV50) (Version: - ) Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - ) Microsoft OneDrive (HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails) OpenVPN 2.3.4-I603 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I603 - ) Packard Bell Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Packard Bell) Packard Bell Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Packard Bell) Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Packard Bell) Packard Bell User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Packard Bell) Packard Bell User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Packard Bell) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Rapport (x32 Version: 3.5.1404.61 - Trusteer) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.1.0.0 - Denis Kozlov) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) SD40-2_Content_Update (HKLM-x32\...\{BF7C1B99-A250-45EF-B186-0C33B7308F95}) (Version: 1.00.0000 - Microsoft) Should I Remove It (HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - ) Train Sim Interface Quick Fix (HKLM-x32\...\Product_Name) (Version: - ) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-447272969-2236016177-1254936844-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-447272969-2236016177-1254936844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Roy\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 21-01-2015 08:59:48 End of disinfection 24-01-2015 14:51:04 Windows Update 28-01-2015 07:58:56 Windows Update 30-01-2015 12:09:24 Revo Uninstaller's restore point - Google Chrome 01-02-2015 16:32:56 Uniblue PC Mechanic installation 04-02-2015 19:34:43 Revo Uninstaller's restore point - RegCure Pro 07-02-2015 09:52:10 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 en-GB) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01A4BC1C-8D50-4BB4-B7BF-1B912AB9FF21} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {01FA84BD-D105-4322-A3A7-74E091FCBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OUR-COMPUTER-Roy Our-Computer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe Task: {079CD7ED-CBD1-40B1-844D-939E5DF4D44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.) Task: {19C778C9-0A7C-494B-A222-6916E3B5BCB3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>) Task: {31021582-DDB0-4376-B6A8-4F19FD6681AC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-447272969-2236016177-1254936844-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {35467A41-C40D-438E-A6D1-DE536BDBD2C6} - System32\Tasks\Quick Access => C:\Program Files\Packard Bell\Packard Bell Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate) Task: {374BAD0D-EC51-4759-BAA3-7342AB05FE88} - System32\Tasks\AviatorUpdateTask => Wscript.exe "C:\Program Files (x86)\WhiteHat\Aviator\Update\BatchLauncher.vbs" "C:\Program Files (x86)\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe" Task: {429AB8A2-ABCC-4F3C-BBAD-BDF06B68DFAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation) Task: {457DDC1E-E6B7-41D3-B47C-E136730BA66C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.) Task: {70CDB8A0-B8C9-4969-AE78-030D03E387DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {780931AB-1936-44C6-892C-C96F9F891B34} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated) Task: {893C0655-33E2-4947-9CB3-34526A73D3DC} - System32\Tasks\Sync-Toy Backup => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {B2E55DEF-A345-4843-BE63-F535EED05B79} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-07-08] () Task: {CD12957F-783E-4749-BB64-0C7D959D8B19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {E77DDC40-3CF2-4A04-A5F7-19DC1DC404B8} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Packard Bell\Packard Bell Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 1997-08-01 00:00 - 1997-08-01 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Roy\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-447272969-2236016177-1254936844-1001\Control Panel\Desktop\\Wallpaper -> ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "CanonMyPrinter" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service" HKLM\...\StartupApproved\Run32: => "cmsc" HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\StartupFolder: => "Download.lnk" HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Accounts: ============================= Administrator (S-1-5-21-447272969-2236016177-1254936844-500 - Administrator - Enabled) ASPNET (S-1-5-21-447272969-2236016177-1254936844-1005 - Limited - Enabled) Guest (S-1-5-21-447272969-2236016177-1254936844-501 - Limited - Disabled) Roy (S-1-5-21-447272969-2236016177-1254936844-1001 - Administrator - Enabled) => C:\Users\Roy ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 08:05:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 07:57:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 07:54:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:49:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:43:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 System errors: ============= Error: (02/07/2015 03:48:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingWeather. Error: (02/07/2015 03:31:52 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:05:52 on ‎07/‎02/‎2015 was unexpected. Error: (02/06/2015 05:39:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Error: (02/06/2015 05:39:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Home Network service did not respond on starting. Error: (02/06/2015 05:35:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 17:18:28 on ‎06/‎02/‎2015 was unexpected. Error: (02/06/2015 04:59:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (02/06/2015 04:12:58 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 17:47:12 on ‎05/‎02/‎2015 was unexpected. Error: (02/05/2015 05:07:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 17:03:04 on ‎05/‎02/‎2015 was unexpected. Error: (02/05/2015 01:00:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (02/05/2015 00:49:28 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:11:37 on ‎05/‎02/‎2015 was unexpected. Microsoft Office Sessions: ========================= Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 08:05:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 07:57:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/08/2015 07:54:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:49:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:48:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 Error: (02/07/2015 03:43:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER) Description: BrowserChoice_cw5n1h2txyewy1009 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Percentage of memory in use: 57% Total physical RAM: 8001.43 MB Available physical RAM: 3437.86 MB Total Pagefile: 9281.43 MB Available Pagefile: 4360.67 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:458.05 GB) (Free:400.46 GB) NTFS Drive d: (DATA) (Fixed) (Total:458.05 GB) (Free:455.21 GB) NTFS Drive f: (REMOTE HARD DRIVE) (Fixed) (Total:111.79 GB) (Free:85.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 941D88DE) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5619E95E) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================


----------



## RoyP (Sep 23, 2012)

Info as requested:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by Roy (administrator) on OUR-COMPUTER on 08-02-2015 08:53:02 Running from C:\Users\Roy\Downloads Loaded Profiles: Roy (Available profiles: Roy) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> services.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (acer) C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe Failed to access process -> csrss.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated) HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2014-11-25] (Kingsoft Corporation) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643576 2014-11-13] (McAfee, Inc.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation) HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk ShortcutTarget: Download.lnk -> C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada}\Download.exe () Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-447272969-2236016177-1254936844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-447272969-2236016177-1254936844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> DefaultScope {FF8375AB-D844-4E2A-B7A6-B3638DE5E3BE} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20150128&p={searchTerms} SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> {136E5A6A-7400-4785-B6FD-A0622F3CCB28} URL = SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> {FF8375AB-D844-4E2A-B7A6-B3638DE5E3BE} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20150128&p={searchTerms} BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default FF DefaultSearchEngine: Secure Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default\searchplugins\startpage-ssl.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Vertical Bookmarks Toolbar - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default\Extensions\[email protected] [2015-02-02] FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-28] FF HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-06] CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-01-25] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated) R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-25] (Kingsoft Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-01-30] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [660544 2014-12-04] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [604448 2014-12-17] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [228000 2014-12-19] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [312952 2014-12-20] (McAfee, Inc.) R3 mfevtp; C:\Windows\system32\mfevtps.exe [221320 2014-12-19] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.) S3 OpenVPNService; C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project) R3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.) R3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70984 2014-12-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-25] (Kingsoft Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [368904 2014-12-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [340192 2014-12-19] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [100080 2014-12-19] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82584 2014-12-19] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [532424 2014-12-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [886488 2014-12-19] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [482600 2014-11-08] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [100720 2014-11-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [349328 2014-12-19] (McAfee, Inc.) R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-14] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2014-12-22] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 08:53 - 2015-02-08 08:53 - 00019794 _____ () C:\Users\Roy\Downloads\FRST.txt 2015-02-08 08:52 - 2015-02-08 08:53 - 00000000 ____D () C:\FRST 2015-02-08 08:50 - 2015-02-08 08:50 - 02132992 _____ (Farbar) C:\Users\Roy\Desktop\FRST64.exe 2015-02-08 08:01 - 2015-02-08 08:01 - 00000000 ____D () C:\Users\Roy\Desktop\New folder 2015-02-08 07:56 - 2015-02-08 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-02-07 10:08 - 2015-02-07 10:08 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-07 10:08 - 2015-02-07 10:08 - 00001131 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-07 10:08 - 2015-02-07 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-06 17:35 - 2015-02-07 15:31 - 00000232 _____ () C:\Windows\setupact.log 2015-02-06 17:35 - 2015-02-06 17:35 - 00397960 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-06 17:35 - 2015-02-06 17:35 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-06 17:34 - 2015-02-07 15:31 - 00001080 _____ () C:\Windows\PFRO.log 2015-02-05 13:01 - 2015-02-05 17:08 - 00000000 ____D () C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada} 2015-02-05 10:11 - 2015-02-05 10:11 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\DigitalVolcano 2015-02-05 10:10 - 2015-02-05 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free 2015-02-05 10:10 - 2015-02-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner 2015-02-04 19:32 - 2015-02-04 19:32 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\ParetoLogic 2015-02-04 19:32 - 2015-02-04 19:32 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\DriverCure 2015-02-04 19:31 - 2015-02-04 19:35 - 00000000 ____D () C:\ProgramData\ParetoLogic 2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2015-02-04 15:03 - 2015-02-04 15:03 - 00000000 ____D () C:\Users\Roy\AppData\Local\Macromedia 2015-02-04 14:40 - 2015-02-07 17:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 14:40 - 2015-02-04 19:37 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-04 14:40 - 2015-02-04 19:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-02-04 14:34 - 2015-02-04 14:34 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2015-02-01 17:46 - 2015-02-01 17:46 - 00001586 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 3.lnk 2015-02-01 16:39 - 2015-02-01 16:39 - 00000000 ____D () C:\Program Files (x86)\UWT3 2015-02-01 09:45 - 2015-02-01 09:45 - 00001195 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk 2015-02-01 09:44 - 2015-02-01 09:44 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-02-01 09:44 - 2015-02-01 09:44 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-31 11:54 - 2015-01-31 14:58 - 00000000 ____D () C:\Users\Roy\Documents\Session 12 2015-01-30 12:03 - 2015-02-07 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-30 12:00 - 2015-01-30 12:00 - 00243344 _____ () C:\Users\Roy\Downloads\Firefox Setup Stub 35.0.1.exe 2015-01-28 14:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2015-01-28 14:10 - 2015-01-28 14:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2015-01-28 14:10 - 2014-12-19 10:51 - 00221320 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2015-01-25 16:31 - 2015-01-25 16:39 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OUR-COMPUTER-Roy Our-Computer 2015-01-25 16:31 - 2015-01-25 16:31 - 00003100 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-447272969-2236016177-1254936844-1001 2015-01-25 10:01 - 2015-01-25 10:02 - 00000000 ____D () C:\Program Files (x86)\SafeKey 2015-01-25 10:00 - 2015-02-06 16:13 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-01-25 10:00 - 2015-01-28 14:14 - 00000000 ____D () C:\Program Files\McAfee 2015-01-25 10:00 - 2015-01-25 10:00 - 00000000 ____D () C:\Program Files\McAfee.com 2015-01-25 10:00 - 2015-01-25 10:00 - 00000000 ____D () C:\Program Files (x86)\McAfee.com 2015-01-25 09:46 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-21 12:06 - 2015-01-21 12:06 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\LifeSniffer 2015-01-21 11:40 - 2015-01-21 11:40 - 00000000 ____D () C:\Users\Roy\Documents\den4b 2015-01-21 08:59 - 2015-01-21 09:00 - 00001041 _____ () C:\DelFix.txt 2015-01-21 07:57 - 2015-01-21 07:57 - 00000000 ____D () C:\Users\Roy\AppData\Local\FileViewPro 2015-01-21 07:56 - 2015-01-21 07:56 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\IsolatedStorage 2015-01-21 07:56 - 2015-01-21 07:56 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-01-21 07:55 - 2015-01-21 07:55 - 00000000 ____D () C:\Spacekace 2015-01-20 20:16 - 2015-01-20 20:16 - 00001558 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It.lnk 2015-01-20 20:16 - 2015-01-20 20:16 - 00001298 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean Master.lnk 2015-01-20 20:07 - 2015-01-20 20:07 - 00000000 ____D () C:\ProgramData\Caphyon 2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\Program Files (x86)\Disconnect 2015-01-20 20:05 - 2015-01-20 20:05 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\Disconnect 2015-01-20 08:55 - 2015-01-30 10:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-20 08:47 - 2015-01-20 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-20 08:47 - 2015-01-20 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-20 08:47 - 2015-01-20 08:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-20 08:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-20 08:47 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-20 08:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-19 20:13 - 2015-01-21 08:59 - 00000000 ____D () C:\Windows\ERUNT 2015-01-19 19:45 - 2015-01-19 19:45 - 00000000 ____D () C:\Users\Public\Documents\sun 2015-01-19 17:11 - 2015-01-19 19:40 - 00000000 ____D () C:\Windows\system32\log 2015-01-19 11:42 - 2015-01-19 11:42 - 00000000 ____D () C:\Windows\AUInstallAgent 2015-01-19 11:22 - 2015-01-19 11:22 - 00001516 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk 2015-01-19 11:22 - 2015-01-19 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3 2015-01-19 11:12 - 2015-02-08 07:54 - 00000000 ____D () C:\Users\Roy\OneDrive 2015-01-19 08:16 - 2014-04-15 23:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-19 08:16 - 2014-04-15 23:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-01-18 18:27 - 2015-01-20 15:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-18 17:32 - 2015-01-18 17:32 - 00000000 ____D () C:\Users\Roy\AppData\Local\Apps\2.0 2015-01-17 08:34 - 2015-01-17 08:34 - 00001454 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (2).lnk 2015-01-16 21:37 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Roy\AppData\Local\Aviator 2015-01-16 21:37 - 2015-01-16 21:37 - 00003628 _____ () C:\Windows\System32\Tasks\AviatorUpdateTask 2015-01-16 21:36 - 2015-01-16 21:36 - 00000000 ____D () C:\Users\Roy\AppData\Local\Downloaded Installations 2015-01-16 19:31 - 2015-01-16 19:31 - 00001087 _____ () C:\Users\Public\Desktop\Word To PDF.lnk 2015-01-16 19:31 - 2015-01-16 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Word To PDF 2015-01-16 19:31 - 2015-01-16 19:31 - 00000000 ____D () C:\Program Files (x86)\Free Word To PDF 2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-15 17:23 - 2015-02-07 09:54 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-15 17:23 - 2015-01-15 17:23 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\Mozilla 2015-01-15 17:23 - 2015-01-15 17:23 - 00000000 ____D () C:\Users\Roy\AppData\Local\Mozilla 2015-01-14 14:29 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 14:29 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 14:29 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 14:29 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 14:29 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 14:29 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 14:29 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 14:29 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 14:29 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 14:29 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 14:29 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 14:29 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 14:29 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 14:29 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 14:29 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 14:29 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 14:29 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 14:29 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 14:29 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 14:29 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 14:29 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 14:29 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 14:29 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 14:29 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 14:29 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 21:03 - 2015-01-09 21:03 - 00000000 ____D () C:\Users\Roy\Documents\Choir Spring 2015 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 08:12 - 2014-12-01 16:02 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-08 08:04 - 2014-11-27 09:48 - 01291078 _____ () C:\Windows\WindowsUpdate.log 2015-02-08 08:02 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-08 08:01 - 2014-11-25 15:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-447272969-2236016177-1254936844-1001 2015-02-08 07:56 - 2014-11-25 15:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA0F21F2-9223-4947-A9E2-E02AE76FC9A3} 2015-02-08 07:54 - 2014-12-01 16:02 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-07 16:19 - 2014-11-26 09:18 - 00000000 ____D () C:\Users\Roy\Documents\Quizes 2015-02-07 15:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-07 15:38 - 2014-03-18 10:03 - 00876144 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 15:32 - 2014-11-25 14:57 - 00000000 ____D () C:\Users\Roy 2015-02-07 15:31 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-06 16:29 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-05 14:39 - 2014-11-26 09:02 - 00000000 ____D () C:\Users\Roy\Documents\Accounts 2015-02-05 14:37 - 2014-11-28 19:34 - 00000000 ____D () C:\Users\Roy\AppData\Local\Adobe 2015-02-04 14:25 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Holidays 2015-02-04 09:07 - 2014-12-01 16:02 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-04 09:07 - 2014-12-01 16:02 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 19:31 - 2014-07-17 08:17 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 19:31 - 2014-07-17 08:17 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 17:50 - 2014-11-26 09:21 - 00000000 ____D () C:\Users\Roy\Documents\Walking 2015-02-03 17:47 - 2014-11-26 09:19 - 00000000 ____D () C:\Users\Roy\Documents\Railway 2015-02-01 16:58 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-01 09:51 - 2014-11-26 09:24 - 00000000 ____D () C:\Users\Roy\Documents\Computer 2015-02-01 07:58 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-31 11:31 - 2015-01-06 10:16 - 00001462 _____ () C:\Users\Roy\Sti_Trace.log 2015-01-30 20:35 - 2014-11-25 14:58 - 00000000 ____D () C:\Users\Roy\AppData\Local\Packages 2015-01-30 12:10 - 2014-11-25 15:14 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-29 15:55 - 2014-11-28 09:40 - 00000000 ____D () C:\Users\Roy\Documents\Homegroup 2015-01-28 20:44 - 2014-11-28 19:36 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-28 14:44 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Letters 2015-01-28 14:14 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-01-27 16:12 - 2014-11-30 19:36 - 00000000 ____D () C:\Users\Roy\AppData\Local\CrashDumps 2015-01-26 13:22 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Christian 2015-01-25 16:40 - 2014-11-26 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-01-25 09:47 - 2014-12-01 09:55 - 00000000 ____D () C:\Users\Roy\Documents\Symantec 2015-01-25 09:42 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-24 16:28 - 2014-12-03 10:31 - 00000000 ___RD () C:\Users\Roy\Documents\Photos 2015-01-24 16:28 - 2014-11-26 09:04 - 00000000 ____D () C:\Users\Roy\Documents\Maps 2015-01-23 16:05 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Manuals 2015-01-21 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-21 12:45 - 2014-11-26 14:10 - 00000000 ___HD () C:\ProgramData\ArcSoft 2015-01-21 12:45 - 2014-11-26 14:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft 2015-01-21 12:45 - 2014-09-14 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-21 12:24 - 2014-11-26 14:10 - 00000000 ____D () C:\Users\Roy\AppData\Local\ArcSoft 2015-01-21 12:24 - 2014-11-26 14:08 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\ArcSoft 2015-01-20 19:08 - 2014-11-25 15:38 - 00000081 _____ () C:\Users\Roy\Desktop\EMAIL.url 2015-01-20 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore 2015-01-20 15:51 - 2014-12-17 19:31 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\IHlpr 2015-01-20 15:35 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2015-01-19 20:39 - 2014-12-31 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader 2015-01-19 18:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-19 15:57 - 2013-08-22 13:25 - 00000194 _____ () C:\Windows\win.ini 2015-01-19 11:22 - 2014-11-26 11:04 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2015-01-19 11:12 - 2014-11-30 20:48 - 00000000 ___RD () C:\Users\Roy\OneDrive.old 2015-01-19 10:27 - 2014-12-31 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2015-01-17 17:54 - 2014-12-02 20:02 - 00003478 _____ () C:\Windows\System32\Tasks\Sync-Toy Backup 2015-01-17 17:37 - 2014-09-14 14:42 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros 2015-01-17 17:36 - 2014-09-14 14:43 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros 2015-01-17 17:07 - 2014-11-25 15:14 - 00000000 ____D () C:\Users\Roy\AppData\Local\Google 2015-01-15 15:54 - 2014-11-26 09:00 - 00729088 ___SH () C:\Users\Roy\Desktop\Thumbs.db 2015-01-15 08:40 - 2015-01-06 16:46 - 00000000 ____D () C:\Users\Roy\Documents\Tony 2015-01-14 15:16 - 2014-11-27 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2015-01-12 15:14 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Church 2015-01-10 08:58 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Art 2015-01-09 19:13 - 2014-11-26 09:27 - 00491008 ___SH () C:\Users\Roy\Documents\Thumbs.db ==================== Files in the root of some directories ======= 2015-01-25 10:01 - 2015-01-25 10:01 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-12-17 19:49 - 2014-12-24 12:34 - 0000000 _____ () C:\Users\Roy\AppData\Roaming\FileIn.cns 2014-12-17 19:49 - 2014-12-24 12:34 - 0000000 _____ () C:\Users\Roy\AppData\Roaming\FileOut.cns 2014-12-21 09:29 - 2014-12-21 09:29 - 0000091 _____ () C:\Users\Roy\AppData\Local\fusioncache.dat 2014-12-01 20:13 - 2014-12-01 20:13 - 0000017 _____ () C:\Users\Roy\AppData\Local\resmon.resmoncfg 2014-09-14 14:55 - 2014-09-14 14:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-02-01 16:40 - 2015-02-01 16:39 - 0019535 _____ () C:\ProgramData\empty.ico ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-06 18:00 ==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

It's very tedious to try to decipher the log the way you posted it but at first glance it appears it may be related to a PUP (Potentially Unwanted Programs) called Duplicate Free. Please open the Notepad logs and uncheck "word wrap" and then repost the logs.


----------



## Cookiegal (Aug 27, 2003)

Also please do the following:

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to the following file then click *Open* 

```
C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada}\Download.exe
```

Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


----------



## RoyP (Sep 23, 2012)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Roy at 2015-02-08 08:53:53
Running from C:\Users\Roy\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AnyRail5 (HKLM-x32\...\AnyRail5 5.18.1) (Version: 5.18.1 - DRail Modelspoor Software)
AnyRail5 (x32 Version: 5.18.1 - DRail Modelspoor Software) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
Apowersoft Free Audio Recorder V2.3.2 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.2 - APOWERSOFT LIMITED)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
Duplicate Cleaner Free 3.2.6 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd) <==== ATTENTION
EPSON Perfection V33/V330 Manual (HKLM-x32\...\EPSON Perfection V33_V330 Manual) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Free Word To PDF (HKLM-x32\...\Free Word To PDF_is1) (Version: - Free Word To PDF)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Packard Bell)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Packard Bell)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Packard Bell)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe  Internet Security (HKLM-x32\...\MSC) (Version: 14.0.207 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.1.10 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.189 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Money 5.0 (HKLM-x32\...\MSMONEYV50) (Version: - )
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
OpenVPN 2.3.4-I603 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I603 - )
Packard Bell Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Packard Bell)
Packard Bell Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Packard Bell)
Packard Bell User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Packard Bell)
Packard Bell User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Packard Bell)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Rapport (x32 Version: 3.5.1404.61 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.1.0.0 - Denis Kozlov)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SD40-2_Content_Update (HKLM-x32\...\{BF7C1B99-A250-45EF-B186-0C33B7308F95}) (Version: 1.00.0000 - Microsoft)
Should I Remove It (HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
Train Sim Interface Quick Fix (HKLM-x32\...\Product_Name) (Version: - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-447272969-2236016177-1254936844-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-447272969-2236016177-1254936844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Roy\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

21-01-2015 08:59:48 End of disinfection
24-01-2015 14:51:04 Windows Update
28-01-2015 07:58:56 Windows Update
30-01-2015 12:09:24 Revo Uninstaller's restore point - Google Chrome
01-02-2015 16:32:56 Uniblue PC Mechanic installation
04-02-2015 19:34:43 Revo Uninstaller's restore point - RegCure Pro
07-02-2015 09:52:10 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 en-GB)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01A4BC1C-8D50-4BB4-B7BF-1B912AB9FF21} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {01FA84BD-D105-4322-A3A7-74E091FCBA53} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OUR-COMPUTER-Roy Our-Computer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
Task: {079CD7ED-CBD1-40B1-844D-939E5DF4D44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: {19C778C9-0A7C-494B-A222-6916E3B5BCB3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {31021582-DDB0-4376-B6A8-4F19FD6681AC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-447272969-2236016177-1254936844-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {35467A41-C40D-438E-A6D1-DE536BDBD2C6} - System32\Tasks\Quick Access => C:\Program Files\Packard Bell\Packard Bell Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {374BAD0D-EC51-4759-BAA3-7342AB05FE88} - System32\Tasks\AviatorUpdateTask => Wscript.exe "C:\Program Files (x86)\WhiteHat\Aviator\Update\BatchLauncher.vbs" "C:\Program Files (x86)\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe"
Task: {429AB8A2-ABCC-4F3C-BBAD-BDF06B68DFAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {457DDC1E-E6B7-41D3-B47C-E136730BA66C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: {70CDB8A0-B8C9-4969-AE78-030D03E387DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {780931AB-1936-44C6-892C-C96F9F891B34} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {893C0655-33E2-4947-9CB3-34526A73D3DC} - System32\Tasks\Sync-Toy Backup => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {B2E55DEF-A345-4843-BE63-F535EED05B79} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-07-08] ()
Task: {CD12957F-783E-4749-BB64-0C7D959D8B19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {E77DDC40-3CF2-4A04-A5F7-19DC1DC404B8} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Packard Bell\Packard Bell Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

1997-08-01 00:00 - 1997-08-01 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Roy\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-447272969-2236016177-1254936844-1001\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "cmsc"
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\StartupFolder: => "Download.lnk"
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-447272969-2236016177-1254936844-500 - Administrator - Enabled)
ASPNET (S-1-5-21-447272969-2236016177-1254936844-1005 - Limited - Enabled)
Guest (S-1-5-21-447272969-2236016177-1254936844-501 - Limited - Disabled)
Roy (S-1-5-21-447272969-2236016177-1254936844-1001 - Administrator - Enabled) => C:\Users\Roy

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 08:05:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 07:57:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 07:54:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:49:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:43:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

System errors:
=============
Error: (02/07/2015 03:48:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingWeather.

Error: (02/07/2015 03:31:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:05:52 on ‎07/‎02/‎2015 was unexpected.

Error: (02/06/2015 05:39:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (02/06/2015 05:39:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service did not respond on starting.

Error: (02/06/2015 05:35:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:18:28 on ‎06/‎02/‎2015 was unexpected.

Error: (02/06/2015 04:59:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/06/2015 04:12:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:47:12 on ‎05/‎02/‎2015 was unexpected.

Error: (02/05/2015 05:07:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:03:04 on ‎05/‎02/‎2015 was unexpected.

Error: (02/05/2015 01:00:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/05/2015 00:49:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:11:37 on ‎05/‎02/‎2015 was unexpected.

Microsoft Office Sessions:
=========================
Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 08:45:50 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 08:05:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 07:57:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/08/2015 07:54:23 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:49:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:48:24 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

Error: (02/07/2015 03:43:23 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: OUR-COMPUTER)
Description: BrowserChoice_cw5n1h2txyewy1009

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 8001.43 MB
Available physical RAM: 3437.86 MB
Total Pagefile: 9281.43 MB
Available Pagefile: 4360.67 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:458.05 GB) (Free:400.46 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.05 GB) (Free:455.21 GB) NTFS
Drive f: (REMOTE HARD DRIVE) (Fixed) (Total:111.79 GB) (Free:85.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 941D88DE)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5619E95E)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## RoyP (Sep 23, 2012)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Roy (administrator) on OUR-COMPUTER on 08-02-2015 08:53:02
Running from C:\Users\Roy\Downloads
Loaded Profiles: Roy (Available profiles: Roy)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe
Failed to access process -> csrss.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2014-11-25] (Kingsoft Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643576 2014-11-13] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk
ShortcutTarget: Download.lnk -> C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada}\Download.exe ()
Startup: C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-447272969-2236016177-1254936844-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-447272969-2236016177-1254936844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> DefaultScope {FF8375AB-D844-4E2A-B7A6-B3638DE5E3BE} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20150128&p={searchTerms}
SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> {136E5A6A-7400-4785-B6FD-A0622F3CCB28} URL = 
SearchScopes: HKU\S-1-5-21-447272969-2236016177-1254936844-1001 -> {FF8375AB-D844-4E2A-B7A6-B3638DE5E3BE} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20150128&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default
FF DefaultSearchEngine: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Vertical Bookmarks Toolbar - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\jskgemcs.default\Extensions\[email protected] [2015-02-02]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-28]
FF HKU\S-1-5-21-447272969-2236016177-1254936844-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-01-25]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-25] (Kingsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-01-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [660544 2014-12-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [604448 2014-12-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [228000 2014-12-19] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [312952 2014-12-20] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [221320 2014-12-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
R3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70984 2014-12-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-25] (Kingsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [368904 2014-12-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [340192 2014-12-19] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [100080 2014-12-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82584 2014-12-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [532424 2014-12-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [886488 2014-12-19] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [482600 2014-11-08] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [100720 2014-11-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [349328 2014-12-19] (McAfee, Inc.)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-14] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [290520 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 08:53 - 2015-02-08 08:53 - 00019794 _____ () C:\Users\Roy\Downloads\FRST.txt
2015-02-08 08:52 - 2015-02-08 08:53 - 00000000 ____D () C:\FRST
2015-02-08 08:50 - 2015-02-08 08:50 - 02132992 _____ (Farbar) C:\Users\Roy\Desktop\FRST64.exe
2015-02-08 08:01 - 2015-02-08 08:01 - 00000000 ____D () C:\Users\Roy\Desktop\New folder
2015-02-08 07:56 - 2015-02-08 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-07 10:08 - 2015-02-07 10:08 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-07 10:08 - 2015-02-07 10:08 - 00001131 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-07 10:08 - 2015-02-07 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 17:35 - 2015-02-07 15:31 - 00000232 _____ () C:\Windows\setupact.log
2015-02-06 17:35 - 2015-02-06 17:35 - 00397960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 17:35 - 2015-02-06 17:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 17:34 - 2015-02-07 15:31 - 00001080 _____ () C:\Windows\PFRO.log
2015-02-05 13:01 - 2015-02-05 17:08 - 00000000 ____D () C:\ProgramData\{44a6f6b6-bfdc-5635-44a6-6f6b6bfddada}
2015-02-05 10:11 - 2015-02-05 10:11 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\DigitalVolcano
2015-02-05 10:10 - 2015-02-05 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2015-02-05 10:10 - 2015-02-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner
2015-02-04 19:32 - 2015-02-04 19:32 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\ParetoLogic
2015-02-04 19:32 - 2015-02-04 19:32 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\DriverCure
2015-02-04 19:31 - 2015-02-04 19:35 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-02-04 15:03 - 2015-02-04 15:03 - 00000000 ____D () C:\Users\Roy\AppData\Local\Macromedia
2015-02-04 14:40 - 2015-02-07 17:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 14:40 - 2015-02-04 19:37 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:40 - 2015-02-04 19:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-04 14:34 - 2015-02-04 14:34 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-02-01 17:46 - 2015-02-01 17:46 - 00001586 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 3.lnk
2015-02-01 16:39 - 2015-02-01 16:39 - 00000000 ____D () C:\Program Files (x86)\UWT3
2015-02-01 09:45 - 2015-02-01 09:45 - 00001195 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2015-02-01 09:44 - 2015-02-01 09:44 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-01 09:44 - 2015-02-01 09:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-31 11:54 - 2015-01-31 14:58 - 00000000 ____D () C:\Users\Roy\Documents\Session 12
2015-01-30 12:03 - 2015-02-07 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:00 - 2015-01-30 12:00 - 00243344 _____ () C:\Users\Roy\Downloads\Firefox Setup Stub 35.0.1.exe
2015-01-28 14:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-01-28 14:10 - 2015-01-28 14:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-28 14:10 - 2014-12-19 10:51 - 00221320 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-01-25 16:31 - 2015-01-25 16:39 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for OUR-COMPUTER-Roy Our-Computer
2015-01-25 16:31 - 2015-01-25 16:31 - 00003100 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-447272969-2236016177-1254936844-1001
2015-01-25 10:01 - 2015-01-25 10:02 - 00000000 ____D () C:\Program Files (x86)\SafeKey
2015-01-25 10:00 - 2015-02-06 16:13 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-25 10:00 - 2015-01-28 14:14 - 00000000 ____D () C:\Program Files\McAfee
2015-01-25 10:00 - 2015-01-25 10:00 - 00000000 ____D () C:\Program Files\McAfee.com
2015-01-25 10:00 - 2015-01-25 10:00 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-01-25 09:46 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-21 12:06 - 2015-01-21 12:06 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\LifeSniffer
2015-01-21 11:40 - 2015-01-21 11:40 - 00000000 ____D () C:\Users\Roy\Documents\den4b
2015-01-21 08:59 - 2015-01-21 09:00 - 00001041 _____ () C:\DelFix.txt
2015-01-21 07:57 - 2015-01-21 07:57 - 00000000 ____D () C:\Users\Roy\AppData\Local\FileViewPro
2015-01-21 07:56 - 2015-01-21 07:56 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\IsolatedStorage
2015-01-21 07:56 - 2015-01-21 07:56 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-21 07:55 - 2015-01-21 07:55 - 00000000 ____D () C:\Spacekace
2015-01-20 20:16 - 2015-01-20 20:16 - 00001558 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It.lnk
2015-01-20 20:16 - 2015-01-20 20:16 - 00001298 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean Master.lnk
2015-01-20 20:07 - 2015-01-20 20:07 - 00000000 ____D () C:\ProgramData\Caphyon
2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-20 20:06 - 2015-01-20 20:06 - 00000000 ____D () C:\Program Files (x86)\Disconnect
2015-01-20 20:05 - 2015-01-20 20:05 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\Disconnect
2015-01-20 08:55 - 2015-01-30 10:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 08:47 - 2015-01-20 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-20 08:47 - 2015-01-20 08:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-20 08:47 - 2015-01-20 08:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 08:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-20 08:47 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-20 08:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-19 20:13 - 2015-01-21 08:59 - 00000000 ____D () C:\Windows\ERUNT
2015-01-19 19:45 - 2015-01-19 19:45 - 00000000 ____D () C:\Users\Public\Documents\sun
2015-01-19 17:11 - 2015-01-19 19:40 - 00000000 ____D () C:\Windows\system32\log
2015-01-19 11:42 - 2015-01-19 11:42 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-01-19 11:22 - 2015-01-19 11:22 - 00001516 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2015-01-19 11:22 - 2015-01-19 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-01-19 11:12 - 2015-02-08 07:54 - 00000000 ____D () C:\Users\Roy\OneDrive
2015-01-19 08:16 - 2014-04-15 23:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-19 08:16 - 2014-04-15 23:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-18 18:27 - 2015-01-20 15:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-18 17:32 - 2015-01-18 17:32 - 00000000 ____D () C:\Users\Roy\AppData\Local\Apps\2.0
2015-01-17 08:34 - 2015-01-17 08:34 - 00001454 _____ () C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (2).lnk
2015-01-16 21:37 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Roy\AppData\Local\Aviator
2015-01-16 21:37 - 2015-01-16 21:37 - 00003628 _____ () C:\Windows\System32\Tasks\AviatorUpdateTask
2015-01-16 21:36 - 2015-01-16 21:36 - 00000000 ____D () C:\Users\Roy\AppData\Local\Downloaded Installations
2015-01-16 19:31 - 2015-01-16 19:31 - 00001087 _____ () C:\Users\Public\Desktop\Word To PDF.lnk
2015-01-16 19:31 - 2015-01-16 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Word To PDF
2015-01-16 19:31 - 2015-01-16 19:31 - 00000000 ____D () C:\Program Files (x86)\Free Word To PDF
2015-01-15 17:30 - 2015-01-15 17:30 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-15 17:23 - 2015-02-07 09:54 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-15 17:23 - 2015-01-15 17:23 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\Mozilla
2015-01-15 17:23 - 2015-01-15 17:23 - 00000000 ____D () C:\Users\Roy\AppData\Local\Mozilla
2015-01-14 14:29 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:29 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:29 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 14:29 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 14:29 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 14:29 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 14:29 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 14:29 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:29 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 14:29 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 14:29 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 14:29 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 14:29 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 14:29 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 14:29 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 14:29 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 14:29 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 14:29 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 14:29 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 14:29 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 14:29 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 14:29 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 14:29 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 14:29 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 14:29 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 21:03 - 2015-01-09 21:03 - 00000000 ____D () C:\Users\Roy\Documents\Choir Spring 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 08:12 - 2014-12-01 16:02 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 08:04 - 2014-11-27 09:48 - 01291078 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 08:02 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-08 08:01 - 2014-11-25 15:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-447272969-2236016177-1254936844-1001
2015-02-08 07:56 - 2014-11-25 15:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA0F21F2-9223-4947-A9E2-E02AE76FC9A3}
2015-02-08 07:54 - 2014-12-01 16:02 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 16:19 - 2014-11-26 09:18 - 00000000 ____D () C:\Users\Roy\Documents\Quizes
2015-02-07 15:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 15:38 - 2014-03-18 10:03 - 00876144 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 15:32 - 2014-11-25 14:57 - 00000000 ____D () C:\Users\Roy
2015-02-07 15:31 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 16:29 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-05 14:39 - 2014-11-26 09:02 - 00000000 ____D () C:\Users\Roy\Documents\Accounts
2015-02-05 14:37 - 2014-11-28 19:34 - 00000000 ____D () C:\Users\Roy\AppData\Local\Adobe
2015-02-04 14:25 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Holidays
2015-02-04 09:07 - 2014-12-01 16:02 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 09:07 - 2014-12-01 16:02 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 19:31 - 2014-07-17 08:17 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 19:31 - 2014-07-17 08:17 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 17:50 - 2014-11-26 09:21 - 00000000 ____D () C:\Users\Roy\Documents\Walking
2015-02-03 17:47 - 2014-11-26 09:19 - 00000000 ____D () C:\Users\Roy\Documents\Railway
2015-02-01 16:58 - 2013-08-22 15:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 09:51 - 2014-11-26 09:24 - 00000000 ____D () C:\Users\Roy\Documents\Computer
2015-02-01 07:58 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-31 11:31 - 2015-01-06 10:16 - 00001462 _____ () C:\Users\Roy\Sti_Trace.log
2015-01-30 20:35 - 2014-11-25 14:58 - 00000000 ____D () C:\Users\Roy\AppData\Local\Packages
2015-01-30 12:10 - 2014-11-25 15:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-29 15:55 - 2014-11-28 09:40 - 00000000 ____D () C:\Users\Roy\Documents\Homegroup
2015-01-28 20:44 - 2014-11-28 19:36 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-28 14:44 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Letters
2015-01-28 14:14 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-27 16:12 - 2014-11-30 19:36 - 00000000 ____D () C:\Users\Roy\AppData\Local\CrashDumps
2015-01-26 13:22 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Christian
2015-01-25 16:40 - 2014-11-26 14:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-25 09:47 - 2014-12-01 09:55 - 00000000 ____D () C:\Users\Roy\Documents\Symantec
2015-01-25 09:42 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-24 16:28 - 2014-12-03 10:31 - 00000000 ___RD () C:\Users\Roy\Documents\Photos
2015-01-24 16:28 - 2014-11-26 09:04 - 00000000 ____D () C:\Users\Roy\Documents\Maps
2015-01-23 16:05 - 2014-11-26 09:25 - 00000000 ____D () C:\Users\Roy\Documents\Manuals
2015-01-21 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-21 12:45 - 2014-11-26 14:10 - 00000000 ___HD () C:\ProgramData\ArcSoft
2015-01-21 12:45 - 2014-11-26 14:09 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2015-01-21 12:45 - 2014-09-14 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-21 12:24 - 2014-11-26 14:10 - 00000000 ____D () C:\Users\Roy\AppData\Local\ArcSoft
2015-01-21 12:24 - 2014-11-26 14:08 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\ArcSoft
2015-01-20 19:08 - 2014-11-25 15:38 - 00000081 _____ () C:\Users\Roy\Desktop\EMAIL.url
2015-01-20 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-20 15:51 - 2014-12-17 19:31 - 00000000 ____D () C:\Users\Roy\AppData\Roaming\IHlpr
2015-01-20 15:35 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-19 20:39 - 2014-12-31 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-01-19 18:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-19 15:57 - 2013-08-22 13:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-19 11:22 - 2014-11-26 11:04 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-01-19 11:12 - 2014-11-30 20:48 - 00000000 ___RD () C:\Users\Roy\OneDrive.old
2015-01-19 10:27 - 2014-12-31 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-01-17 17:54 - 2014-12-02 20:02 - 00003478 _____ () C:\Windows\System32\Tasks\Sync-Toy Backup
2015-01-17 17:37 - 2014-09-14 14:42 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2015-01-17 17:36 - 2014-09-14 14:43 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-01-17 17:07 - 2014-11-25 15:14 - 00000000 ____D () C:\Users\Roy\AppData\Local\Google
2015-01-15 15:54 - 2014-11-26 09:00 - 00729088 ___SH () C:\Users\Roy\Desktop\Thumbs.db
2015-01-15 08:40 - 2015-01-06 16:46 - 00000000 ____D () C:\Users\Roy\Documents\Tony
2015-01-14 15:16 - 2014-11-27 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-12 15:14 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Church
2015-01-10 08:58 - 2014-11-26 09:23 - 00000000 ____D () C:\Users\Roy\Documents\Art
2015-01-09 19:13 - 2014-11-26 09:27 - 00491008 ___SH () C:\Users\Roy\Documents\Thumbs.db

==================== Files in the root of some directories =======

2015-01-25 10:01 - 2015-01-25 10:01 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-12-17 19:49 - 2014-12-24 12:34 - 0000000 _____ () C:\Users\Roy\AppData\Roaming\FileIn.cns
2014-12-17 19:49 - 2014-12-24 12:34 - 0000000 _____ () C:\Users\Roy\AppData\Roaming\FileOut.cns
2014-12-21 09:29 - 2014-12-21 09:29 - 0000091 _____ () C:\Users\Roy\AppData\Local\fusioncache.dat
2014-12-01 20:13 - 2014-12-01 20:13 - 0000017 _____ () C:\Users\Roy\AppData\Local\resmon.resmoncfg
2014-09-14 14:55 - 2014-09-14 14:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-01 16:40 - 2015-02-01 16:39 - 0019535 _____ () C:\ProgramData\empty.ico

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-06 18:00

==================== End Of Log ============================


----------



## RoyP (Sep 23, 2012)

Cookiegal said:


> Also please do the following:
> 
> Please go to *VirusTotal* and upload the following file for scanning.
> 
> ...


Wa about to do this and went to find the file clicked open and my McAfee kicked in and deleted the lot, so I assume that answers my question and all is well.

Thanks for all your time.


----------



## Cookiegal (Aug 27, 2003)

Please download ADWCleaner. Click on the *Download Now* button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the *Scan* button. It may take several minutes to complete. When it is done click on the *Logfile* button and copy and paste the log here please.


----------



## RoyP (Sep 23, 2012)

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\CoinisRS
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\CoinisRS
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-GB)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1198 bytes] - [08/02/2015 19:51:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1257 bytes] ##########


----------



## Cookiegal (Aug 27, 2003)

I would recommend uninstalling Uniblue PC Mechanic. 

Then run AdwCleaner again and this time select the "Cleaning" option and post the new log.


----------



## RoyP (Sep 23, 2012)

Cookiegal said:


> I would recommend uninstalling Uniblue PC Mechanic.
> 
> Then run AdwCleaner again and this time select the "Cleaning" option and post the new log.


Where would I find this file to uninstall it, sorry if this is a dumb question!


----------



## Cookiegal (Aug 27, 2003)

OK, I see it's not listed in programs so just run AdwCleaner and allow it to clean everything.


----------

