Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
akamaihd.net popup removal help
Message
<blockquote data-quote="Meri" data-source="post: 450584" data-attributes="member: 45261"><p>[Code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015</p><p>Ran by Robert (administrator) on TRADINGPC (14-11-2015 14:54:14)</p><p>Running from C:\Users\Robert\Downloads</p><p>Loaded Profiles: Robert (Available Profiles: Robert)</p><p>Platform: Windows 8 Pro (X64) Language: English (United Kingdom)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe</p><p>(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)</p><p>HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12709688 2015-11-06] (Zemana Ltd.)</p><p>HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()</p><p>HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)</p><p>HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)</p><p>HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe</p><p>HKLM\...\Policies\Explorer: [NoFolderOptions] 0</p><p>HKLM\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-21-691498483-823551374-2398540852-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)</p><p>HKU\S-1-5-21-691498483-823551374-2398540852-1001\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64"</p><p>HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()</p><p>ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)</p><p>ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)</p><p>ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-01-22]</p><p>ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)</p><p>GroupPolicy: Restriction - Chrome <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</p><p>Tcpip\..\Interfaces\{db557b09-89db-4c31-8e38-9ae5f3b5937b}: [DhcpNameServer] 192.0.2.3</p><p>Tcpip\..\Interfaces\{fab6f22f-af02-4439-a37b-32846f5d398d}: [DhcpNameServer] 192.168.0.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL]</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-691498483-823551374-2398540852-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=APJB</p><p>SearchScopes: HKLM -> DefaultScope {55558A7A-1C43-4FE6-8C57-B3A5339E298B} URL = </p><p>SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> OldSearch URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151024&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> {55558A7A-1C43-4FE6-8C57-B3A5339E298B} URL = </p><p>BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)</p><p>BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)</p><p>BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-22] (McAfee)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)</p><p>BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)</p><p>BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-22] (McAfee)</p><p>Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-22] (McAfee)</p><p>Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)</p><p>Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-22] (McAfee)</p><p>Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)</p><p>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)</p><p>Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)</p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)</p><p>Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)</p><p>Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)</p><p>Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)</p><p>Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)</p><p></p><p>Edge: </p><p>======</p><p>Edge HomeButtonPage: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w2fromb7.default</p><p>FF SearchEngineOrder.1: Secure Search</p><p>FF SelectedSearchEngine: Default</p><p>FF Homepage: [URL="http://www.google.com"]www.google.com[/URL]</p><p>FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)</p><p>FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()</p><p>FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-11] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-10] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-10] (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-691498483-823551374-2398540852-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-15] (Citrix Online)</p><p>FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w2fromb7.default\searchplugins\McSiteAdvisor.xml [2015-11-13]</p><p>FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi</p><p>FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi</p><p>FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK</p><p>FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-12] [not signed]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUd10PAgESQhgacl0LTA1DFQYOIg4JAxREGAVAcloPUgwTGQMFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4="</p><p>CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-10]</p><p>CHR Extension: (McAfee SafeKey) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-11-10]</p><p>CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10]</p><p>CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10]</p><p>CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10]</p><p>CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]</p><p>CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10]</p><p>CHR Extension: (SiteAdvisor) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-10]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-11]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10]</p><p>CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10]</p><p>CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12]</p><p>CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-01-10]</p><p>CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-10] (Acer Incorporated)</p><p>R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)</p><p>S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-14] (SurfRight B.V.)</p><p>R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)</p><p>R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)</p><p>S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18064 2015-04-18] ()</p><p>R2 Intel(R) Technology Access Legacy CS Loader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [144128 2015-07-31] (Intel(R) Corporation)</p><p>R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [481536 2015-07-31] (Intel(R) Corporation)</p><p>S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)</p><p>S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)</p><p>S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)</p><p>S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-06] (McAfee, Inc.)</p><p>R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)</p><p>R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)</p><p>R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)</p><p>R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)</p><p>R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)</p><p>R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)</p><p>R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)</p><p>S3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)</p><p>S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()</p><p>S3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)</p><p>R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12709688 2015-11-06] (Zemana Ltd.)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 athr; C:\Windows\System32\drivers\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)</p><p>R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)</p><p>R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)</p><p>R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)</p><p>R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)</p><p>R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)</p><p>R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)</p><p>S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)</p><p>R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)</p><p>R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)</p><p>R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)</p><p>S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)</p><p>R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-06] (McAfee, Inc.)</p><p>R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)</p><p>R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-01-11] (Nicomsoft Ltd.)</p><p>R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)</p><p>R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67832 2015-05-19] (Intel Corporation)</p><p>R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)</p><p>R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)</p><p>S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()</p><p>S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)</p><p>R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)</p><p>R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)</p><p>R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [199536 2015-11-14] (Zemana Ltd.)</p><p>R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [199536 2015-11-14] (Zemana Ltd.)</p><p>S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-14 14:54 - 2015-11-14 14:54 - 00021994 _____ C:\Users\Robert\Downloads\FRST.txt</p><p>2015-11-14 14:54 - 2015-11-14 14:54 - 00000000 ____D C:\FRST</p><p>2015-11-14 14:53 - 2015-11-14 14:54 - 02198528 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe</p><p>2015-11-14 14:47 - 2015-11-14 14:47 - 00001061 _____ C:\Users\Robert\Desktop\JRT.txt</p><p>2015-11-14 14:44 - 2015-11-14 14:44 - 00000102 _____ C:\Users\Robert\Desktop\atenmpst.txt</p><p>2015-11-14 14:43 - 2015-11-14 14:43 - 01801288 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe</p><p>2015-11-14 14:40 - 2014-04-16 22:08 - 00658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2419769.exe</p><p>2015-11-14 14:39 - 2015-11-14 14:39 - 00016148 _____ C:\WINDOWS\system32\TRADINGPC_Robert_HistoryPrediction.bin</p><p>2015-11-14 14:34 - 2015-11-14 14:54 - 01982665 _____ C:\WINDOWS\ZAM.krnl.trace</p><p>2015-11-14 14:34 - 2015-11-14 14:46 - 00005162 _____ C:\WINDOWS\ZAM_Guard.krnl.trace</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 05278464 _____ ( ) C:\Users\Robert\Downloads\Zemana.AntiMalware.Setup (1).exe</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00199536 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00199536 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00001229 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Zemana</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware</p><p>2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware</p><p>2015-11-14 14:33 - 2015-11-14 14:34 - 05278464 _____ ( ) C:\Users\Robert\Downloads\Zemana.AntiMalware.Setup.exe</p><p>2015-11-14 14:16 - 2015-11-14 14:16 - 01729536 _____ C:\Users\Robert\Downloads\adwcleaner_5.020 (1).exe</p><p>2015-11-14 14:14 - 2015-11-14 14:14 - 04383048 _____ (Google) C:\Users\Robert\Downloads\chrome_cleanup_tool.exe</p><p>2015-11-14 14:14 - 2015-11-14 14:14 - 00000264 _____ C:\Users\Robert\Downloads\debug.log</p><p>2015-11-14 14:09 - 2015-11-14 14:09 - 00000000 ___HD C:\OneDriveTemp</p><p>2015-11-14 14:07 - 2015-11-14 14:07 - 00002690 _____ C:\WINDOWS\system32\.crusader</p><p>2015-11-14 13:36 - 2015-11-14 14:07 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2015-11-14 13:36 - 2015-11-14 13:36 - 00001974 _____ C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2015-11-14 13:36 - 2015-11-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2015-11-14 13:36 - 2015-11-14 13:36 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2015-11-14 13:35 - 2015-11-14 13:36 - 11337112 _____ (SurfRight B.V.) C:\Users\Robert\Downloads\HitmanPro_x64.exe</p><p>2015-11-14 13:16 - 2015-11-14 14:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-11-14 13:15 - 2015-11-14 13:15 - 22908888 _____ (Malwarebytes ) C:\Users\Robert\Downloads\mbam-setup-web.NT-2.2.0.1024.exe</p><p>2015-11-14 13:15 - 2015-11-14 13:15 - 00001183 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-11-14 13:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys</p><p>2015-11-14 13:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys</p><p>2015-11-14 13:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2015-11-14 12:50 - 2015-11-14 14:19 - 00000000 ____D C:\AdwCleaner</p><p>2015-11-14 12:49 - 2015-11-14 12:49 - 01729536 _____ C:\Users\Robert\Downloads\adwcleaner_5.020.exe</p><p>2015-11-14 12:41 - 2015-11-14 14:34 - 00000486 _____ C:\Users\Robert\Desktop\malwa.txt</p><p>2015-11-14 12:32 - 2015-11-14 12:32 - 00772016 _____ (Reimage®) C:\Users\Robert\Downloads\ReimageRepair.exe</p><p>2015-11-14 12:23 - 2015-11-14 12:23 - 00000291 _____ C:\Users\Robert\Desktop\winsock.txt</p><p>2015-11-14 12:09 - 2015-11-14 12:09 - 00000000 ____D C:\WINDOWS\LastGood</p><p>2015-11-13 21:35 - 2015-11-13 21:35 - 00000000 ____D C:\Users\Robert\AppData\Roaming\WildTangent</p><p>2015-11-13 16:57 - 2015-11-13 19:50 - 00000000 ____D C:\Users\Robert\AppData\Local\Mozilla</p><p>2015-11-13 16:57 - 2015-11-13 19:42 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Mozilla</p><p>2015-11-12 23:01 - 2015-11-12 23:01 - 00010162 _____ C:\Users\Robert\Downloads\TN 12th Nov.xlsx</p><p>2015-11-12 20:40 - 2015-11-12 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp</p><p>2015-11-11 18:45 - 2015-11-11 18:45 - 02909696 _____ C:\Users\Robert\Downloads\TIFEOMEquity (5).xls</p><p>2015-11-11 07:03 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2015-11-11 07:03 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll</p><p>2015-11-11 07:03 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys</p><p>2015-11-11 07:03 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys</p><p>2015-11-11 07:03 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll</p><p>2015-11-11 07:03 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2015-11-11 07:03 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll</p><p>2015-11-11 07:03 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe</p><p>2015-11-11 07:03 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys</p><p>2015-11-11 07:03 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe</p><p>2015-11-11 07:03 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe</p><p>2015-11-11 07:03 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll</p><p>2015-11-11 07:03 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe</p><p>2015-11-11 07:03 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys</p><p>2015-11-11 07:03 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys</p><p>2015-11-11 07:03 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll</p><p>2015-11-11 07:03 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll</p><p>2015-11-10 20:45 - 2015-11-10 20:45 - 00002344 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-11-10 20:45 - 2015-11-10 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2015-11-10 20:44 - 2015-11-14 14:49 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-11-10 20:44 - 2015-11-14 14:21 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-11-10 20:44 - 2015-11-10 20:44 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2015-11-10 20:44 - 2015-11-10 20:44 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2015-11-10 20:43 - 2015-11-10 20:44 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment</p><p>2015-11-01 19:03 - 2015-11-02 18:45 - 00390679 _____ C:\Users\Robert\Downloads\TT Stops (2).xlsx</p><p>2015-10-31 14:26 - 2015-11-12 23:01 - 00010150 _____ C:\Users\Robert\Downloads\TN 29th Oct (1).xlsx</p><p>2015-10-31 14:26 - 2015-10-31 14:26 - 02939392 _____ C:\Users\Robert\Downloads\TT Monthly (2).xls</p><p>2015-10-30 21:43 - 2015-10-30 21:43 - 02939392 _____ C:\Users\Robert\Downloads\TT Monthly (1).xls</p><p>2015-10-30 19:53 - 2015-10-30 19:53 - 00003392 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform</p><p>2015-10-29 22:14 - 2015-10-29 22:14 - 00010115 _____ C:\Users\Robert\Downloads\TN 29th Oct.xlsx</p><p>2015-10-26 21:53 - 2015-10-26 21:53 - 00105472 _____ C:\Users\Robert\Downloads\ICE-OJF2015.xls</p><p>2015-10-26 21:53 - 2015-10-26 21:53 - 00105472 _____ C:\Users\Robert\Downloads\ICE-OJF2015 (1).xls</p><p>2015-10-26 21:46 - 2015-10-26 21:46 - 00346506 _____ C:\Users\Robert\Downloads\TT Stops (1).xlsx</p><p>2015-10-26 07:03 - 2015-10-26 07:03 - 00002070 _____ C:\Users\Public\Desktop\abPhoto.lnk</p><p>2015-10-23 20:01 - 2015-10-23 20:01 - 00108277 _____ C:\Users\Robert\Downloads\TT Stops.xlsx</p><p>2015-10-21 16:57 - 2015-10-21 16:57 - 00109568 _____ C:\Users\Robert\Downloads\ICE-SBH2015.xls</p><p>2015-10-21 16:57 - 2015-10-21 16:57 - 00108544 _____ C:\Users\Robert\Downloads\ICE-SBH2014.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00110592 _____ C:\Users\Robert\Downloads\ICE-SBH2011.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00109056 _____ C:\Users\Robert\Downloads\ICE-SBH2012.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00108032 _____ C:\Users\Robert\Downloads\ICE-SBH2013.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00073216 _____ C:\Users\Robert\Downloads\ICE-SBH2010.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00070656 _____ C:\Users\Robert\Downloads\ICE-SBH2008.xls</p><p>2015-10-21 16:56 - 2015-10-21 16:56 - 00068096 _____ C:\Users\Robert\Downloads\ICE-SBH2009.xls</p><p>2015-10-21 16:42 - 2015-10-21 16:42 - 02911744 _____ C:\Users\Robert\Downloads\TT Monthly.xls</p><p>2015-10-21 16:28 - 2015-10-21 16:28 - 00003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud</p><p>2015-10-21 16:28 - 2015-10-21 16:28 - 00002093 _____ C:\Users\Public\Desktop\Acer Portal.lnk</p><p>2015-10-21 16:25 - 2015-10-21 16:25 - 00002034 _____ C:\Users\Public\Desktop\abDocs.lnk</p><p>2015-10-19 16:19 - 2015-10-19 16:19 - 00003886 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d</p><p>2015-10-19 16:19 - 2015-10-19 16:19 - 00003652 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon</p><p>2015-10-19 16:19 - 2015-10-19 16:19 - 00000000 ____D C:\Program Files (x86)\Intel Corporation</p><p>2015-10-18 18:26 - 2015-10-18 18:26 - 02874880 _____ C:\Users\Robert\Downloads\TIFEOMEquity (4).xls</p><p>2015-10-18 18:26 - 2015-10-18 18:26 - 01501184 _____ C:\Users\Robert\Downloads\Historical Prices 2 - averages daily moves.xls</p><p>2015-10-18 18:17 - 2015-10-18 18:17 - 01492992 _____ C:\Users\Robert\Downloads\Historical Prices 2 (1).xls</p><p>2015-10-17 21:31 - 2015-11-01 20:29 - 00009950 _____ C:\Users\Robert\Documents\Christmas list.xlsx</p><p>2015-10-17 16:05 - 2015-10-17 16:05 - 00070656 _____ C:\Users\Robert\Downloads\ICE-OJU2016.xls</p><p>2015-10-17 16:04 - 2015-10-17 16:04 - 00038400 _____ C:\Users\Robert\Downloads\CME-FCU2015.xls</p><p>2015-10-17 16:03 - 2015-10-17 16:03 - 00081920 _____ C:\Users\Robert\Downloads\CME-OU2015.xls</p><p>2015-10-17 15:57 - 2015-10-17 15:57 - 00083456 _____ C:\Users\Robert\Downloads\CME-BOU2015.xls</p><p>2015-10-17 15:57 - 2015-10-17 15:57 - 00082944 _____ C:\Users\Robert\Downloads\CME-SMU2015.xls</p><p>2015-10-17 12:06 - 2015-10-17 12:06 - 00056320 _____ C:\Users\Robert\Downloads\CME-LCV2015.xls</p><p>2015-10-17 12:03 - 2015-10-17 12:04 - 00770560 _____ C:\Users\Robert\Downloads\Historical Prices 2.xls</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-14 14:49 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Personal</p><p>2015-11-14 14:45 - 2015-01-10 17:52 - 00000000 ___RD C:\Users\Robert\OneDrive</p><p>2015-11-14 14:40 - 2014-07-17 08:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games</p><p>2015-11-14 14:40 - 2014-07-17 08:19 - 00000000 ____D C:\Program Files (x86)\WildGames</p><p>2015-11-14 14:26 - 2015-01-10 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee</p><p>2015-11-14 14:24 - 2015-08-25 18:30 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-11-14 14:21 - 2015-08-25 18:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat</p><p>2015-11-14 14:21 - 2015-07-10 12:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log</p><p>2015-11-14 14:20 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2015-11-14 14:20 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI</p><p>2015-11-14 14:19 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru</p><p>2015-11-14 14:14 - 2015-01-10 17:57 - 00000000 ____D C:\Users\Robert\AppData\Local\CrashDumps</p><p>2015-11-14 14:11 - 2015-01-15 22:01 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-691498483-823551374-2398540852-1001.job</p><p>2015-11-14 14:08 - 2015-08-25 18:12 - 00033446 _____ C:\WINDOWS\PFRO.log</p><p>2015-11-14 13:48 - 2015-06-06 11:49 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-691498483-823551374-2398540852-1001.job</p><p>2015-11-14 12:30 - 2015-01-10 17:49 - 00000000 ____D C:\Users\Robert\AppData\Local\SweetLabs App Platform</p><p>2015-11-14 12:26 - 2015-08-25 18:17 - 00000000 ____D C:\Users\Robert</p><p>2015-11-14 12:18 - 2015-01-10 17:54 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB34D5BE-E2BC-40F8-86B0-4EA269F8C1A3}</p><p>2015-11-14 12:09 - 2015-01-10 18:43 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2015-11-13 21:35 - 2014-07-17 08:19 - 00000000 ____D C:\ProgramData\WildTangent</p><p>2015-11-13 21:35 - 2014-07-17 08:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games</p><p>2015-11-13 21:34 - 2015-01-23 21:01 - 00000000 ____D C:\Users\Robert\Documents\NinjaTrader 7</p><p>2015-11-13 20:48 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness</p><p>2015-11-13 16:58 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy</p><p>2015-11-12 21:58 - 2015-01-10 17:50 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages</p><p>2015-11-12 21:16 - 2015-06-06 11:49 - 00003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-691498483-823551374-2398540852-1001</p><p>2015-11-12 21:16 - 2015-01-15 22:01 - 00003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-691498483-823551374-2398540852-1001</p><p>2015-11-12 20:39 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache</p><p>2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB</p><p>2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\en-GB</p><p>2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser</p><p>2015-11-11 20:58 - 2015-02-28 10:33 - 00000000 ____D C:\Users\Robert\Documents\Jobs</p><p>2015-11-11 07:11 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp</p><p>2015-11-11 07:11 - 2015-01-14 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2015-11-11 07:08 - 2015-01-14 19:34 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2015-11-10 20:45 - 2015-01-10 18:09 - 00000000 ____D C:\Users\Robert\AppData\Local\Google</p><p>2015-11-10 20:45 - 2015-01-10 18:09 - 00000000 ____D C:\Program Files (x86)\Google</p><p>2015-11-10 19:27 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM</p><p>2015-11-09 18:59 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Finances</p><p>2015-11-03 19:27 - 2015-08-25 18:48 - 00002388 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2015-11-03 19:19 - 2015-01-10 18:28 - 00000000 ____D C:\ProgramData\McAfee</p><p>2015-11-03 18:20 - 2015-07-10 11:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2015-11-03 18:20 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-11-01 12:35 - 2015-08-24 19:47 - 00000000 ____D C:\ProgramData\CanonIJPLM</p><p>2015-10-31 09:53 - 2015-01-10 17:53 - 00002513 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk</p><p>2015-10-29 22:34 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Trading</p><p>2015-10-28 20:36 - 2015-01-10 17:58 - 00000000 ____D C:\Program Files\Microsoft Office 15</p><p>2015-10-26 07:03 - 2014-09-13 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer</p><p>2015-10-26 07:03 - 2014-07-17 08:49 - 00000000 ___HD C:\OEM</p><p>2015-10-26 07:01 - 2015-01-10 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\clear.fi</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\F12</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Provisioning</p><p>2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\L2Schemas</p><p>2015-10-21 16:28 - 2014-09-13 23:07 - 00000000 ____D C:\Program Files (x86)\Acer</p><p>2015-10-21 16:27 - 2015-07-20 18:33 - 00003418 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent</p><p>2015-10-19 17:08 - 2015-02-24 19:34 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473</p><p>2015-10-19 16:19 - 2015-02-24 19:34 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager</p><p>2015-10-19 16:19 - 2014-09-13 23:20 - 00000000 ____D C:\ProgramData\Package Cache</p><p>2015-10-19 06:05 - 2015-02-24 19:34 - 00003604 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon</p><p>2015-10-15 20:58 - 2015-01-15 22:01 - 00000000 ____D C:\Users\Robert\AppData\Local\Citrix</p><p>2015-10-15 16:17 - 2015-06-13 21:14 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon</p><p>2015-10-15 16:17 - 2015-01-10 18:28 - 00000000 ____D C:\Program Files\Common Files\McAfee</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-01-10 18:44 - 2015-01-22 20:08 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe</p><p>2015-08-25 18:15 - 2015-08-25 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2015-01-23 22:31 - 2015-01-23 22:31 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc</p><p>2015-11-14 14:40 - 2014-04-16 22:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2419769.exe</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\ProgramData\uninstall2419769.exe</p><p></p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Robert\AppData\Local\Temp\Foxit PhantomPDF Updater.exe</p><p>C:\Users\Robert\AppData\Local\Temp\oct2096.tmp.exe</p><p>C:\Users\Robert\AppData\Local\Temp\oct7FF3.tmp.exe</p><p>C:\Users\Robert\AppData\Local\Temp\octC30A.tmp.exe</p><p>C:\Users\Robert\AppData\Local\Temp\ReimagePackage.exe</p><p>C:\Users\Robert\AppData\Local\Temp\sqlite3.dll</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-11-11 17:56</p><p></p><p>==================== End of FRST.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="Meri, post: 450584, member: 45261"] [Code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by Robert (administrator) on TRADINGPC (14-11-2015 14:54:14) Running from C:\Users\Robert\Downloads Loaded Profiles: Robert (Available Profiles: Robert) Platform: Windows 8 Pro (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12709688 2015-11-06] (Zemana Ltd.) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] () HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-691498483-823551374-2398540852-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer) HKU\S-1-5-21-691498483-823551374-2398540852-1001\...\RunOnce: [Uninstall C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64" HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] () ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-15] (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-01-22] ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{db557b09-89db-4c31-8e38-9ae5f3b5937b}: [DhcpNameServer] 192.0.2.3 Tcpip\..\Interfaces\{fab6f22f-af02-4439-a37b-32846f5d398d}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-691498483-823551374-2398540852-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=APJB SearchScopes: HKLM -> DefaultScope {55558A7A-1C43-4FE6-8C57-B3A5339E298B} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> OldSearch URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151024&p={searchTerms} SearchScopes: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> {55558A7A-1C43-4FE6-8C57-B3A5339E298B} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-22] (McAfee) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-22] (McAfee) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-22] (McAfee) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-22] (McAfee) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-691498483-823551374-2398540852-1001 -> hxxp://[URL="http://www.google.com/"]www.google.com/[/URL] FireFox: ======== FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w2fromb7.default FF SearchEngineOrder.1: Secure Search FF SelectedSearchEngine: Default FF Homepage: [URL="http://www.google.com"]www.google.com[/URL] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] () FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-10] (Google Inc.) FF Plugin HKU\S-1-5-21-691498483-823551374-2398540852-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-15] (Citrix Online) FF SearchPlugin: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w2fromb7.default\searchplugins\McSiteAdvisor.xml [2015-11-13] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-12] [not signed] Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggUd10PAgESQhgacl0LTA1DFQYOIg4JAxREGAVAcloPUgwTGQMFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEgVFxAK3JWDk4=" CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-10] CHR Extension: (McAfee SafeKey) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-11-10] CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10] CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10] CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10] CHR Extension: (Google Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10] CHR Extension: (SiteAdvisor) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-10] CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-10] CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12] CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-01-10] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-10] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-14] (SurfRight B.V.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18064 2015-04-18] () R2 Intel(R) Technology Access Legacy CS Loader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [144128 2015-07-31] (Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [481536 2015-07-31] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-06] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.) S3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () S3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12709688 2015-11-06] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-06] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2015-01-11] (Nicomsoft Ltd.) R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation) R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67832 2015-05-19] (Intel Corporation) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [199536 2015-11-14] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [199536 2015-11-14] (Zemana Ltd.) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 14:54 - 2015-11-14 14:54 - 00021994 _____ C:\Users\Robert\Downloads\FRST.txt 2015-11-14 14:54 - 2015-11-14 14:54 - 00000000 ____D C:\FRST 2015-11-14 14:53 - 2015-11-14 14:54 - 02198528 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe 2015-11-14 14:47 - 2015-11-14 14:47 - 00001061 _____ C:\Users\Robert\Desktop\JRT.txt 2015-11-14 14:44 - 2015-11-14 14:44 - 00000102 _____ C:\Users\Robert\Desktop\atenmpst.txt 2015-11-14 14:43 - 2015-11-14 14:43 - 01801288 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe 2015-11-14 14:40 - 2014-04-16 22:08 - 00658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2419769.exe 2015-11-14 14:39 - 2015-11-14 14:39 - 00016148 _____ C:\WINDOWS\system32\TRADINGPC_Robert_HistoryPrediction.bin 2015-11-14 14:34 - 2015-11-14 14:54 - 01982665 _____ C:\WINDOWS\ZAM.krnl.trace 2015-11-14 14:34 - 2015-11-14 14:46 - 00005162 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2015-11-14 14:34 - 2015-11-14 14:34 - 05278464 _____ ( ) C:\Users\Robert\Downloads\Zemana.AntiMalware.Setup (1).exe 2015-11-14 14:34 - 2015-11-14 14:34 - 00199536 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2015-11-14 14:34 - 2015-11-14 14:34 - 00199536 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2015-11-14 14:34 - 2015-11-14 14:34 - 00001229 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Zemana 2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2015-11-14 14:34 - 2015-11-14 14:34 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2015-11-14 14:33 - 2015-11-14 14:34 - 05278464 _____ ( ) C:\Users\Robert\Downloads\Zemana.AntiMalware.Setup.exe 2015-11-14 14:16 - 2015-11-14 14:16 - 01729536 _____ C:\Users\Robert\Downloads\adwcleaner_5.020 (1).exe 2015-11-14 14:14 - 2015-11-14 14:14 - 04383048 _____ (Google) C:\Users\Robert\Downloads\chrome_cleanup_tool.exe 2015-11-14 14:14 - 2015-11-14 14:14 - 00000264 _____ C:\Users\Robert\Downloads\debug.log 2015-11-14 14:09 - 2015-11-14 14:09 - 00000000 ___HD C:\OneDriveTemp 2015-11-14 14:07 - 2015-11-14 14:07 - 00002690 _____ C:\WINDOWS\system32\.crusader 2015-11-14 13:36 - 2015-11-14 14:07 - 00000000 ____D C:\ProgramData\HitmanPro 2015-11-14 13:36 - 2015-11-14 13:36 - 00001974 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-11-14 13:36 - 2015-11-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-11-14 13:36 - 2015-11-14 13:36 - 00000000 ____D C:\Program Files\HitmanPro 2015-11-14 13:35 - 2015-11-14 13:36 - 11337112 _____ (SurfRight B.V.) C:\Users\Robert\Downloads\HitmanPro_x64.exe 2015-11-14 13:16 - 2015-11-14 14:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-14 13:15 - 2015-11-14 13:15 - 22908888 _____ (Malwarebytes ) C:\Users\Robert\Downloads\mbam-setup-web.NT-2.2.0.1024.exe 2015-11-14 13:15 - 2015-11-14 13:15 - 00001183 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-14 13:15 - 2015-11-14 13:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-14 13:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-11-14 13:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-11-14 13:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-11-14 12:50 - 2015-11-14 14:19 - 00000000 ____D C:\AdwCleaner 2015-11-14 12:49 - 2015-11-14 12:49 - 01729536 _____ C:\Users\Robert\Downloads\adwcleaner_5.020.exe 2015-11-14 12:41 - 2015-11-14 14:34 - 00000486 _____ C:\Users\Robert\Desktop\malwa.txt 2015-11-14 12:32 - 2015-11-14 12:32 - 00772016 _____ (Reimage®) C:\Users\Robert\Downloads\ReimageRepair.exe 2015-11-14 12:23 - 2015-11-14 12:23 - 00000291 _____ C:\Users\Robert\Desktop\winsock.txt 2015-11-14 12:09 - 2015-11-14 12:09 - 00000000 ____D C:\WINDOWS\LastGood 2015-11-13 21:35 - 2015-11-13 21:35 - 00000000 ____D C:\Users\Robert\AppData\Roaming\WildTangent 2015-11-13 16:57 - 2015-11-13 19:50 - 00000000 ____D C:\Users\Robert\AppData\Local\Mozilla 2015-11-13 16:57 - 2015-11-13 19:42 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Mozilla 2015-11-12 23:01 - 2015-11-12 23:01 - 00010162 _____ C:\Users\Robert\Downloads\TN 12th Nov.xlsx 2015-11-12 20:40 - 2015-11-12 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-11-11 18:45 - 2015-11-11 18:45 - 02909696 _____ C:\Users\Robert\Downloads\TIFEOMEquity (5).xls 2015-11-11 07:03 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-11-11 07:03 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-11-11 07:03 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-11-11 07:03 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2015-11-11 07:03 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-11-11 07:03 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-11-11 07:03 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-11-11 07:03 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-11-11 07:03 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-11-11 07:03 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2015-11-11 07:03 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2015-11-11 07:03 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-11-11 07:03 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-11-11 07:03 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-11-11 07:03 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-11-11 07:03 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-11-11 07:03 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-11-11 07:03 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-11-11 07:03 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-11-11 07:03 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-11-11 07:03 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2015-11-11 07:03 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-11-11 07:03 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-11-11 07:03 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-11-11 07:03 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-11-11 07:03 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-11-11 07:03 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-11-11 07:03 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-11-11 07:03 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-11-11 07:03 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-11-11 07:03 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-11-11 07:03 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-11-11 07:03 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-11-11 07:03 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-11-11 07:03 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-11-11 07:03 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-11-11 07:03 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-11-11 07:03 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-11-11 07:03 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-11-11 07:03 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-11-11 07:03 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-11-11 07:03 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-11-11 07:03 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-11-11 07:03 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-11-11 07:03 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-11-11 07:03 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-11-11 07:03 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-11-11 07:03 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-11-11 07:03 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-11-11 07:03 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-11-11 07:03 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-11-11 07:03 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-11-11 07:03 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-11-10 20:45 - 2015-11-10 20:45 - 00002344 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-10 20:45 - 2015-11-10 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-10 20:44 - 2015-11-14 14:49 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-10 20:44 - 2015-11-14 14:21 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-10 20:44 - 2015-11-10 20:44 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-10 20:44 - 2015-11-10 20:44 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-10 20:43 - 2015-11-10 20:44 - 00000000 ____D C:\Users\Robert\AppData\Local\Deployment 2015-11-01 19:03 - 2015-11-02 18:45 - 00390679 _____ C:\Users\Robert\Downloads\TT Stops (2).xlsx 2015-10-31 14:26 - 2015-11-12 23:01 - 00010150 _____ C:\Users\Robert\Downloads\TN 29th Oct (1).xlsx 2015-10-31 14:26 - 2015-10-31 14:26 - 02939392 _____ C:\Users\Robert\Downloads\TT Monthly (2).xls 2015-10-30 21:43 - 2015-10-30 21:43 - 02939392 _____ C:\Users\Robert\Downloads\TT Monthly (1).xls 2015-10-30 19:53 - 2015-10-30 19:53 - 00003392 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform 2015-10-29 22:14 - 2015-10-29 22:14 - 00010115 _____ C:\Users\Robert\Downloads\TN 29th Oct.xlsx 2015-10-26 21:53 - 2015-10-26 21:53 - 00105472 _____ C:\Users\Robert\Downloads\ICE-OJF2015.xls 2015-10-26 21:53 - 2015-10-26 21:53 - 00105472 _____ C:\Users\Robert\Downloads\ICE-OJF2015 (1).xls 2015-10-26 21:46 - 2015-10-26 21:46 - 00346506 _____ C:\Users\Robert\Downloads\TT Stops (1).xlsx 2015-10-26 07:03 - 2015-10-26 07:03 - 00002070 _____ C:\Users\Public\Desktop\abPhoto.lnk 2015-10-23 20:01 - 2015-10-23 20:01 - 00108277 _____ C:\Users\Robert\Downloads\TT Stops.xlsx 2015-10-21 16:57 - 2015-10-21 16:57 - 00109568 _____ C:\Users\Robert\Downloads\ICE-SBH2015.xls 2015-10-21 16:57 - 2015-10-21 16:57 - 00108544 _____ C:\Users\Robert\Downloads\ICE-SBH2014.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00110592 _____ C:\Users\Robert\Downloads\ICE-SBH2011.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00109056 _____ C:\Users\Robert\Downloads\ICE-SBH2012.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00108032 _____ C:\Users\Robert\Downloads\ICE-SBH2013.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00073216 _____ C:\Users\Robert\Downloads\ICE-SBH2010.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00070656 _____ C:\Users\Robert\Downloads\ICE-SBH2008.xls 2015-10-21 16:56 - 2015-10-21 16:56 - 00068096 _____ C:\Users\Robert\Downloads\ICE-SBH2009.xls 2015-10-21 16:42 - 2015-10-21 16:42 - 02911744 _____ C:\Users\Robert\Downloads\TT Monthly.xls 2015-10-21 16:28 - 2015-10-21 16:28 - 00003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud 2015-10-21 16:28 - 2015-10-21 16:28 - 00002093 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2015-10-21 16:25 - 2015-10-21 16:25 - 00002034 _____ C:\Users\Public\Desktop\abDocs.lnk 2015-10-19 16:19 - 2015-10-19 16:19 - 00003886 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d 2015-10-19 16:19 - 2015-10-19 16:19 - 00003652 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon 2015-10-19 16:19 - 2015-10-19 16:19 - 00000000 ____D C:\Program Files (x86)\Intel Corporation 2015-10-18 18:26 - 2015-10-18 18:26 - 02874880 _____ C:\Users\Robert\Downloads\TIFEOMEquity (4).xls 2015-10-18 18:26 - 2015-10-18 18:26 - 01501184 _____ C:\Users\Robert\Downloads\Historical Prices 2 - averages daily moves.xls 2015-10-18 18:17 - 2015-10-18 18:17 - 01492992 _____ C:\Users\Robert\Downloads\Historical Prices 2 (1).xls 2015-10-17 21:31 - 2015-11-01 20:29 - 00009950 _____ C:\Users\Robert\Documents\Christmas list.xlsx 2015-10-17 16:05 - 2015-10-17 16:05 - 00070656 _____ C:\Users\Robert\Downloads\ICE-OJU2016.xls 2015-10-17 16:04 - 2015-10-17 16:04 - 00038400 _____ C:\Users\Robert\Downloads\CME-FCU2015.xls 2015-10-17 16:03 - 2015-10-17 16:03 - 00081920 _____ C:\Users\Robert\Downloads\CME-OU2015.xls 2015-10-17 15:57 - 2015-10-17 15:57 - 00083456 _____ C:\Users\Robert\Downloads\CME-BOU2015.xls 2015-10-17 15:57 - 2015-10-17 15:57 - 00082944 _____ C:\Users\Robert\Downloads\CME-SMU2015.xls 2015-10-17 12:06 - 2015-10-17 12:06 - 00056320 _____ C:\Users\Robert\Downloads\CME-LCV2015.xls 2015-10-17 12:03 - 2015-10-17 12:04 - 00770560 _____ C:\Users\Robert\Downloads\Historical Prices 2.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-14 14:49 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Personal 2015-11-14 14:45 - 2015-01-10 17:52 - 00000000 ___RD C:\Users\Robert\OneDrive 2015-11-14 14:40 - 2014-07-17 08:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-14 14:40 - 2014-07-17 08:19 - 00000000 ____D C:\Program Files (x86)\WildGames 2015-11-14 14:26 - 2015-01-10 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-11-14 14:24 - 2015-08-25 18:30 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-14 14:21 - 2015-08-25 18:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-14 14:21 - 2015-07-10 12:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-14 14:20 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-14 14:20 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-11-14 14:19 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-14 14:14 - 2015-01-10 17:57 - 00000000 ____D C:\Users\Robert\AppData\Local\CrashDumps 2015-11-14 14:11 - 2015-01-15 22:01 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-691498483-823551374-2398540852-1001.job 2015-11-14 14:08 - 2015-08-25 18:12 - 00033446 _____ C:\WINDOWS\PFRO.log 2015-11-14 13:48 - 2015-06-06 11:49 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-691498483-823551374-2398540852-1001.job 2015-11-14 12:30 - 2015-01-10 17:49 - 00000000 ____D C:\Users\Robert\AppData\Local\SweetLabs App Platform 2015-11-14 12:26 - 2015-08-25 18:17 - 00000000 ____D C:\Users\Robert 2015-11-14 12:18 - 2015-01-10 17:54 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB34D5BE-E2BC-40F8-86B0-4EA269F8C1A3} 2015-11-14 12:09 - 2015-01-10 18:43 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-13 21:35 - 2014-07-17 08:19 - 00000000 ____D C:\ProgramData\WildTangent 2015-11-13 21:35 - 2014-07-17 08:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-11-13 21:34 - 2015-01-23 21:01 - 00000000 ____D C:\Users\Robert\Documents\NinjaTrader 7 2015-11-13 20:48 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-13 16:58 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-11-12 21:58 - 2015-01-10 17:50 - 00000000 ____D C:\Users\Robert\AppData\Local\Packages 2015-11-12 21:16 - 2015-06-06 11:49 - 00003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-691498483-823551374-2398540852-1001 2015-11-12 21:16 - 2015-01-15 22:01 - 00003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-691498483-823551374-2398540852-1001 2015-11-12 20:39 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-11-12 19:56 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-11 20:58 - 2015-02-28 10:33 - 00000000 ____D C:\Users\Robert\Documents\Jobs 2015-11-11 07:11 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-11-11 07:11 - 2015-01-14 19:34 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-11 07:08 - 2015-01-14 19:34 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-10 20:45 - 2015-01-10 18:09 - 00000000 ____D C:\Users\Robert\AppData\Local\Google 2015-11-10 20:45 - 2015-01-10 18:09 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-10 19:27 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-11-09 18:59 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Finances 2015-11-03 19:27 - 2015-08-25 18:48 - 00002388 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-11-03 19:19 - 2015-01-10 18:28 - 00000000 ____D C:\ProgramData\McAfee 2015-11-03 18:20 - 2015-07-10 11:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-11-03 18:20 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-01 12:35 - 2015-08-24 19:47 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-10-31 09:53 - 2015-01-10 17:53 - 00002513 _____ C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-10-29 22:34 - 2015-01-18 19:52 - 00000000 ____D C:\Users\Robert\Documents\Trading 2015-10-28 20:36 - 2015-01-10 17:58 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-10-26 07:03 - 2014-09-13 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-10-26 07:03 - 2014-07-17 08:49 - 00000000 ___HD C:\OEM 2015-10-26 07:01 - 2015-01-10 17:51 - 00000000 ____D C:\Users\Robert\AppData\Local\clear.fi 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-22 06:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-10-21 16:28 - 2014-09-13 23:07 - 00000000 ____D C:\Program Files (x86)\Acer 2015-10-21 16:27 - 2015-07-20 18:33 - 00003418 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent 2015-10-19 17:08 - 2015-02-24 19:34 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-10-19 16:19 - 2015-02-24 19:34 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager 2015-10-19 16:19 - 2014-09-13 23:20 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-19 06:05 - 2015-02-24 19:34 - 00003604 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2015-10-15 20:58 - 2015-01-15 22:01 - 00000000 ____D C:\Users\Robert\AppData\Local\Citrix 2015-10-15 16:17 - 2015-06-13 21:14 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2015-10-15 16:17 - 2015-01-10 18:28 - 00000000 ____D C:\Program Files\Common Files\McAfee ==================== Files in the root of some directories ======= 2015-01-10 18:44 - 2015-01-22 20:08 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-08-25 18:15 - 2015-08-25 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-23 22:31 - 2015-01-23 22:31 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2015-11-14 14:40 - 2014-04-16 22:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2419769.exe Files to move or delete: ==================== C:\ProgramData\uninstall2419769.exe Some files in TEMP: ==================== C:\Users\Robert\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\Robert\AppData\Local\Temp\oct2096.tmp.exe C:\Users\Robert\AppData\Local\Temp\oct7FF3.tmp.exe C:\Users\Robert\AppData\Local\Temp\octC30A.tmp.exe C:\Users\Robert\AppData\Local\Temp\ReimagePackage.exe C:\Users\Robert\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-11 17:56 ==================== End of FRST.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
