Kato117

Sorry, but I'm not downloading all that crap. Seems pointless to me. I'll take my chances without all the extra downloading. When I downloaded Geek-Uninstall and forced uninstall the PUP "HQCinema Pro" the ads stopped popping up on my web browsers, so I think it's safe to say that the issue has been resolved. If any later issues popup I'll come back.

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/25/2015 Scan Time: 1:08 PM Logfile: Administrator: Yes Version: 0.0.0.0000 Malware Database: v2015.11.25.05Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/25/2015 Scan Time: 1:08 PM Logfile: Administrator: Yes Version: 0.0.0.0000 Malware Database: v2015.11.25.05 Rootkit Database: v2015.11.23.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: KatoV Scan Type: Threat Scan Result: Completed Objects Scanned: 336360 Time Elapsed: 15 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Rootkit Database: v2015.11.23.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: KatoV Scan Type: Threat Scan Result: Completed Objects Scanned: 336360 Time Elapsed: 15 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/25/2015 Scan Time: 1:08 PM Logfile: MalwarebytesScanlog.txt Administrator: Yes Version: 0.0.0.0000 Malware Database: v2015.11.25.05 Rootkit Database: v2015.11.23.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: KatoV Scan Type: Threat Scan Result: Completed Objects Scanned: 336360 Time Elapsed: 15 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I followed all instructions in order as you requested. I ran a scan and that was the results. Nothing more, nothing less. I'll try again.

All I see.

Ok, MB logs are posted.

Malwarebytes Anti-Malware www.malwarebytes.org Error, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, IsLicensed, 13, Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopping, Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopped, Error, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, IsLicensed, 13, Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopping, Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopped, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Starting, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Started, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Starting, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Started, Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, IP Database, 2015.9.21.2, 2015.11.25.1, Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Domain Database, 2015.9.22.3, 2015.11.25.4, Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Rootkit Database, 2015.9.18.1, 2015.11.23.1, Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Remediation Database, 2015.9.16.1, 2015.11.22.2, Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Malware Database, 2015.9.22.5, 2015.11.25.4, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Refresh, Starting, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Stopping, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Stopped, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Refresh, Success, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Starting, Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Started, (end)

Yes GeekUninstaller was successful. The logs for Malwarebytes? Umm... they should be there... I followed all instructions. Perhaps I did something wrong?

Ok logs are posted.

Users shortcut scan result (x64) Version:25-11-2015 01 Ran by KatoV (2015-11-25 11:48:24) Running from C:\Users\KatoV\Downloads Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\KatoV\Documents () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\KatoV\Downloads () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\KatoV\Music () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\KatoV\Pictures () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\KatoV\Videos () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\KatoV () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5\Modio 5.lnk -> C:\Program Files (x86)\Modio 5\Modio.exe (GameTuts) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF\Foxit PhantomPDF.lnk -> C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe (Foxit Software Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Care Center.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Power Management.lnk -> C:\Program Files\Acer\Acer Power Management\ePowerUI.exe (Acer Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User Experience Improvement Program.lnk -> C:\Program Files\Acer\User Experience Improvement Program\Framework\Setting.exe (acer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User's Manual.lnk -> C:\OEM\Preload\Autorun\GUI\Acer User's Manual\00\OnePager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\Links\Desktop.lnk -> C:\Users\KatoV\Desktop () Shortcut: C:\Users\KatoV\Links\Downloads.lnk -> C:\Users\KatoV\Downloads () Shortcut: C:\Users\KatoV\Desktop\Dashlane Password Manager.lnk -> C:\Program Files (x86)\Dashlane\Upgrade\DashlaneDownloader.exe (Dashlane SAS) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\KatoV\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public.lnk -> C:\Users\Public () Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane\Dashlane Password Manager.lnk -> C:\Program Files (x86)\Dashlane\Upgrade\DashlaneDownloader.exe (Dashlane SAS) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated) Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.) Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\Modio 5.lnk -> C:\Program Files (x86)\Modio 5\Modio.exe (GameTuts) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.11.226\McAfee.ico ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) -> /p 1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abFiles.lnk -> C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe (acer) -> ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Recovery Management.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe () -> eRecovery ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\KatoV\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) -> /p 2 ShortcutWithArgument: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/ InternetURL: C:\Users\Default\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334 InternetURL: C:\Users\Default\Favorites\Acer\Acer.url -> hxxp://www.acer.com/ InternetURL: C:\Users\KatoV\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\KatoV\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334 InternetURL: C:\Users\KatoV\Favorites\Phone\CNN.url -> hxxp://www.cnn.com InternetURL: C:\Users\KatoV\Favorites\Phone\Cricket Help and Support.url -> hxxps://www.cricketwireless.com/support InternetURL: C:\Users\KatoV\Favorites\Phone\Endless list of big words Definitions flashcards - Quizlet.url -> hxxps://quizlet.com/11587263/endless-list-of-big-words-definitions-flash-cards/ InternetURL: C:\Users\KatoV\Favorites\Phone\ESPN.url -> hxxp://www.espn.com InternetURL: C:\Users\KatoV\Favorites\Phone\Google.url -> hxxp://www.google.com/ InternetURL: C:\Users\KatoV\Favorites\Phone\Grammar and spellchecker – English – Reverso.url -> hxxp://www.reverso.net/spell-checker/english-spelling-grammar/ InternetURL: C:\Users\KatoV\Favorites\Phone\How to Easily Repair Cast Net Holes.url -> hxxp://reidrichardson.hubpages.com/hub/How-to-Easily-Repair-Cast-Net-Holes InternetURL: C:\Users\KatoV\Favorites\Phone\MSN.url -> hxxp://www.msn.com InternetURL: C:\Users\KatoV\Favorites\Phone\Nokia Support.url -> hxxp://link.nokia.com/entry/van/nsupport/530 InternetURL: C:\Users\KatoV\Favorites\Phone\Nokia.com.url -> hxxp://nokia.mobi/entry/van/main/530 InternetURL: C:\Users\KatoV\Favorites\Phone\Wikipedia.url -> hxxp://www.wikipedia.com InternetURL: C:\Users\KatoV\Favorites\Phone\Windows Phone Tips.url -> hxxp://go.microsoft.com/fwlink/?LinkId=247436 InternetURL: C:\Users\KatoV\Favorites\Links\Acer Store.url -> hxxp://go.acer.com/?id=16752&model=Aspire R3-131T InternetURL: C:\Users\KatoV\Favorites\Acer\Acer.url -> hxxp://www.acer.com/ InternetURL: C:\Users\KatoV\Favorites\Acer\eBay.url -> hxxps://rover.ebay.com/rover/1/711-66992-24801-6/4 ==================== End of Shortcut.txt =============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 01 Ran by KatoV (2015-11-25 11:46:05) Running from C:\Users\KatoV\Downloads Windows 10 Home (X64) (2015-10-13 23:57:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2840548730-265254786-3021258719-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2840548730-265254786-3021258719-503 - Limited - Disabled) Guest (S-1-5-21-2840548730-265254786-3021258719-501 - Limited - Disabled) KatoV (S-1-5-21-2840548730-265254786-3021258719-1001 - Administrator - Enabled) => C:\Users\KatoV ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated) abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated) Acer Audio Invert Utility (HKLM-x32\...\{11086334-4198-44C7-8C67-7B49E4AC925A}) (Version: 1.00.3002 - Acer Incorporated) Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated) Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated) Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{EBCCD2B7-FCA9-4714-97A4-CBC48E544BB2}) (Version: 2.3.2 - Amazon) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated) Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.0.13.0 - Dashlane SAS) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated) ELAN HIDI2C Filter Driver X64 13.6.3.1_WHQL (HKLM\...\Elantech) (Version: 13.6.3.1 - ELAN Microelectronic Corp.) Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.) globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Horizon v2.8.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.9.0 - Daring Development Inc.) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company) Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation) Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation) Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4132 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Modio 5 (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2840548730-265254786-3021258719-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\KatoV\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 03:04 - 2015-11-14 17:47 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08BA19B7-CADF-46E1-8CE0-8048812636A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {1EA3ADBC-D673-4438-B72E-C9987537556C} - System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4 => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-4.exe <==== ATTENTION Task: {28DD7DA3-0576-4A32-9D31-ED86F928BF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.) Task: {3118D926-5E0F-4C58-98AF-E5F1D0213E3C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated) Task: {326E71EE-EB7A-4497-AA97-AB03BE871D29} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] () Task: {36A24B65-FC81-4036-B777-A4E6B6D6DFD3} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION Task: {39F0A9DE-D80E-4F52-919C-14CC7B96C1FF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {46CCC8F1-1708-490D-B26B-B61D3F22B377} - System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe [2015-11-04] (HQ-VideoV04.11) <==== ATTENTION Task: {52240AF9-8255-4640-A86D-3ED8ED5D3BE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {5D8B0CA3-0555-428A-BBA1-6762E6734946} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION Task: {61A2E6C4-CC43-4285-8F98-26284256AC85} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation) Task: {69BEEB87-E8DB-448A-969C-3A480AD08DF6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated) Task: {7A259486-21A6-4AB7-8A4A-8C1165C74DC5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] () Task: {8BD6CF75-657E-4F43-890F-370D8B73B5B4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-09] (Acer Incorporated) Task: {A71D9D25-CFFE-43B6-B021-EE3662AFCE1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation) Task: {B81ED7B6-2F43-4821-9A8F-25DCA0AC7A5A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer) Task: {BD92AA7F-C7E0-400E-8A3B-CA9AC52AB5E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company) Task: {C440D2D8-008A-41CC-8A0D-C19013A53901} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.) Task: {D0F503BF-FDC0-41DD-859F-2D5646CEC07E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company) Task: {D3F24854-B301-48A2-9F12-71BAA8D979FB} - System32\Tasks\Audio Invert Utility => C:\Program Files (x86)\Acer\Acer Audio Invert Utility\Launcher.exe [2014-12-29] (Acer Incorporated) Task: {DCE78AC9-8196-4614-848D-DA2F54B10342} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.) Task: {DD422CC7-0DEE-4FD2-BFD2-C9DED53D2BB2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {F62C03DF-F6BA-4322-9BB1-0FA98505ED48} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-13] () Task: {F7C002C2-9083-4FF4-879D-8A5F51225BC1} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>) Task: {FDB2A21A-49B4-49D1-AD54-F09CDF339A94} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] () Task: {FEB1D4E3-6ED2-4770-B705-725E1CF55D27} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe <==== ATTENTION Task: C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4.job => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-4.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 03:00 - 2015-07-10 03:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll 2015-08-07 22:08 - 2015-08-07 22:08 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-07-10 03:00 - 2015-07-10 03:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll 2015-10-13 18:19 - 2015-08-11 01:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-10-14 16:01 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-02-26 09:12 - 2015-02-26 09:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe 2015-10-13 18:20 - 2015-09-16 22:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll 2015-10-13 16:02 - 2015-10-13 16:02 - 00415128 _____ () C:\Windows\system32\igfxTray.exe 2015-10-13 18:20 - 2015-09-16 22:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll 2015-11-17 15:52 - 2015-11-01 02:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2015-10-13 18:18 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 02:59 - 2015-07-10 02:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-10-13 18:20 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-13 18:18 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-13 18:20 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-13 18:20 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 03:00 - 2015-07-10 05:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-09-16 13:58 - 2015-09-16 13:58 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe 2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2015-07-10 02:38 - 2015-07-10 02:38 - 04580704 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe 2015-07-29 00:33 - 2015-05-08 09:41 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-11-10 20:08 - 2015-11-06 20:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll 2015-11-10 20:08 - 2015-11-06 20:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll 2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll 2015-09-16 13:58 - 2015-09-16 13:58 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll 2015-09-14 16:46 - 2015-09-14 16:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2015-09-14 16:46 - 2015-09-14 16:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2015-09-14 16:46 - 2015-09-14 16:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2015-09-14 16:46 - 2015-09-14 16:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2015-10-26 15:26 - 2015-10-26 15:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2015-09-10 13:51 - 2015-09-10 13:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2015-09-10 13:43 - 2015-09-10 13:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com IE trusted site: HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\amazon.com -> amazon.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KatoV\Downloads\index.jpg DNS Servers: 75.75.76.76 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7991A1E7-3D82-415D-B358-A734A0BB6AFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B03A0885-60BA-44C4-B05F-80C74DA19CDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D6275480-01CB-4529-BC85-E1D9093991E8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{4C259501-AF4A-4A01-B0B8-1BB4D2818635}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{79907BCC-9B23-4606-90BE-99EAEC1E0206}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{813CD130-7B92-4D61-9F15-59704324354F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{F999D13C-8B3B-4A90-8990-274203ABB4C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{E59A3561-236E-45FF-997C-8BAEFF129687}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{09940EC2-6801-4771-8BFC-19CADE528971}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{79F5D575-B878-4DF2-BB02-2C9A8E1DB3B1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{3512946D-D6F0-4CA3-828E-607594551974}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{AD2BACD7-7EE5-4D95-80D6-D4FB27B32365}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FFA98EA1-184F-4055-8099-05111EA8234D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/25/2015 11:00:29 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (11/25/2015 10:43:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FMAPP.exe, version: 1.64.0.5, time stamp: 0x54d47bbe Faulting module name: FMAPP.exe, version: 1.64.0.5, time stamp: 0x54d47bbe Exception code: 0xc0000005 Fault offset: 0x0000000000002f6d Faulting process id: 0x1b9c Faulting application start time: 0xFMAPP.exe0 Faulting application path: FMAPP.exe1 Faulting module path: FMAPP.exe2 Report Id: FMAPP.exe3 Faulting package full name: FMAPP.exe4 Faulting package-relative application ID: FMAPP.exe5 Error: (11/25/2015 10:38:28 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (11/24/2015 11:58:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NERAFIH) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/24/2015 11:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NERAFIH) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/24/2015 11:22:49 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (11/24/2015 08:36:22 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (11/24/2015 07:51:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (11/24/2015 07:41:06 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] Error: (11/24/2015 04:38:59 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR DPTF Build Version: 8.1.10600.150 DPTF Build Date: Jun 26 2015 11:46:12 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] System errors: ============= Error: (11/24/2015 11:58:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH) Description: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/24/2015 11:58:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH) Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH) Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaUnavailableUnavailable Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH) Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH) Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca ==================== Memory info =========================== Processor: Intel® Celeron® CPU N3050 @ 1.60GHz Percentage of memory in use: 84% Total physical RAM: 1871.27 MB Available physical RAM: 290.71 MB Total Virtual: 3343.27 MB Available Virtual: 906.28 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:28.52 GB) (Free:7.23 GB) NTFS Drive d: (TOSHIBA) (Removable) (Total:28.86 GB) (Free:28.85 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 29.1 GB) (Disk ID: 1182453F) Partition: GPT. ======================================================== Disk: 1 (Size: 28.9 GB) (Disk ID: 6F586537) Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0B) ==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 01 Ran by KatoV (administrator) on DESKTOP-NERAFIH (25-11-2015 11:44:01) Running from C:\Users\KatoV\Downloads Loaded Profiles: KatoV (Available Profiles: KatoV) Platform: Windows 10 Home (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (HQ-VideoV04.11) C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporate) C:\Program Files (x86)\Acer\Acer Audio Invert Utility\AudioInvertAgent.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Geek Uninstaller) D:\geek.exe (Geek Uninstaller) C:\Users\KatoV\AppData\Local\Temp\geek_x64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-06] (Realtek Semiconductor) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] () HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer) HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Run: [DelayShred] => c:\Program Files\mcafee\mqs\ShrCL.exe [143520 2015-07-20] (McAfee, Inc.) HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] () ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 Tcpip\..\Interfaces\{0c985688-5703-4e0d-ae33-4be9e2c8344b}: [DhcpNameServer] 75.75.76.76 75.75.75.75 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> DefaultScope {6D5DF9C7-2270-49EA-8489-2E0F28EFA137} URL = SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> {6D5DF9C7-2270-49EA-8489-2E0F28EFA137} URL = SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-09] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-09] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-20] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-20] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-09] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-06] (Google Inc.) FF SearchPlugin: C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\searchplugins\McSiteAdvisor.xml [2015-11-06] FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03] FF Extension: HQCinema Pro 2.1V04.11 - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-11-04] [not signed] FF Extension: Amazon 1Button App for Firefox - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\abb@amazon.com.xpi [2015-10-13] FF Extension: English (US) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF Extension: Thai Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-th@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF Extension: Türkçe (TR) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-tr@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF Extension: Ukrainian (UA) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-uk@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF Extension: Chinese Simplified (zh-CN) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-zh-CN@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF Extension: Traditional Chinese (zh-TW) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-zh-TW@firefox.mozilla.org.xpi [2015-10-15] [not signed] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-15] [not signed] Chrome: ======= CHR Profile: C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06] CHR Extension: (Google Docs) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06] CHR Extension: (Google Drive) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06] CHR Extension: (YouTube) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06] CHR Extension: (Google Search) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06] CHR Extension: (Google Docs Offline) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06] CHR Extension: (Gmail) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-20] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-20] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-09-17] (Amazon Inc.) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-09] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [75056 2015-06-24] (Dashlane SAS) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated) R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-06-25] (Intel Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-18] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [368552 2015-10-13] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation) R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-11-09] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] () R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-26] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.) R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-06-25] (Intel Corporation) R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-06-25] (Intel Corporation) R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-06-25] (Intel Corporation) R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [175152 2015-06-08] (ELAN Microelectronic Corp.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41984 2015-06-03] (Intel® Corporation) R3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [89592 2015-06-03] (Intel® Corporation) S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [112640 2015-06-03] (Intel® Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [167152 2015-06-18] (Intel Corporation) R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [5759240 2015-10-13] (Intel Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-25] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.) S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-21] (Intel Corporation) R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [9391896 2015-06-21] (Intel Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-17] (Realtek ) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31280 2015-04-13] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-25 11:44 - 2015-11-25 11:45 - 00027757 _____ C:\Users\KatoV\Downloads\FRST.txt 2015-11-25 11:43 - 2015-11-25 11:44 - 00000000 ____D C:\FRST 2015-11-25 11:40 - 2015-11-25 11:42 - 02348544 _____ (Farbar) C:\Users\KatoV\Downloads\FRST64.exe 2015-11-25 11:33 - 2015-11-25 11:33 - 00016148 _____ C:\Windows\system32\DESKTOP-NERAFIH_KatoV_HistoryPrediction.bin 2015-11-25 11:14 - 2015-11-25 11:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 11:13 - 2015-11-25 11:13 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-25 11:13 - 2015-11-25 11:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 11:13 - 2015-11-25 11:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-25 11:13 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 11:13 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-25 11:13 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-25 11:12 - 2015-11-25 11:12 - 22908888 _____ (Malwarebytes ) C:\Users\KatoV\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-25 11:05 - 2015-11-25 11:05 - 00000000 ____D C:\Users\KatoV\AppData\Roaming\Geek Uninstaller 2015-11-25 11:03 - 2015-11-25 11:03 - 02582494 _____ C:\Users\KatoV\Downloads\geek.zip 2015-11-25 10:40 - 2015-11-25 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-11-17 16:58 - 2015-11-17 16:58 - 04099548 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Alg 1.pdf 2015-11-17 16:57 - 2015-11-17 16:57 - 06088887 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Eng2.pdf 2015-11-17 16:57 - 2015-11-17 16:57 - 06088887 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Eng2 (1).pdf 2015-11-17 16:56 - 2015-11-17 16:56 - 03732953 _____ C:\Users\KatoV\Downloads\staar-EOC-E2-Write-Persuasive-ScorGde-Apr13.pdf 2015-11-17 16:56 - 2015-11-17 16:56 - 03732953 _____ C:\Users\KatoV\Downloads\staar-EOC-E2-Write-Persuasive-ScorGde-Apr13 (1).pdf 2015-11-15 11:50 - 2015-11-15 11:50 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods (2).zip 2015-11-15 11:48 - 2015-11-15 11:48 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods (1).zip 2015-11-14 17:47 - 2015-11-14 17:47 - 00001983 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-11-14 17:47 - 2015-11-14 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-11-14 17:47 - 2015-11-14 17:47 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-11-13 21:57 - 2015-11-13 21:57 - 00000677 _____ C:\Users\KatoV\Documents\22.htm 2015-11-13 17:38 - 2015-11-13 17:38 - 00000607 _____ C:\Users\KatoV\Documents\Cont... codecademy.htm 2015-11-12 20:31 - 2015-11-12 20:40 - 00000675 _____ C:\Users\KatoV\Desktop\New Text Document.txt 2015-11-12 19:20 - 2015-11-12 19:20 - 00000360 _____ C:\Users\KatoV\Documents\Practice along with codecademy.htm 2015-11-12 16:48 - 2015-11-12 16:48 - 04091904 _____ (Damian Borecki) C:\Users\KatoV\Desktop\CSS HTML Notepad.exe 2015-11-10 16:51 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-10 16:51 - 2015-11-04 20:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-10 16:50 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-10 16:50 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-11-10 16:50 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2015-11-10 16:50 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll 2015-11-10 16:50 - 2015-11-04 21:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-10 16:50 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2015-11-10 16:50 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2015-11-10 16:50 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-11-10 16:50 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-10 16:50 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-11-10 16:50 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll 2015-11-10 16:50 - 2015-11-04 20:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-10 16:50 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2015-11-10 16:50 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2015-11-10 16:50 - 2015-11-04 20:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2015-11-10 16:50 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2015-11-10 16:50 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2015-11-10 16:50 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2015-11-10 16:50 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll 2015-11-10 16:50 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2015-11-10 16:50 - 2015-11-04 20:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-10 16:50 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2015-11-10 16:50 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-11-10 16:50 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll 2015-11-10 16:50 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-10 16:50 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-10 16:50 - 2015-11-04 20:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2015-11-10 16:50 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll 2015-11-10 16:50 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-10 16:50 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll 2015-11-10 16:50 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-11-10 16:50 - 2015-11-04 19:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2015-11-10 16:50 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll 2015-11-10 16:50 - 2015-11-04 19:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2015-11-10 16:50 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2015-11-10 16:50 - 2015-11-04 19:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll 2015-11-10 16:50 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll 2015-11-10 16:50 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll 2015-11-10 16:50 - 2015-11-04 19:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-10 16:50 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2015-11-10 16:50 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2015-11-10 16:50 - 2015-11-04 19:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2015-11-10 16:50 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2015-11-10 16:50 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll 2015-11-10 16:50 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-10 16:50 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-10 16:50 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-10 16:50 - 2015-11-04 19:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-10 16:50 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll 2015-11-10 16:50 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2015-11-10 16:50 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll 2015-11-08 09:46 - 2015-11-08 09:47 - 00059410 _____ C:\Users\KatoV\Downloads\Setup.xml 2015-11-07 20:36 - 2015-11-07 20:44 - 01971712 _____ (xpg dev) C:\Users\KatoV\Downloads\Darksoul2.exe 2015-11-07 20:17 - 2015-11-07 20:23 - 00000000 ____D C:\Users\KatoV\Downloads\Halo 3 Recovery Tool 2015-11-07 20:17 - 2015-11-07 20:17 - 01440091 _____ C:\Users\KatoV\Downloads\Halo 3 Recovery Tool.rar 2015-11-07 20:16 - 2015-11-07 20:16 - 09989712 _____ (MEGA Limited) C:\Users\KatoV\Downloads\MEGAsyncSetup.exe 2015-11-07 19:40 - 2015-11-07 19:43 - 00000000 ____D C:\Users\KatoV\Downloads\L4D2 Mods 2015-11-07 19:38 - 2015-11-07 19:38 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods .zip 2015-11-07 19:35 - 2015-11-07 19:35 - 00069632 _____ C:\Users\KatoV\Downloads\UserSettings (1) 2015-11-07 19:31 - 2015-11-07 19:57 - 00081920 _____ C:\Users\KatoV\Downloads\UserSettings 2015-11-07 12:48 - 2015-11-07 12:48 - 00000000 ____D C:\Users\KatoV\Downloads\Fallout NV Modding Tool 2015-11-07 12:47 - 2015-11-07 12:47 - 06141752 _____ C:\Users\KatoV\Downloads\Fallout NV Modding Tool.zip 2015-11-07 09:18 - 2015-11-07 09:18 - 00001054 _____ C:\Users\Public\Desktop\Modio 5.lnk 2015-11-06 21:16 - 2015-11-06 21:16 - 00000000 ____D C:\$SysReset 2015-11-06 21:05 - 2015-11-06 21:05 - 00000000 _____ C:\autoexec.bat 2015-11-06 19:17 - 2015-11-06 19:17 - 00001356 _____ C:\Users\Public\Desktop\Horizon.lnk 2015-11-06 19:00 - 2015-11-10 20:09 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-06 19:00 - 2015-11-06 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-06 18:59 - 2015-11-25 11:04 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-06 18:59 - 2015-11-25 10:39 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-06 18:59 - 2015-11-06 19:00 - 00000000 ____D C:\Users\KatoV\AppData\Local\Google 2015-11-06 18:59 - 2015-11-06 18:59 - 00929872 _____ (Google Inc.) C:\Users\KatoV\Downloads\ChromeSetup.exe 2015-11-06 18:59 - 2015-11-06 18:59 - 00003986 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-06 18:59 - 2015-11-06 18:59 - 00003754 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-06 18:59 - 2015-11-06 18:59 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-05 17:23 - 2015-11-05 17:23 - 00000017 _____ C:\Users\KatoV\AppData\Local\resmon.resmoncfg 2015-11-05 15:59 - 2015-11-06 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-05 14:15 - 2015-11-05 14:15 - 00000000 ___HD C:\OneDriveTemp 2015-11-04 18:46 - 2015-11-05 14:24 - 00003546 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup 2015-11-04 18:46 - 2015-11-04 18:46 - 00003322 _____ C:\Windows\System32\Tasks\ProPCCleaner_Start 2015-11-04 18:45 - 2015-11-25 10:38 - 00004528 _____ C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4.job 2015-11-04 18:45 - 2015-11-04 18:45 - 00007644 _____ C:\Windows\System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4 2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Users\KatoV\AppData\Local\Pro_PC_Cleaner 2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Users\KatoV\AppData\Local\globalUpdate 2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-11-04 18:44 - 2015-11-25 11:44 - 00002146 _____ C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user.job 2015-11-04 18:44 - 2015-11-25 11:07 - 00000000 ____D C:\Program Files (x86)\HQCinema Pro 2.1V04.11 2015-11-04 18:44 - 2015-11-25 10:38 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-11-04 18:44 - 2015-11-04 18:44 - 00005332 _____ C:\Windows\System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user 2015-11-03 19:31 - 2015-11-03 19:31 - 00000952 _____ C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public.lnk 2015-11-02 02:28 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini 2015-10-31 22:50 - 2015-10-31 22:50 - 00181072 _____ C:\Users\KatoV\msvcr71.zip 2015-10-28 18:31 - 2015-10-28 18:31 - 00000000 ____D C:\Users\KatoV\Downloads\Dark Souls Save Editor 2015-10-26 17:10 - 2015-10-26 17:10 - 00000000 ____D C:\Users\KatoV\AppData\Local\Daring_Development_Inc 2015-10-26 17:09 - 2015-11-06 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2015-10-26 17:09 - 2015-10-26 17:09 - 00000000 ____D C:\Program Files (x86)\Daring Development 2015-10-26 17:08 - 2015-10-26 17:09 - 13215160 _____ (Daring Development Inc. ) C:\Users\KatoV\Downloads\Horizon.Setup.v2.8.8.exe 2015-10-26 15:18 - 2015-10-26 15:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-25 11:43 - 2015-07-10 01:05 - 00000000 ____D C:\Windows 2015-11-25 11:01 - 2015-07-29 00:29 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-25 11:01 - 2015-07-10 03:02 - 00000000 ____D C:\Windows\INF 2015-11-25 11:00 - 2015-10-14 15:16 - 00000000 ____D C:\Users\KatoV\AppData\Local\CrashDumps 2015-11-25 10:41 - 2015-10-13 17:00 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{54B9B1A5-7D42-4D3E-9648-E2332EE34C93} 2015-11-25 10:38 - 2015-10-13 16:04 - 00000000 __SHD C:\Users\KatoV\IntelGraphicsProfiles 2015-11-25 10:38 - 2015-10-13 15:57 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-23 18:17 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-23 18:17 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\AppReadiness 2015-11-21 23:29 - 2015-07-29 00:30 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-21 23:28 - 2015-07-10 04:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-20 19:21 - 2015-10-14 12:15 - 00003138 _____ C:\Windows\System32\Tasks\McAfeeLogon 2015-11-20 16:47 - 2015-10-13 16:00 - 00000000 ____D C:\Users\KatoV 2015-11-20 16:47 - 2015-07-10 01:05 - 00032768 ___SH C:\Windows\system32\config\ELAM 2015-11-17 16:05 - 2015-10-19 21:39 - 00031803 _____ C:\Users\KatoV\Desktop\Kato's AP World History Notes..txt 2015-11-17 15:56 - 2015-07-10 03:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-11-17 15:53 - 2015-08-07 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-11-12 18:33 - 2015-07-10 01:05 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-11-12 18:31 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\system32\appraiser 2015-11-12 17:58 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\rescache 2015-11-11 18:20 - 2015-10-13 18:38 - 00000000 ____D C:\Windows\system32\MRT 2015-11-11 18:10 - 2015-10-13 18:38 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-10 16:53 - 2015-07-10 02:55 - 00000000 ____D C:\Windows\CbsTemp 2015-11-10 15:04 - 2015-07-29 00:30 - 00000000 ____D C:\ProgramData\McAfee 2015-11-07 09:18 - 2015-10-13 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5 2015-11-07 09:18 - 2015-10-13 16:23 - 00000000 ____D C:\Program Files (x86)\Modio 5 2015-11-06 21:08 - 2015-07-29 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-06 19:11 - 2015-10-13 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-06 18:19 - 2015-10-13 16:15 - 00000000 ___RD C:\Users\KatoV\OneDrive 2015-11-05 17:41 - 2015-10-13 16:59 - 00000000 ____D C:\ProgramData\Oracle 2015-11-05 17:40 - 2015-10-13 16:59 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-04 13:55 - 2015-07-29 00:29 - 00000000 ____D C:\ProgramData\OEM 2015-11-03 10:20 - 2015-07-10 03:06 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-03 10:20 - 2015-07-10 03:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-02 20:41 - 2015-10-13 16:04 - 00000000 ____D C:\Users\KatoV\AppData\Local\Packages 2015-10-26 16:29 - 2015-10-13 16:15 - 00002338 _____ C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-10-26 15:26 - 2015-07-29 01:22 - 00000000 ___HD C:\OEM 2015-10-26 15:26 - 2015-07-29 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-10-26 15:23 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\appcompat 2015-10-26 15:21 - 2015-10-13 16:07 - 00000000 ____D C:\Users\KatoV\AppData\Local\clear.fi ==================== Files in the root of some directories ======= 2015-11-05 17:23 - 2015-11-05 17:23 - 0000017 _____ () C:\Users\KatoV\AppData\Local\resmon.resmoncfg 2015-08-07 21:36 - 2015-08-07 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\KatoV\AppData\Local\Temp\1492.exe C:\Users\KatoV\AppData\Local\Temp\2390.exe C:\Users\KatoV\AppData\Local\Temp\2743.exe C:\Users\KatoV\AppData\Local\Temp\7292.exe C:\Users\KatoV\AppData\Local\Temp\813.exe C:\Users\KatoV\AppData\Local\Temp\9437.exe C:\Users\KatoV\AppData\Local\Temp\970.exe C:\Users\KatoV\AppData\Local\Temp\geek_x64.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-29 00:25 ==================== End of FRST.txt ============================

Don't know whether I'm posting on the right board or not but whatever... just made a account. I'm new. Trying to remove adware HQCinema Pro. >I go to control panel >go to programs >see HQCinema Pro 2.1V04.11 >Right click and get option (uninstall/change) >some image pops up saying (uninstall and reimage) sounds sketchy don't click >on the bottom of the image it says the option "just uninstall" (I'm using Windows 10 and I have Mcafee protection whateva) >click "just uninstall" >wait a couple of seconds >Mcafee alert popups and says "Potentially unwanted Program. Mcafee has just prevented a unwanted program from running." >Three options are displayed along with the Mcafee popup >Either "Remove", "Allow", or "Close" >Try remove and close nothing happens >Program is still there wtf I don't know what to do. If I allow the option "Allow" on the Mcafee PUP popup will the virus or whatever the heck the thing spread on my PC. Please help. Thanks.