HQCinema Pro2.1V04.11

Kato117 · November 25, 2015

Don't know whether I'm posting on the right board or not but whatever... just made a account. I'm new.

Trying to remove adware HQCinema Pro.

>I go to control panel

>go to programs

>see HQCinema Pro 2.1V04.11

>Right click and get option (uninstall/change)

>some image pops up saying (uninstall and reimage) sounds sketchy don't click

>on the bottom of the image it says the option "just uninstall"

(I'm using Windows 10 and I have Mcafee protection whateva)

>click "just uninstall"

>wait a couple of seconds

>Mcafee alert popups and says "Potentially unwanted Program. Mcafee has just prevented a unwanted program from running."

>Three options are displayed along with the Mcafee popup

>Either "Remove", "Allow", or "Close"

>Try remove and close nothing happens

>Program is still there wtf

I don't know what to do. If I allow the option "Allow" on the Mcafee PUP popup will the virus or whatever the heck the thing spread on my PC. Please help.

Thanks.

kevinf80 · November 25, 2015

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.

'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
Make sure Addition.txt and Shortcut.txt are checkmarked under "Optional scans"
Press Scan button to run the tool....
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.

Let me see those logs...

Thank you,

Kevin.

Kato117 · November 25, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 01

Ran by KatoV (administrator) on DESKTOP-NERAFIH (25-11-2015 11:44:01)

Running from C:\Users\KatoV\Downloads

Loaded Profiles: KatoV (Available Profiles: KatoV)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe

(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

() C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(HQ-VideoV04.11) C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

() C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Acer Incorporate) C:\Program Files (x86)\Acer\Acer Audio Invert Utility\AudioInvertAgent.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Geek Uninstaller) D:\geek.exe

(Geek Uninstaller) C:\Users\KatoV\AppData\Local\Temp\geek_x64.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-06] (Realtek Semiconductor)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-09-16] ()

HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732448 2015-10-15] (Acer)

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Run: [DelayShred] => c:\Program Files\mcafee\mqs\ShrCL.exe [143520 2015-07-20] (McAfee, Inc.)

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-09-16] ()

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX64.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\KatoV\AppData\Local\MEGAsync\ShellExtX32.dll No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-14]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Tcpip\..\Interfaces\{0c985688-5703-4e0d-ae33-4be9e2c8344b}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> DefaultScope {6D5DF9C7-2270-49EA-8489-2E0F28EFA137} URL =

SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> {6D5DF9C7-2270-49EA-8489-2E0F28EFA137} URL =

SearchScopes: HKU\S-1-5-21-2840548730-265254786-3021258719-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-09] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-09] (McAfee, Inc.)

FireFox:

========

FF ProfilePath: C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-20] ()

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-09] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-20] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-09] ()

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-06] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-06] (Google Inc.)

FF SearchPlugin: C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\searchplugins\McSiteAdvisor.xml [2015-11-06]

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]

FF Extension: HQCinema Pro 2.1V04.11 - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-11-04] [not signed]

FF Extension: Amazon 1Button App for Firefox - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\abb@amazon.com.xpi [2015-10-13]

FF Extension: English (US) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF Extension: Thai Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-th@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF Extension: Türkçe (TR) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-tr@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF Extension: Ukrainian (UA) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-uk@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF Extension: Chinese Simplified (zh-CN) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-zh-CN@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF Extension: Traditional Chinese (zh-TW) Language Pack - C:\Users\KatoV\AppData\Roaming\Mozilla\Firefox\Profiles\21ki8776.default\Extensions\langpack-zh-TW@firefox.mozilla.org.xpi [2015-10-15] [not signed]

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-10-15] [not signed]

Chrome:

=======

CHR Profile: C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]

CHR Extension: (Google Docs) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-06]

CHR Extension: (Google Drive) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]

CHR Extension: (YouTube) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]

CHR Extension: (Google Search) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]

CHR Extension: (Google Docs Offline) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06]

CHR Extension: (Gmail) - C:\Users\KatoV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-20]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-09-17] (Amazon Inc.)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-09-09] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)

R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [75056 2015-06-24] (Dashlane SAS)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)

R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-06-25] (Intel Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-18] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [368552 2015-10-13] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)

R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [330240 2015-02-26] () [File not signed]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-11-09] (McAfee, Inc.)

S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()

R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-26] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)

R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-06-25] (Intel Corporation)

R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-06-25] (Intel Corporation)

R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-06-25] (Intel Corporation)

R3 ETDI2C; C:\Windows\system32\DRIVERS\ETDI2C.sys [175152 2015-06-08] (ELAN Microelectronic Corp.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41984 2015-06-03] (Intel® Corporation)

R3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [89592 2015-06-03] (Intel® Corporation)

S3 iauarte; C:\Windows\System32\drivers\iauarte.sys [112640 2015-06-03] (Intel® Corporation)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [167152 2015-06-18] (Intel Corporation)

R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [5759240 2015-10-13] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21344 2015-07-09] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-25] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)

S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-21] (Intel Corporation)

R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [9391896 2015-06-21] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14688 2015-07-09] (Acer Incorporated)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-17] (Realtek )

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31280 2015-04-13] (Intel Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 11:44 - 2015-11-25 11:45 - 00027757 _____ C:\Users\KatoV\Downloads\FRST.txt

2015-11-25 11:43 - 2015-11-25 11:44 - 00000000 ____D C:\FRST

2015-11-25 11:40 - 2015-11-25 11:42 - 02348544 _____ (Farbar) C:\Users\KatoV\Downloads\FRST64.exe

2015-11-25 11:33 - 2015-11-25 11:33 - 00016148 _____ C:\Windows\system32\DESKTOP-NERAFIH_KatoV_HistoryPrediction.bin

2015-11-25 11:14 - 2015-11-25 11:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-11-25 11:13 - 2015-11-25 11:13 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-11-25 11:13 - 2015-11-25 11:13 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-11-25 11:13 - 2015-11-25 11:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-11-25 11:13 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-11-25 11:13 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-11-25 11:13 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2015-11-25 11:12 - 2015-11-25 11:12 - 22908888 _____ (Malwarebytes ) C:\Users\KatoV\Downloads\mbam-setup-2.2.0.1024.exe

2015-11-25 11:05 - 2015-11-25 11:05 - 00000000 ____D C:\Users\KatoV\AppData\Roaming\Geek Uninstaller

2015-11-25 11:03 - 2015-11-25 11:03 - 02582494 _____ C:\Users\KatoV\Downloads\geek.zip

2015-11-25 10:40 - 2015-11-25 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-11-17 16:58 - 2015-11-17 16:58 - 04099548 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Alg 1.pdf

2015-11-17 16:57 - 2015-11-17 16:57 - 06088887 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Eng2.pdf

2015-11-17 16:57 - 2015-11-17 16:57 - 06088887 _____ C:\Users\KatoV\Downloads\STAAR-EOC-2015Test-Eng2 (1).pdf

2015-11-17 16:56 - 2015-11-17 16:56 - 03732953 _____ C:\Users\KatoV\Downloads\staar-EOC-E2-Write-Persuasive-ScorGde-Apr13.pdf

2015-11-17 16:56 - 2015-11-17 16:56 - 03732953 _____ C:\Users\KatoV\Downloads\staar-EOC-E2-Write-Persuasive-ScorGde-Apr13 (1).pdf

2015-11-15 11:50 - 2015-11-15 11:50 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods (2).zip

2015-11-15 11:48 - 2015-11-15 11:48 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods (1).zip

2015-11-14 17:47 - 2015-11-14 17:47 - 00001983 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2015-11-14 17:47 - 2015-11-14 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2015-11-14 17:47 - 2015-11-14 17:47 - 00000000 ____D C:\Program Files\McAfee Security Scan

2015-11-13 21:57 - 2015-11-13 21:57 - 00000677 _____ C:\Users\KatoV\Documents\22.htm

2015-11-13 17:38 - 2015-11-13 17:38 - 00000607 _____ C:\Users\KatoV\Documents\Cont... codecademy.htm

2015-11-12 20:31 - 2015-11-12 20:40 - 00000675 _____ C:\Users\KatoV\Desktop\New Text Document.txt

2015-11-12 19:20 - 2015-11-12 19:20 - 00000360 _____ C:\Users\KatoV\Documents\Practice along with codecademy.htm

2015-11-12 16:48 - 2015-11-12 16:48 - 04091904 _____ (Damian Borecki) C:\Users\KatoV\Desktop\CSS HTML Notepad.exe

2015-11-10 16:51 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-11-10 16:51 - 2015-11-04 20:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-11-10 16:50 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-11-10 16:50 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

2015-11-10 16:50 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2015-11-10 16:50 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll

2015-11-10 16:50 - 2015-11-04 21:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-11-10 16:50 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll

2015-11-10 16:50 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe

2015-11-10 16:50 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-11-10 16:50 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-11-10 16:50 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-11-10 16:50 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll

2015-11-10 16:50 - 2015-11-04 20:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-11-10 16:50 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll

2015-11-10 16:50 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll

2015-11-10 16:50 - 2015-11-04 20:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll

2015-11-10 16:50 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll

2015-11-10 16:50 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe

2015-11-10 16:50 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2015-11-10 16:50 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll

2015-11-10 16:50 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll

2015-11-10 16:50 - 2015-11-04 20:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-11-10 16:50 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll

2015-11-10 16:50 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-11-10 16:50 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll

2015-11-10 16:50 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-11-10 16:50 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-11-10 16:50 - 2015-11-04 20:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll

2015-11-10 16:50 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll

2015-11-10 16:50 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-11-10 16:50 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll

2015-11-10 16:50 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2015-11-10 16:50 - 2015-11-04 19:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys

2015-11-10 16:50 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll

2015-11-10 16:50 - 2015-11-04 19:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys

2015-11-10 16:50 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll

2015-11-10 16:50 - 2015-11-04 19:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll

2015-11-10 16:50 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll

2015-11-10 16:50 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll

2015-11-10 16:50 - 2015-11-04 19:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-11-10 16:50 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll

2015-11-10 16:50 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2015-11-10 16:50 - 2015-11-04 19:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll

2015-11-10 16:50 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll

2015-11-10 16:50 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll

2015-11-10 16:50 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-11-10 16:50 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-11-10 16:50 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-11-10 16:50 - 2015-11-04 19:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-11-10 16:50 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll

2015-11-10 16:50 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll

2015-11-10 16:50 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll

2015-11-08 09:46 - 2015-11-08 09:47 - 00059410 _____ C:\Users\KatoV\Downloads\Setup.xml

2015-11-07 20:36 - 2015-11-07 20:44 - 01971712 _____ (xpg dev) C:\Users\KatoV\Downloads\Darksoul2.exe

2015-11-07 20:17 - 2015-11-07 20:23 - 00000000 ____D C:\Users\KatoV\Downloads\Halo 3 Recovery Tool

2015-11-07 20:17 - 2015-11-07 20:17 - 01440091 _____ C:\Users\KatoV\Downloads\Halo 3 Recovery Tool.rar

2015-11-07 20:16 - 2015-11-07 20:16 - 09989712 _____ (MEGA Limited) C:\Users\KatoV\Downloads\MEGAsyncSetup.exe

2015-11-07 19:40 - 2015-11-07 19:43 - 00000000 ____D C:\Users\KatoV\Downloads\L4D2 Mods

2015-11-07 19:38 - 2015-11-07 19:38 - 00026122 _____ C:\Users\KatoV\Downloads\L4D2 Mods .zip

2015-11-07 19:35 - 2015-11-07 19:35 - 00069632 _____ C:\Users\KatoV\Downloads\UserSettings (1)

2015-11-07 19:31 - 2015-11-07 19:57 - 00081920 _____ C:\Users\KatoV\Downloads\UserSettings

2015-11-07 12:48 - 2015-11-07 12:48 - 00000000 ____D C:\Users\KatoV\Downloads\Fallout NV Modding Tool

2015-11-07 12:47 - 2015-11-07 12:47 - 06141752 _____ C:\Users\KatoV\Downloads\Fallout NV Modding Tool.zip

2015-11-07 09:18 - 2015-11-07 09:18 - 00001054 _____ C:\Users\Public\Desktop\Modio 5.lnk

2015-11-06 21:16 - 2015-11-06 21:16 - 00000000 ____D C:\$SysReset

2015-11-06 21:05 - 2015-11-06 21:05 - 00000000 _____ C:\autoexec.bat

2015-11-06 19:17 - 2015-11-06 19:17 - 00001356 _____ C:\Users\Public\Desktop\Horizon.lnk

2015-11-06 19:00 - 2015-11-10 20:09 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-06 19:00 - 2015-11-06 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-11-06 18:59 - 2015-11-25 11:04 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-06 18:59 - 2015-11-25 10:39 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-06 18:59 - 2015-11-06 19:00 - 00000000 ____D C:\Users\KatoV\AppData\Local\Google

2015-11-06 18:59 - 2015-11-06 18:59 - 00929872 _____ (Google Inc.) C:\Users\KatoV\Downloads\ChromeSetup.exe

2015-11-06 18:59 - 2015-11-06 18:59 - 00003986 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-11-06 18:59 - 2015-11-06 18:59 - 00003754 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-11-06 18:59 - 2015-11-06 18:59 - 00000000 ____D C:\Program Files (x86)\Google

2015-11-05 17:23 - 2015-11-05 17:23 - 00000017 _____ C:\Users\KatoV\AppData\Local\resmon.resmoncfg

2015-11-05 15:59 - 2015-11-06 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-11-05 14:15 - 2015-11-05 14:15 - 00000000 ___HD C:\OneDriveTemp

2015-11-04 18:46 - 2015-11-05 14:24 - 00003546 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup

2015-11-04 18:46 - 2015-11-04 18:46 - 00003322 _____ C:\Windows\System32\Tasks\ProPCCleaner_Start

2015-11-04 18:45 - 2015-11-25 10:38 - 00004528 _____ C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4.job

2015-11-04 18:45 - 2015-11-04 18:45 - 00007644 _____ C:\Windows\System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4

2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Users\KatoV\AppData\Local\Pro_PC_Cleaner

2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Users\KatoV\AppData\Local\globalUpdate

2015-11-04 18:45 - 2015-11-04 18:45 - 00000000 ____D C:\Program Files (x86)\globalUpdate

2015-11-04 18:44 - 2015-11-25 11:44 - 00002146 _____ C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user.job

2015-11-04 18:44 - 2015-11-25 11:07 - 00000000 ____D C:\Program Files (x86)\HQCinema Pro 2.1V04.11

2015-11-04 18:44 - 2015-11-25 10:38 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-11-04 18:44 - 2015-11-04 18:44 - 00005332 _____ C:\Windows\System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user

2015-11-03 19:31 - 2015-11-03 19:31 - 00000952 _____ C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public.lnk

2015-11-02 02:28 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini

2015-10-31 22:50 - 2015-10-31 22:50 - 00181072 _____ C:\Users\KatoV\msvcr71.zip

2015-10-28 18:31 - 2015-10-28 18:31 - 00000000 ____D C:\Users\KatoV\Downloads\Dark Souls Save Editor

2015-10-26 17:10 - 2015-10-26 17:10 - 00000000 ____D C:\Users\KatoV\AppData\Local\Daring_Development_Inc

2015-10-26 17:09 - 2015-11-06 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon

2015-10-26 17:09 - 2015-10-26 17:09 - 00000000 ____D C:\Program Files (x86)\Daring Development

2015-10-26 17:08 - 2015-10-26 17:09 - 13215160 _____ (Daring Development Inc. ) C:\Users\KatoV\Downloads\Horizon.Setup.v2.8.8.exe

2015-10-26 15:18 - 2015-10-26 15:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 11:43 - 2015-07-10 01:05 - 00000000 ____D C:\Windows

2015-11-25 11:01 - 2015-07-29 00:29 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI

2015-11-25 11:01 - 2015-07-10 03:02 - 00000000 ____D C:\Windows\INF

2015-11-25 11:00 - 2015-10-14 15:16 - 00000000 ____D C:\Users\KatoV\AppData\Local\CrashDumps

2015-11-25 10:41 - 2015-10-13 17:00 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{54B9B1A5-7D42-4D3E-9648-E2332EE34C93}

2015-11-25 10:38 - 2015-10-13 16:04 - 00000000 __SHD C:\Users\KatoV\IntelGraphicsProfiles

2015-11-25 10:38 - 2015-10-13 15:57 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-11-23 18:17 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps

2015-11-23 18:17 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\AppReadiness

2015-11-21 23:29 - 2015-07-29 00:30 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-11-21 23:28 - 2015-07-10 04:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-20 19:21 - 2015-10-14 12:15 - 00003138 _____ C:\Windows\System32\Tasks\McAfeeLogon

2015-11-20 16:47 - 2015-10-13 16:00 - 00000000 ____D C:\Users\KatoV

2015-11-20 16:47 - 2015-07-10 01:05 - 00032768 ___SH C:\Windows\system32\config\ELAM

2015-11-17 16:05 - 2015-10-19 21:39 - 00031803 _____ C:\Users\KatoV\Desktop\Kato's AP World History Notes..txt

2015-11-17 15:56 - 2015-07-10 03:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2015-11-17 15:53 - 2015-08-07 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2015-11-12 18:33 - 2015-07-10 01:05 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-11-12 18:31 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\system32\appraiser

2015-11-12 17:58 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\rescache

2015-11-11 18:20 - 2015-10-13 18:38 - 00000000 ____D C:\Windows\system32\MRT

2015-11-11 18:10 - 2015-10-13 18:38 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-11-10 16:53 - 2015-07-10 02:55 - 00000000 ____D C:\Windows\CbsTemp

2015-11-10 15:04 - 2015-07-29 00:30 - 00000000 ____D C:\ProgramData\McAfee

2015-11-07 09:18 - 2015-10-13 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5

2015-11-07 09:18 - 2015-10-13 16:23 - 00000000 ____D C:\Program Files (x86)\Modio 5

2015-11-06 21:08 - 2015-07-29 00:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-11-06 19:11 - 2015-10-13 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-11-06 18:19 - 2015-10-13 16:15 - 00000000 ___RD C:\Users\KatoV\OneDrive

2015-11-05 17:41 - 2015-10-13 16:59 - 00000000 ____D C:\ProgramData\Oracle

2015-11-05 17:40 - 2015-10-13 16:59 - 00000000 ____D C:\Program Files (x86)\Java

2015-11-04 13:55 - 2015-07-29 00:29 - 00000000 ____D C:\ProgramData\OEM

2015-11-03 10:20 - 2015-07-10 03:06 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-11-03 10:20 - 2015-07-10 03:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-02 20:41 - 2015-10-13 16:04 - 00000000 ____D C:\Users\KatoV\AppData\Local\Packages

2015-10-26 16:29 - 2015-10-13 16:15 - 00002338 _____ C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-10-26 15:26 - 2015-07-29 01:22 - 00000000 ___HD C:\OEM

2015-10-26 15:26 - 2015-07-29 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-10-26 15:23 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\appcompat

2015-10-26 15:21 - 2015-10-13 16:07 - 00000000 ____D C:\Users\KatoV\AppData\Local\clear.fi

==================== Files in the root of some directories =======

2015-11-05 17:23 - 2015-11-05 17:23 - 0000017 _____ () C:\Users\KatoV\AppData\Local\resmon.resmoncfg

2015-08-07 21:36 - 2015-08-07 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\KatoV\AppData\Local\Temp\1492.exe

C:\Users\KatoV\AppData\Local\Temp\2390.exe

C:\Users\KatoV\AppData\Local\Temp\2743.exe

C:\Users\KatoV\AppData\Local\Temp\7292.exe

C:\Users\KatoV\AppData\Local\Temp\813.exe

C:\Users\KatoV\AppData\Local\Temp\9437.exe

C:\Users\KatoV\AppData\Local\Temp\970.exe

C:\Users\KatoV\AppData\Local\Temp\geek_x64.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-29 00:25

==================== End of FRST.txt ============================

Kato117 · November 25, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 01

Ran by KatoV (2015-11-25 11:46:05)

Running from C:\Users\KatoV\Downloads

Windows 10 Home (X64) (2015-10-13 23:57:22)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2840548730-265254786-3021258719-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2840548730-265254786-3021258719-503 - Limited - Disabled)

Guest (S-1-5-21-2840548730-265254786-3021258719-501 - Limited - Disabled)

KatoV (S-1-5-21-2840548730-265254786-3021258719-1001 - Administrator - Enabled) => C:\Users\KatoV

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.05.2001.1 - Acer Incorporated)

Acer Audio Invert Utility (HKLM-x32\...\{11086334-4198-44C7-8C67-7B49E4AC925A}) (Version: 1.00.3002 - Acer Incorporated)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.08.2006 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)

Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)

Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Amazon 1Button App (HKLM-x32\...\{EBCCD2B7-FCA9-4714-97A4-CBC48E544BB2}) (Version: 2.3.2 - Amazon)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.11.2000.2 - Acer Incorporated)

Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.0.13.0 - Dashlane SAS)

DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)

ELAN HIDI2C Filter Driver X64 13.6.3.1_WHQL (HKLM\...\Elantech) (Version: 13.6.3.1 - ELAN Microelectronic Corp.)

Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Horizon v2.8.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.9.0 - Daring Development Inc.)

HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)

Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)

Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{d9e230c1-06bb-4b78-a9f1-c1ddce14e6fc}) (Version: 18.11.0 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4132 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Modio 5 (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version: - GameTuts)

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2840548730-265254786-3021258719-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\KatoV\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 03:04 - 2015-11-14 17:47 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08BA19B7-CADF-46E1-8CE0-8048812636A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)

Task: {1EA3ADBC-D673-4438-B72E-C9987537556C} - System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4 => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-4.exe <==== ATTENTION

Task: {28DD7DA3-0576-4A32-9D31-ED86F928BF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)

Task: {3118D926-5E0F-4C58-98AF-E5F1D0213E3C} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-09-10] (Acer Incorporated)

Task: {326E71EE-EB7A-4497-AA97-AB03BE871D29} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()

Task: {36A24B65-FC81-4036-B777-A4E6B6D6DFD3} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION

Task: {39F0A9DE-D80E-4F52-919C-14CC7B96C1FF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

Task: {46CCC8F1-1708-490D-B26B-B61D3F22B377} - System32\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe [2015-11-04] (HQ-VideoV04.11) <==== ATTENTION

Task: {52240AF9-8255-4640-A86D-3ED8ED5D3BE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)

Task: {5D8B0CA3-0555-428A-BBA1-6762E6734946} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION

Task: {61A2E6C4-CC43-4285-8F98-26284256AC85} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)

Task: {69BEEB87-E8DB-448A-969C-3A480AD08DF6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)

Task: {7A259486-21A6-4AB7-8A4A-8C1165C74DC5} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-07-10] ()

Task: {8BD6CF75-657E-4F43-890F-370D8B73B5B4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-09] (Acer Incorporated)

Task: {A71D9D25-CFFE-43B6-B021-EE3662AFCE1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)

Task: {B81ED7B6-2F43-4821-9A8F-25DCA0AC7A5A} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-10-15] (Acer)

Task: {BD92AA7F-C7E0-400E-8A3B-CA9AC52AB5E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)

Task: {C440D2D8-008A-41CC-8A0D-C19013A53901} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)

Task: {D0F503BF-FDC0-41DD-859F-2D5646CEC07E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)

Task: {D3F24854-B301-48A2-9F12-71BAA8D979FB} - System32\Tasks\Audio Invert Utility => C:\Program Files (x86)\Acer\Acer Audio Invert Utility\Launcher.exe [2014-12-29] (Acer Incorporated)

Task: {DCE78AC9-8196-4614-848D-DA2F54B10342} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-06] (Google Inc.)

Task: {DD422CC7-0DEE-4FD2-BFD2-C9DED53D2BB2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)

Task: {F62C03DF-F6BA-4322-9BB1-0FA98505ED48} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-13] ()

Task: {F7C002C2-9083-4FF4-879D-8A5F51225BC1} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)

Task: {FDB2A21A-49B4-49D1-AD54-F09CDF339A94} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-07-10] ()

Task: {FEB1D4E3-6ED2-4770-B705-725E1CF55D27} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-10.exe <==== ATTENTION

Task: C:\Windows\Tasks\ead1a692-1baa-44f6-bd8c-390cb282e137-4.job => C:\Program Files (x86)\HQCinema Pro 2.1V04.11\ead1a692-1baa-44f6-bd8c-390cb282e137-4.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 03:00 - 2015-07-10 03:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll

2015-08-07 22:08 - 2015-08-07 22:08 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll

2015-07-10 03:00 - 2015-07-10 03:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll

2015-10-13 18:19 - 2015-08-11 01:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll

2015-10-14 16:01 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

2015-02-26 09:12 - 2015-02-26 09:12 - 00330240 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

2015-10-13 18:20 - 2015-09-16 22:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll

2015-10-13 16:02 - 2015-10-13 16:02 - 00415128 _____ () C:\Windows\system32\igfxTray.exe

2015-10-13 18:20 - 2015-09-16 22:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll

2015-11-17 15:52 - 2015-11-01 02:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2015-10-13 18:18 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-10 02:59 - 2015-07-10 02:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll

2015-10-13 18:20 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-10-13 18:18 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-10-13 18:20 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-10-13 18:20 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-07-10 03:00 - 2015-07-10 05:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll

2015-09-16 13:58 - 2015-09-16 13:58 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2015-09-16 13:58 - 2015-09-16 13:58 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2015-07-10 02:38 - 2015-07-10 02:38 - 04580704 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe

2015-07-29 00:33 - 2015-05-08 09:41 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2015-11-10 20:08 - 2015-11-06 20:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll

2015-11-10 20:08 - 2015-11-06 20:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

2015-10-15 10:56 - 2015-10-15 10:56 - 00201568 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll

2015-10-15 10:56 - 2015-10-15 10:56 - 00118112 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

2015-09-16 13:58 - 2015-09-16 13:58 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2015-09-14 16:46 - 2015-09-14 16:46 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2015-09-14 16:46 - 2015-09-14 16:46 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2015-09-14 16:46 - 2015-09-14 16:46 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2015-09-14 16:46 - 2015-09-14 16:46 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2015-10-26 15:26 - 2015-10-26 15:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2015-09-10 13:51 - 2015-09-10 13:51 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2015-09-10 13:43 - 2015-09-10 13:43 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com

IE trusted site: HKU\S-1-5-21-2840548730-265254786-3021258719-1001\...\amazon.com -> amazon.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2840548730-265254786-3021258719-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KatoV\Downloads\index.jpg

DNS Servers: 75.75.76.76 - 75.75.75.75

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{7991A1E7-3D82-415D-B358-A734A0BB6AFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B03A0885-60BA-44C4-B05F-80C74DA19CDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{D6275480-01CB-4529-BC85-E1D9093991E8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{4C259501-AF4A-4A01-B0B8-1BB4D2818635}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

FirewallRules: [{79907BCC-9B23-4606-90BE-99EAEC1E0206}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

FirewallRules: [{813CD130-7B92-4D61-9F15-59704324354F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{F999D13C-8B3B-4A90-8990-274203ABB4C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe

FirewallRules: [{E59A3561-236E-45FF-997C-8BAEFF129687}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{09940EC2-6801-4771-8BFC-19CADE528971}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe

FirewallRules: [{79F5D575-B878-4DF2-BB02-2C9A8E1DB3B1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{3512946D-D6F0-4CA3-828E-607594551974}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{AD2BACD7-7EE5-4D95-80D6-D4FB27B32365}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{FFA98EA1-184F-4055-8099-05111EA8234D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/25/2015 11:00:29 AM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (11/25/2015 10:43:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: FMAPP.exe, version: 1.64.0.5, time stamp: 0x54d47bbe

Faulting module name: FMAPP.exe, version: 1.64.0.5, time stamp: 0x54d47bbe

Exception code: 0xc0000005

Fault offset: 0x0000000000002f6d

Faulting process id: 0x1b9c

Faulting application start time: 0xFMAPP.exe0

Faulting application path: FMAPP.exe1

Faulting module path: FMAPP.exe2

Report Id: FMAPP.exe3

Faulting package full name: FMAPP.exe4

Faulting package-relative application ID: FMAPP.exe5

Error: (11/25/2015 10:38:28 AM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (11/24/2015 11:58:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NERAFIH)

Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/24/2015 11:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-NERAFIH)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/24/2015 11:22:49 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (11/24/2015 08:36:22 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (11/24/2015 07:51:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418220

Error: (11/24/2015 07:41:06 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

Error: (11/24/2015 04:38:59 PM) (Source: DPTF) (EventID: 256) (User: )

Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

DPTF Build Date: Jun 26 2015 11:46:12

Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737

Executing Function: DptfEvent

Message: Received unexpected event

Framework Event: DptfResume [3]

System errors:

=============

Error: (11/24/2015 11:58:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH)

Description: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca

Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/24/2015 11:58:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/24/2015 11:58:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH)

Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH)

Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable

Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH)

Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaUnavailableUnavailable

Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-NERAFIH)

Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (11/21/2015 11:31:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NERAFIH)

Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3050 @ 1.60GHz

Percentage of memory in use: 84%

Total physical RAM: 1871.27 MB

Available physical RAM: 290.71 MB

Total Virtual: 3343.27 MB

Available Virtual: 906.28 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:28.52 GB) (Free:7.23 GB) NTFS

Drive d: (TOSHIBA) (Removable) (Total:28.86 GB) (Free:28.85 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 29.1 GB) (Disk ID: 1182453F)

Partition: GPT.

========================================================

Disk: 1 (Size: 28.9 GB) (Disk ID: 6F586537)

Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0B)

==================== End of Addition.txt ============================

Kato117 · November 25, 2015

Users shortcut scan result (x64) Version:25-11-2015 01

Ran by KatoV (2015-11-25 11:48:24)

Running from C:\Users\KatoV\Downloads

Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\KatoV\Documents ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\KatoV\Downloads ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\KatoV\Music ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\KatoV\Pictures ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\KatoV\Videos ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\KatoV ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5\Modio 5.lnk -> C:\Program Files (x86)\Modio 5\Modio.exe (GameTuts)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF\Foxit PhantomPDF.lnk -> C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe (Foxit Software Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Care Center.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Power Management.lnk -> C:\Program Files\Acer\Acer Power Management\ePowerUI.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User Experience Improvement Program.lnk -> C:\Program Files\Acer\User Experience Improvement Program\Framework\Setting.exe (acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User's Manual.lnk -> C:\OEM\Preload\Autorun\GUI\Acer User's Manual\00\OnePager.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\Links\Desktop.lnk -> C:\Users\KatoV\Desktop ()

Shortcut: C:\Users\KatoV\Links\Downloads.lnk -> C:\Users\KatoV\Downloads ()

Shortcut: C:\Users\KatoV\Desktop\Dashlane Password Manager.lnk -> C:\Program Files (x86)\Dashlane\Upgrade\DashlaneDownloader.exe (Dashlane SAS)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\KatoV\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Public.lnk -> C:\Users\Public ()

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane\Dashlane Password Manager.lnk -> C:\Program Files (x86)\Dashlane\Upgrade\DashlaneDownloader.exe (Dashlane SAS)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated)

Shortcut: C:\Users\KatoV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Horizon.lnk -> C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe (Daring Development Inc.)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\Users\Public\Desktop\Modio 5.lnk -> C:\Program Files (x86)\Modio 5\Modio.exe (GameTuts)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.11.226\McAfee.ico

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab about

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab update

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) -> /p 1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abFiles.lnk -> C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe (acer) ->

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Recovery Management.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe () -> eRecovery

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\KatoV\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) -> /p 2

ShortcutWithArgument: C:\Users\KatoV\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\KatoV\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/

InternetURL: C:\Users\Default\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334

InternetURL: C:\Users\Default\Favorites\Acer\Acer.url -> hxxp://www.acer.com/

InternetURL: C:\Users\KatoV\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\KatoV\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334

InternetURL: C:\Users\KatoV\Favorites\Phone\CNN.url -> hxxp://www.cnn.com

InternetURL: C:\Users\KatoV\Favorites\Phone\Cricket Help and Support.url -> hxxps://www.cricketwireless.com/support

InternetURL: C:\Users\KatoV\Favorites\Phone\Endless list of big words Definitions flashcards - Quizlet.url -> hxxps://quizlet.com/11587263/endless-list-of-big-words-definitions-flash-cards/

InternetURL: C:\Users\KatoV\Favorites\Phone\ESPN.url -> hxxp://www.espn.com

InternetURL: C:\Users\KatoV\Favorites\Phone\Google.url -> hxxp://www.google.com/

InternetURL: C:\Users\KatoV\Favorites\Phone\Grammar and spellchecker – English – Reverso.url -> hxxp://www.reverso.net/spell-checker/english-spelling-grammar/

InternetURL: C:\Users\KatoV\Favorites\Phone\How to Easily Repair Cast Net Holes.url -> hxxp://reidrichardson.hubpages.com/hub/How-to-Easily-Repair-Cast-Net-Holes

InternetURL: C:\Users\KatoV\Favorites\Phone\MSN.url -> hxxp://www.msn.com

InternetURL: C:\Users\KatoV\Favorites\Phone\Nokia Support.url -> hxxp://link.nokia.com/entry/van/nsupport/530

InternetURL: C:\Users\KatoV\Favorites\Phone\Nokia.com.url -> hxxp://nokia.mobi/entry/van/main/530

InternetURL: C:\Users\KatoV\Favorites\Phone\Wikipedia.url -> hxxp://www.wikipedia.com

InternetURL: C:\Users\KatoV\Favorites\Phone\Windows Phone Tips.url -> hxxp://go.microsoft.com/fwlink/?LinkId=247436

InternetURL: C:\Users\KatoV\Favorites\Links\Acer Store.url -> hxxp://go.acer.com/?id=16752&model=Aspire R3-131T

InternetURL: C:\Users\KatoV\Favorites\Acer\Acer.url -> hxxp://www.acer.com/

InternetURL: C:\Users\KatoV\Favorites\Acer\eBay.url -> hxxps://rover.ebay.com/rover/1/711-66992-24801-6/4

==================== End of Shortcut.txt =============================

Kato117 · November 25, 2015

Ok logs are posted.

kevinf80 · November 25, 2015

Was GeekUninstaller successful?

Where is log from Malwarebytes.......?

Kato117 · November 25, 2015

Yes GeekUninstaller was successful. The logs for Malwarebytes? Umm... they should be there... I followed all instructions. Perhaps I did something wrong?

kevinf80 · November 25, 2015

Malwarebytes instructions were listed after GeekUninstaller..... Only one log would be produced.... FRST was next, you`ve posted those log. I would like to see MB log...

Kato117 · November 25, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Error, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, IsLicensed, 13,

Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopping,

Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopped,

Error, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, IsLicensed, 13,

Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopping,

Protection, 11/25/2015 11:13 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Stopped,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Starting,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malware Protection, Started,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Starting,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Started,

Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, IP Database, 2015.9.21.2, 2015.11.25.1,

Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Domain Database, 2015.9.22.3, 2015.11.25.4,

Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Rootkit Database, 2015.9.18.1, 2015.11.23.1,

Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Remediation Database, 2015.9.16.1, 2015.11.22.2,

Update, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Manual, Malware Database, 2015.9.22.5, 2015.11.25.4,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Refresh, Starting,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Stopping,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Stopped,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Refresh, Success,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Starting,

Protection, 11/25/2015 11:14 AM, SYSTEM, DESKTOP-NERAFIH, Protection, Malicious Website Protection, Started,

(end)

Kato117 · November 25, 2015

Ok, MB logs are posted.

kevinf80 · November 25, 2015

Nope, you`ve posted a protection log, not the requested "Scan" log.....

Kato117 · November 25, 2015

All I see.

kevinf80 · November 25, 2015

Well that would suggest no scan was run, the instructions were listed in order for a reason.

Install and run GeekUninstaller to remove the problem program..

Run a scan with Malwarebytes to make sure there is no malware/infection left over..

Run FRST for an overview of the system.....

Kato117 · November 25, 2015

I followed all instructions in order as you requested. I ran a scan and that was the results. Nothing more, nothing less. I'll try again.

Kato117 · November 25, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/25/2015

Scan Time: 1:08 PM

Logfile: MalwarebytesScanlog.txt

Administrator: Yes

Version: 0.0.0.0000

Malware Database: v2015.11.25.05

Rootkit Database: v2015.11.23.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: KatoV

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 336360

Time Elapsed: 15 min, 39 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

kevinf80 · November 25, 2015

If you ran a scan as requested with the settings as given Malwarebytes would produce a scan log, even if nothing was found...

Kato117 · November 25, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/25/2015

Scan Time: 1:08 PM

Logfile:

Administrator: Yes

Version: 0.0.0.0000

Malware Database: v2015.11.25.05Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/25/2015

Scan Time: 1:08 PM

Logfile:

Administrator: Yes

Version: 0.0.0.0000

Malware Database: v2015.11.25.05

Rootkit Database: v2015.11.23.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: KatoV

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 336360

Time Elapsed: 15 min, 39 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Rootkit Database: v2015.11.23.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: KatoV

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 336360

Time Elapsed: 15 min, 39 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

kevinf80 · November 25, 2015

Thanks for those logs, continue as follows please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on the Scan in the Actions box
Please wait fot the scan to finish..
When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
Click on the Cleaning box.
Next click OK on the "Closing Programs" pop up box.
Click OK on the Information box & again OK to allow the necessary reboot
After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Fixlist.txt

Kato117 · November 25, 2015

Sorry, but I'm not downloading all that crap. Seems pointless to me. I'll take my chances without all the extra downloading. When I downloaded Geek-Uninstall and forced uninstall the PUP "HQCinema Pro" the ads stopped popping up on my web browsers, so I think it's safe to say that the issue has been resolved. If any later issues popup I'll come back.

kevinf80 · November 25, 2015

I`d advise that you run the FRST fix at the very least, the rest of the instructions or "all that crap" as you quote can be missed out, that is your choice..... I`ll list this thread to be closed out if that is what you want......

Thank you,

Kevin....

AdvancedSetup · November 26, 2015

Since you do not wish to follow directions then we're unable to assist you with this any further. I will go ahead and close out your topic

Thank you

HQCinema Pro2.1V04.11

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information