Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018 Ran by My (administrator) on MYPC (04-01-2018 11:12:08) Running from C:\Users\My\Downloads Loaded Profiles: My (Available Profiles: My) Platform: Windows 8.1 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-23] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-01] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{763D72E4-524A-492A-ACAB-AE3FB692B768}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDFJS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDFJS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDFJS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDFJS HKU\S-1-5-21-367066759-3051834474-3753291197-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDFJS HKU\S-1-5-21-367066759-3051834474-3753291197-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDFJS SearchScopes: HKLM -> {3E23EF47-12A1-43B3-A81F-71DA43311CB3} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {3E23EF47-12A1-43B3-A81F-71DA43311CB3} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-367066759-3051834474-3753291197-1002 -> {3E23EF47-12A1-43B3-A81F-71DA43311CB3} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-09-23] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-09-23] (McAfee, Inc.) FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-01-04] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default [2018-01-04] CHR Extension: (Prezentacje) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-03] CHR Extension: (Dokumenty) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-03] CHR Extension: (Dysk Google) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-03] CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-03] CHR Extension: (Adblock Plus) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-03] CHR Extension: (Arkusze) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-03] CHR Extension: (Dokumenty Google offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-03] CHR Extension: (Video DownloadHelper) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-01-03] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-03] CHR Extension: (Gmail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-03] CHR Extension: (Chrome Media Router) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-03] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.) R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.) R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-17] (Realtek Semiconductor) S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed] S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-08-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-25] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-19] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-04 11:12 - 2018-01-04 11:13 - 000017871 _____ C:\Users\My\Downloads\FRST.txt 2018-01-04 11:10 - 2018-01-04 11:12 - 000000000 ____D C:\FRST 2018-01-04 11:10 - 2018-01-04 11:10 - 002393088 _____ (Farbar) C:\Users\My\Downloads\FRST64.exe 2018-01-04 03:48 - 2018-01-04 03:48 - 000001999 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk 2018-01-04 03:48 - 2018-01-04 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-01-04 03:42 - 2018-01-04 03:42 - 000003068 _____ C:\Windows\System32\Tasks\McAfeeLogon 2018-01-04 03:42 - 2018-01-04 03:42 - 000000000 ____D C:\Windows\System32\Tasks\McAfee 2018-01-04 03:41 - 2018-01-04 03:41 - 000000000 ____D C:\ProgramData\Intel Security 2018-01-04 03:40 - 2018-01-04 03:40 - 000000000 ____D C:\Program Files\Common Files\Intel Security 2018-01-04 03:34 - 2018-01-04 03:34 - 000003308 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare) 2018-01-04 03:34 - 2018-01-04 03:34 - 000000000 ____D C:\Program Files\Common Files\AV 2018-01-04 03:27 - 2018-01-04 03:27 - 000000000 ____D C:\Users\My\AppData\Roaming\Macromedia 2018-01-03 23:27 - 2018-01-03 23:27 - 000000000 ____D C:\Users\My\AppData\Roaming\Airytec 2018-01-03 23:26 - 2018-01-03 23:26 - 000001532 _____ C:\Users\My\Desktop\swoff - Shortcut.lnk 2018-01-03 22:38 - 2018-01-03 22:38 - 000000000 _____ C:\Recovery.txt 2018-01-03 21:43 - 2018-01-04 03:22 - 000000000 ____D C:\Users\My\AppData\Roaming\vlc 2018-01-03 21:08 - 2018-01-03 21:08 - 000000964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk 2018-01-03 21:08 - 2018-01-03 21:08 - 000000000 ____D C:\Program Files\Airytec 2018-01-03 21:07 - 2018-01-03 21:07 - 000245921 _____ C:\Users\My\Downloads\swoff351.exe 2018-01-03 21:06 - 2018-01-03 21:06 - 001715681 _____ (Logomegi ) C:\Users\My\Downloads\Switch-Off-61905-AsystentPobierania_3825137695.exe 2018-01-03 20:59 - 2018-01-03 21:03 - 076506736 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E20 Paranoia.mp4 2018-01-03 20:58 - 2018-01-03 21:02 - 077425173 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E19 Terry Kitties.mp4 2018-01-03 20:56 - 2018-01-03 21:00 - 076838783 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E18 – Cheddar.mp4 2018-01-03 20:55 - 2018-01-03 20:58 - 076539057 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E17 – Adrian Pimento.mp4 2018-01-03 20:50 - 2018-01-03 20:54 - 078041015 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E16 – House Mouses.mp4 2018-01-03 20:49 - 2018-01-03 20:53 - 077818930 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E15 – The 9-8.mp4 2018-01-03 20:48 - 2018-01-03 20:52 - 076472298 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E14 – Karen Peralta.mp4 2018-01-03 20:47 - 2018-01-03 21:06 - 000134144 ___SH C:\Users\My\Downloads\Thumbs.db 2018-01-03 20:47 - 2018-01-03 20:50 - 076850241 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E13 – The Cruise.mp4 2018-01-03 20:42 - 2018-01-03 20:46 - 077627791 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E12 – 9 Days.mp4 2018-01-03 20:42 - 2018-01-03 20:45 - 075754240 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E11 – Hostage Situation.mp4 2018-01-03 20:41 - 2018-01-03 20:45 - 076407591 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E10 – Yippie Kayak.mp4 2018-01-03 20:40 - 2018-01-03 20:45 - 077351140 _____ C:\Users\My\Downloads\Brooklyn Nine-Nine S3 E9 – The Swedes.mp4 2018-01-03 20:24 - 2016-08-02 01:03 - 000216704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2018-01-03 15:41 - 2018-01-03 15:41 - 000001089 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-01-03 15:41 - 2018-01-03 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2018-01-03 15:40 - 2018-01-03 15:40 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-01-03 15:38 - 2018-01-03 15:39 - 030863288 _____ C:\Users\My\Downloads\vlc-2.2.8-win32.exe 2018-01-03 14:28 - 2018-01-03 14:28 - 000004010 _____ C:\Windows\System32\Tasks\HPGenoobeReminder 2018-01-03 14:21 - 2018-01-03 14:21 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-01-03 14:21 - 2018-01-03 14:21 - 000002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-01-03 14:19 - 2018-01-03 14:19 - 000003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-01-03 14:19 - 2018-01-03 14:19 - 000003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-01-03 14:18 - 2018-01-03 14:20 - 000000000 ____D C:\Program Files (x86)\Google 2018-01-03 14:17 - 2018-01-03 14:30 - 000000000 ____D C:\Users\My\AppData\Local\Google 2018-01-03 14:17 - 2018-01-03 14:17 - 000000000 ____D C:\Users\My\AppData\Local\Deployment 2018-01-03 14:17 - 2018-01-03 14:17 - 000000000 ____D C:\Users\My\AppData\Local\Apps\2.0 2018-01-03 14:16 - 2018-01-03 14:16 - 001436669 _____ C:\Users\My\Downloads\AvgInstallLog.cab 2018-01-03 14:08 - 2018-01-03 14:08 - 001142064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2018-01-03 14:07 - 2018-01-03 14:06 - 001001264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2018-01-03 14:05 - 2018-01-04 11:06 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-367066759-3051834474-3753291197-1002 2018-01-03 14:05 - 2018-01-03 14:16 - 000000000 ____D C:\ProgramData\Avg 2018-01-03 14:05 - 2018-01-03 14:14 - 000000000 ____D C:\Users\My\AppData\Local\AvgSetupLog 2018-01-03 14:05 - 2018-01-03 14:05 - 000000000 ____D C:\Users\My\AppData\Local\CEF 2018-01-03 14:05 - 2018-01-03 14:05 - 000000000 ____D C:\Users\My\AppData\Local\Avg 2018-01-03 14:04 - 2018-01-03 14:28 - 000000000 ____D C:\Users\My\AppData\Roaming\Hewlett-Packard 2018-01-03 14:04 - 2018-01-03 14:04 - 003646960 _____ (AVG Technologies CZ, s.r.o.) C:\Users\My\Downloads\Antivirus_Free_2075.exe 2018-01-03 14:04 - 2018-01-03 14:04 - 000000000 ____D C:\Users\My\AppData\Roaming\hpqlog 2018-01-03 14:03 - 2018-01-04 03:54 - 000003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{15C57A5A-E7E0-44DB-AB48-67F97E917D6D} 2018-01-03 14:03 - 2018-01-03 14:03 - 000000000 ____D C:\Users\My\AppData\Local\Hewlett-Packard 2018-01-03 14:02 - 2018-01-04 10:58 - 000000000 ___RD C:\Users\My\SkyDrive 2018-01-03 14:01 - 2018-01-04 10:59 - 000000000 ____D C:\Users\My\Documents\Youcam 2018-01-03 14:01 - 2018-01-03 14:01 - 000000000 ____D C:\Users\My\AppData\Roaming\Synaptics 2018-01-03 14:01 - 2018-01-03 14:01 - 000000000 ____D C:\Users\My\AppData\Local\CyberLink 2018-01-03 14:00 - 2018-01-03 14:00 - 000001449 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2018-01-03 14:00 - 2018-01-03 14:00 - 000000000 ____D C:\Windows\System32\Tasks\WPD 2018-01-03 14:00 - 2018-01-03 14:00 - 000000000 ____D C:\Users\My\AppData\Roaming\Adobe 2018-01-03 14:00 - 2018-01-03 14:00 - 000000000 ____D C:\Users\My\AppData\Local\VirtualStore 2018-01-03 14:00 - 2018-01-03 14:00 - 000000000 ____D C:\Users\My\AppData\Local\Power2Go8 2018-01-03 13:59 - 2018-01-04 03:21 - 000000000 ____D C:\Users\My\AppData\Local\Packages 2018-01-03 13:57 - 2018-01-04 10:57 - 000000000 ____D C:\Users\My 2018-01-03 13:57 - 2018-01-03 13:57 - 000000020 ___SH C:\Users\My\ntuser.ini 2018-01-03 13:57 - 2013-11-09 11:12 - 000000000 ___HD C:\Users\My\Documents\hp.system.package.metadata 2018-01-03 13:57 - 2013-11-09 11:12 - 000000000 ___HD C:\Users\My\Documents\hp.applications.package.appdata 2018-01-03 13:48 - 2018-01-03 13:48 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Videos 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Vorlagen 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Startmenü 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Netzwerkumgebung 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Lokale Einstellungen 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Eigene Dateien 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Druckumgebung 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default\Anwendungsdaten 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\Documents\Eigene Videos 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Programme 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\ProgramData\Vorlagen 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\ProgramData\Startmenü 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\ProgramData\Dokumente 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien 2018-01-03 13:45 - 2018-01-03 13:45 - 000000000 _SHDL C:\Dokumente und Einstellungen 2018-01-03 13:40 - 2018-01-03 13:40 - 000002384 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-367066759-3051834474-3753291197-500 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-04 11:07 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2018-01-04 10:50 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-04 03:48 - 2013-11-09 12:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2018-01-04 03:47 - 2014-03-18 12:06 - 000000000 ____D C:\ProgramData\McAfee 2018-01-04 03:44 - 2014-03-18 12:06 - 000000000 ____D C:\Program Files\Common Files\mcafee 2018-01-04 03:44 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\ELAM 2018-01-04 03:43 - 2013-08-22 16:36 - 000000000 ___HD C:\Windows\ELAMBKUP 2018-01-04 03:29 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2018-01-04 00:09 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2018-01-03 22:37 - 2013-08-22 16:36 - 000262144 _____ C:\Windows\system32\config\BCD-Template 2018-01-03 14:53 - 2013-11-09 19:39 - 000789620 _____ C:\Windows\system32\perfh007.dat 2018-01-03 14:53 - 2013-11-09 19:39 - 000173992 _____ C:\Windows\system32\perfc007.dat 2018-01-03 14:53 - 2013-08-26 07:09 - 001921026 _____ C:\Windows\system32\PerfStringBackup.INI 2018-01-03 14:13 - 2013-08-26 07:57 - 000000000 ____D C:\Windows\Panther 2018-01-03 14:01 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-03 14:00 - 2013-11-09 12:11 - 000000000 ___RD C:\Program Files\Online Services 2018-01-03 14:00 - 2013-11-09 12:11 - 000000000 ___RD C:\Program Files (x86)\Online Services 2018-01-03 13:59 - 2014-03-18 12:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2018-01-03 13:59 - 2014-03-18 11:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2018-01-03 13:59 - 2013-11-09 12:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2018-01-03 13:59 - 2013-11-09 12:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2018-01-03 13:59 - 2013-09-01 03:03 - 000000000 ___HD C:\SYSTEM.SAV 2018-01-03 13:58 - 2013-08-22 15:44 - 000337952 _____ C:\Windows\system32\FNTCACHE.DAT 2018-01-03 13:48 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache 2018-01-03 13:45 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows NT 2018-01-03 13:42 - 2013-09-01 04:49 - 000000000 ____D C:\SWSetup ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-08-26 07:01 ==================== End of FRST.txt ============================