Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015 Ran by Michael (ATTENTION: The user is not administrator) on ROSSHOME (20-11-2015 12:47:13) Running from C:\Users\Michael\Desktop Loaded Profiles: Michael (Available Profiles: Craig & Michael) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> OmniServ.exe Failed to access process -> atiesrxx.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> RtkAudioService64.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> svchost.exe Failed to access process -> mDNSResponder.exe Failed to access process -> officeclicktorun.exe Failed to access process -> svchost.exe Failed to access process -> dasHost.exe Failed to access process -> mfemms.exe Failed to access process -> mfevtps.exe Failed to access process -> mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe Failed to access process -> mfefire.exe Failed to access process -> mDNSResponder.exe Failed to access process -> svchost.exe Failed to access process -> McAPExe.exe Failed to access process -> mfefire.exe Failed to access process -> tunmgr.exe Failed to access process -> ggFqhIAFEv.exe Failed to access process -> McSvHost.exe Failed to access process -> imcneaou.exe Failed to access process -> svchost.exe Failed to access process -> BbDevMgr.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SearchIndexer.exe Failed to access process -> GamesAppIntegrationService.exe Failed to access process -> HPSA_Service.exe Failed to access process -> McCSPServiceHost.exe Failed to access process -> wmpnetwk.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> dwm.exe Failed to access process -> atieclxx.exe Failed to access process -> RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe Failed to access process -> opvapp.exe () C:\ProgramData\Uceecreifh\1.0.6.1\imcneaou.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\Michael\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> taskeng.exe Failed to access process -> svchost.exe Failed to access process -> TrustedInstaller.exe Failed to access process -> TiWorker.exe Failed to access process -> SearchFilterHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe Failed to access process -> svchost.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2014-01-11] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited) HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd) HKU\S-1-5-21-500842100-1455412229-3231742528-1004\...\Run: [uTorrent] => "C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{E3BB223A-1E90-4941-8FC8-BC5AA972D9C8}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19 HKU\S-1-5-21-500842100-1455412229-3231742528-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-500842100-1455412229-3231742528-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBaVAtJFAASbQAIBVxcFQYQIhQAA19BDFEbJgtZVAkVQ1MaJB9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms} SearchScopes: HKLM -> OldSearch URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_dnldwz_15_44_ssg01&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0FyEzztBtC0FyDzztC0EtN0D0Tzu0StCtAzyyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1RtN1L1G1B1V1N2Y1L1Qzu2StAtDyCtAtCtAtC0FtGtDtB0AtAtGyBzyzz0FtGtBzz0A0BtG0A0ByE0CtD0EtCtC0C0AyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FtDzztBtAtDyDtGtC0F0C0CtGyEyC0D0BtG0ByEtA0CtGyEtB0C0F0BtC0E0EyC0AtBtC2QtN0A0LzuyE&cr=1959423171&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQBaVAtJFAASbQAIBVxcFQYQIhQAA19BDFEbJgtZVAkVQ1MaJB9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms} SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_dnldwz_15_44_ssg01&cd=2XzuyEtN2Y1L1Qzu0Bzz0E0EyCyD0FyEzztBtC0FyDzztC0EtN0D0Tzu0StCtAzyyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0BzytDyBtB0DtAtGtBzztBzytG0DtC0FzztGtC0C0E0EtGyC0A0FyBtCtAzz0B0ByE0DyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0FtDzztBtAtDyDtGtC0F0C0CtGyEyC0D0BtG0ByEtA0CtGyEtB0C0F0BtC0E0EyC0AtBtC2QtN0A0LzuyE&cr=286164353&ir= SearchScopes: HKLM -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-500842100-1455412229-3231742528-1004 -> {7287C672-658A-491E-BD09-D57B5F10F99D} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default FF DefaultSearchEngine: Default FF SelectedSearchEngine: Default FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-23] (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-06-24] () FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: Strict Pop-up Blocker - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-08-21] FF Extension: Get The Results Hub - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\okeebkyq.default\Extensions\{731e4a08-bc27-4146-839c-55549d5157e3}.xpi [2015-11-17] [not signed] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-06] [not signed] Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaIgwKWQxEEBgacF1dTA1CElcOeFteURQVGVMRIQwIBVsXGFEFIk0FA1oDB0VXfV5bFElXTwhkJU1sCVwjREZWLE1LKUwT" CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18] CHR Extension: (Get The Results Hub) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccpingipgegebhloehfeipccnpnbjkbh [2015-11-18] [UpdateUrl: hxxp://cdn.getresultshub.com/update] <==== ATTENTION CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-18] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent) R2 ggFqhIAFEv; C:\ProgramData\HucVmIYocv\ggFqhIAFEv.exe [2999208 2015-11-18] (Great Apps) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo) R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation) R2 lmhosts; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.) R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation) R2 NlaSvc; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-28] (Microsoft Corporation) R2 nsi; C:\windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed] R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed] R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-11] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) S3 w3logsvc; C:\windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-07-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-02-25] (Advanced Micro Devices) S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [24576 2014-04-15] (BlackBerry) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.) S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] () S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] () S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-20 12:47 - 2015-11-20 12:47 - 00021272 _____ C:\Users\Michael\Desktop\FRST.txt 2015-11-20 12:46 - 2015-11-20 12:47 - 00000000 ____D C:\FRST 2015-11-20 12:43 - 2015-11-20 12:43 - 02020352 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2015-11-20 12:37 - 2015-11-20 12:37 - 00000000 ____D C:\Users\Michael\AppData\Local\CrimeWatch 2015-11-20 12:35 - 2015-11-20 12:39 - 00002290 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk 2015-11-20 00:55 - 2015-11-20 00:55 - 01732096 _____ C:\Users\Michael\Desktop\AdwCleaner.exe 2015-11-19 21:38 - 2015-11-20 01:30 - 00000000 ____D C:\AdwCleaner 2015-11-19 21:05 - 2015-11-19 21:05 - 00000000 _____ C:\autoexec.bat 2015-11-19 20:22 - 2015-11-20 01:46 - 00000000 ____D C:\ProgramData\Radio 2015-11-18 17:42 - 2015-11-18 17:42 - 00000000 ____D C:\ProgramData\Uceecreifh 2015-11-18 17:38 - 2015-11-19 16:28 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-18 17:38 - 2015-11-18 17:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Google 2015-11-18 17:37 - 2015-11-18 17:37 - 00000000 ____D C:\ProgramData\HucVmIYocv 2015-11-18 17:14 - 2015-11-18 17:14 - 00000000 ____D C:\Users\Michael\Desktop\MURALS 2015-11-16 17:12 - 2015-11-16 17:12 - 00000000 ____D C:\Users\Michael\AppData\Local\Microsoft Help 2015-11-16 10:27 - 2015-11-02 19:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-11-16 10:27 - 2015-11-02 19:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-15 22:39 - 2015-11-16 13:38 - 00000000 ____D C:\Users\Michael\Desktop\Misc art 2015-11-14 16:10 - 2015-11-15 22:41 - 00000000 ___HD C:\Users\Michael\Downloads\H 2015-11-12 12:55 - 2015-11-19 16:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-11 23:55 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-11-11 23:55 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-11-11 23:55 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-11-11 23:55 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-11-11 23:55 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-11-11 23:55 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-11-11 23:55 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-11-11 23:55 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-11-11 23:55 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2015-11-11 23:55 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-11-11 23:55 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-11-11 23:55 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-11-11 23:55 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-11-11 23:55 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-11-11 23:55 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-11-11 23:55 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2015-11-11 23:55 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-11-11 23:55 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-11-11 23:55 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-11-11 23:55 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-11-11 23:55 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-11-11 23:55 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-11-11 23:55 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-11-11 23:55 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-11-11 23:55 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-11-11 23:55 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-11-11 23:55 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-11-11 23:55 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll 2015-11-11 23:55 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-11-11 23:55 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-11-11 23:55 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-11-11 23:55 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2015-11-11 23:55 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2015-11-11 23:55 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2015-11-11 23:55 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2015-11-11 23:55 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-11-11 23:55 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-11-11 23:55 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-11-11 23:55 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2015-11-11 23:55 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2015-11-11 23:55 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2015-11-11 23:55 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2015-11-11 23:55 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2015-11-11 23:55 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys 2015-11-11 23:55 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll 2015-11-11 23:55 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll 2015-11-11 23:55 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-11-11 23:55 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-11-11 23:55 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll 2015-11-11 23:55 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll 2015-11-11 23:55 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-11-11 23:55 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-11-11 23:55 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-11-11 23:55 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-11-11 23:55 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2015-11-11 23:55 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-11-11 23:55 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-11-11 23:55 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2015-11-11 23:55 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-11-11 23:55 - 2015-09-29 07:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys 2015-11-11 23:55 - 2015-09-12 08:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml 2015-11-11 23:55 - 2015-09-07 11:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll 2015-11-11 23:55 - 2015-09-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll 2015-11-11 23:55 - 2015-09-07 10:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll 2015-11-11 23:55 - 2015-09-04 14:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys 2015-11-11 23:55 - 2015-08-28 17:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe 2015-11-11 23:55 - 2015-08-20 15:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2015-11-11 23:55 - 2015-08-20 12:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2015-11-11 23:54 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-11-11 23:54 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2015-11-11 23:54 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL 2015-11-11 23:54 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL 2015-11-11 23:54 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll 2015-11-11 23:54 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL 2015-11-11 23:54 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll 2015-10-28 17:11 - 2015-10-28 17:11 - 00000872 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2015-10-28 17:11 - 2015-10-28 17:11 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2015-10-28 17:11 - 2015-10-28 17:11 - 00000000 ____D C:\Users\Michael\.thumbnails 2015-10-28 16:55 - 2015-10-28 17:12 - 00000000 ____D C:\Users\Michael\.gimp-2.8 2015-10-28 16:55 - 2015-10-28 16:55 - 00000000 ____D C:\Users\Michael\AppData\Local\gegl-0.2 2015-10-28 16:50 - 2015-10-28 16:50 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Mozilla 2015-10-27 14:23 - 2015-10-27 14:23 - 00000299 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2015-10-27 14:08 - 2015-11-16 17:43 - 00000000 ____D C:\Users\Michael\Desktop\Music charts 2015-10-21 12:01 - 2015-10-21 15:03 - 00000000 ____D C:\Users\Michael\Downloads\Megadeth.Discography.1985-2013.MP3.320kbps ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-20 12:44 - 2015-08-26 14:43 - 01808748 _____ C:\windows\WindowsUpdate.log 2015-11-20 12:35 - 2014-03-18 04:53 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI 2015-11-20 12:34 - 2015-08-21 01:21 - 00000000 ___RD C:\Users\Michael\OneDrive 2015-11-20 12:34 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru 2015-11-20 01:43 - 2014-08-21 13:38 - 00000000 __RDO C:\Users\Craig\OneDrive 2015-11-20 01:41 - 2015-09-11 10:26 - 00011085 _____ C:\windows\setupact.log 2015-11-20 01:41 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-11-20 01:02 - 2015-09-16 12:26 - 00016920 _____ C:\windows\PFRO.log 2015-11-20 01:01 - 2015-08-26 04:23 - 00000000 ____D C:\searchplugins 2015-11-20 00:53 - 2015-08-20 13:18 - 00000000 ____D C:\Users\Michael\AppData\Local\SweetLabs App Platform 2015-11-19 20:49 - 2015-08-26 04:25 - 00000350 _____ C:\windows\Tasks\HPCeeScheduleForCraig.job 2015-11-19 11:29 - 2014-05-20 16:48 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-11-18 17:21 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness 2015-11-18 03:12 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache 2015-11-16 17:04 - 2015-09-22 18:16 - 00000000 ____D C:\Users\Michael\Downloads\Available pieces 2015-11-16 11:40 - 2015-08-21 07:41 - 01208832 ___SH C:\Users\Michael\Desktop\Thumbs.db 2015-11-16 10:42 - 2014-09-06 16:18 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-11-16 10:42 - 2014-09-06 16:18 - 00000000 ____D C:\windows\system32\MRT 2015-11-16 10:26 - 2013-08-22 09:44 - 00494928 _____ C:\windows\system32\FNTCACHE.DAT 2015-11-15 22:42 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData 2015-11-14 15:36 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp 2015-11-14 14:41 - 2015-08-21 16:45 - 06852608 ___SH C:\Users\Michael\Downloads\Thumbs.db 2015-11-12 21:06 - 2015-08-20 13:22 - 00002444 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-11-12 21:05 - 2015-08-20 13:22 - 00002426 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk 2015-11-12 15:02 - 2015-10-03 17:10 - 00000000 ____D C:\Users\Michael\Downloads\Makeup transformations 2015-11-12 12:44 - 2014-05-20 16:57 - 00000000 ____D C:\ProgramData\McAfee 2015-11-12 00:54 - 2015-08-20 13:18 - 00000000 ____D C:\Users\Michael 2015-10-29 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF 2015-10-29 12:30 - 2015-09-22 18:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent 2015-10-29 12:28 - 2015-10-16 14:50 - 00000000 ____D C:\Program Files\Nikon 2015-10-28 16:47 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy 2015-10-28 10:08 - 2015-10-16 14:49 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT 2015-10-28 10:07 - 2015-10-16 14:49 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT 2015-10-28 09:36 - 2014-09-15 19:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-10-25 14:03 - 2013-08-22 10:36 - 00000000 ____D C:\windows\LiveKernelReports 2015-10-21 11:59 - 2015-09-22 18:53 - 00000000 ____D C:\Users\Craig\AppData\Roaming\uTorrent ==================== Files in the root of some directories ======= 2015-10-28 17:11 - 2015-10-28 17:11 - 0000872 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-10-16 14:49 - 2015-10-16 14:49 - 0000268 ___RH () C:\ProgramData\Licenses 2015-10-16 14:51 - 2015-10-16 14:51 - 0000268 ___RH () C:\ProgramData\Light Machine 2015-10-16 14:49 - 2015-10-16 14:49 - 0000268 ___RH () C:\ProgramData\Limiter 2015-10-16 14:51 - 2015-10-16 14:51 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2015-10-16 14:49 - 2015-10-28 10:08 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-10-16 14:49 - 2015-10-28 10:07 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Some files in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\oct4C7E.tmp.exe C:\Users\Michael\AppData\Local\Temp\octAE5C.tmp.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================