Downloaded an exe: Firefox starts with non-home pages

[Chris Haslam]

fixlog.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Chris (administrator) on MOLLY (05-09-2016 10:26:18)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
( ) C:\Program Files\HP\HP UT\bin\hppusg.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() F:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
() F:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() F:\Program Files\Microsoft Office\Office\OSA.EXE
(Avanquest Software) F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Chris\AppData\Local\Temp\baa3-a1b4-b569-fe48\uninstall.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2012-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2012-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] => f:\Program Files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-05-03] ( )
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM\...\Run: [SDTray] => F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [408872 2014-08-14] (Acronis)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [PDHookServer] => F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [LMab1err] => F:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [Spybot-S&D Cleaning] => F:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\system32\FileMonitor32.dll => C:\Windows\system32\FileMonitor32.dll [107520 2012-12-14] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2013-10-28]
ShortcutTarget: Microsoft Find Fast.lnk -> F:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2013-10-28]
ShortcutTarget: Office Startup.lnk -> F:\Program Files\Microsoft Office\Office\OSA.EXE ()
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-10-25]
ShortcutTarget: Dialog Helper.lnk -> F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66
Tcpip\..\Interfaces\{61A2128C-D99C-413E-B4E8-292F8A12B08D}: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Extension: (Print Edit) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\extensions\printedit@DW-dev.xpi [2016-08-30]
FF Extension: (WOT) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-09-03]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\asmcms8v.default-1472575210563\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-30]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [859456 2014-08-14] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2015-07-31] (Acronis)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [95232 2015-01-14] (Dassault Systèmes) [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2015-03-01] (Flexera Software LLC)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
R2 SDScannerService; F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; F:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [214304 2015-03-25] (Acronis International GmbH)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2006-04-04] (Hewlett Packard) [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-20] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-20] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-20] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507065.sys [555000 2015-09-01] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [292280 2015-08-04] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [70168 2015-08-04] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [223000 2015-08-04] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [349816 2015-08-04] (IBM Corp.)
R1 SDHookDriver; F:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [685160 2015-07-31] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [184136 2015-07-31] (Acronis International GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 10:26 - 2016-09-05 10:26 - 00015939 _____ C:\Users\Chris\Desktop\FRST.txt
2016-09-05 10:25 - 2016-09-05 10:26 - 00000000 ____D C:\FRST
2016-09-05 10:24 - 2016-09-05 10:24 - 01747968 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2016-09-05 10:07 - 2016-09-05 10:25 - 00000000 ____D C:\EEK
2016-09-05 09:31 - 2016-09-05 09:32 - 248386808 _____ C:\Users\Chris\Desktop\EmsisoftEmergencyKit.exe
2016-09-05 09:16 - 2016-09-05 09:16 - 00001238 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\Users\Chris\AppData\Local\VS Revo Group
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-09-05 09:16 - 2016-09-05 09:16 - 00000000 ____D C:\Program Files\VS Revo Group
2016-09-05 09:16 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-09-05 09:14 - 2016-09-05 09:14 - 11374528 _____ (VS Revo Group ) C:\Users\Chris\Desktop\RevoUninProSetup.exe
2016-09-03 22:18 - 2016-09-03 22:18 - 00000836 _____ C:\DelFix.txt
2016-09-01 15:59 - 2016-09-01 15:59 - 00000000 ____D C:\Users\Chris\AppData\Local\ESET
2016-09-01 15:17 - 2016-09-01 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-31 12:38 - 2016-08-31 12:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MOLLY-Windows-7-Professional-(32-bit).dat
2016-08-31 12:37 - 2016-08-31 12:37 - 00002189 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-08-31 12:37 - 2016-08-31 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-31 12:37 - 2016-08-31 12:37 - 00000000 ____D C:\Program Files\Tweaking.com
2016-08-31 12:34 - 2016-08-31 12:37 - 00018956 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-08-31 12:32 - 2016-08-31 12:32 - 05575304 _____ (Tweaking.com) C:\Users\Chris\Desktop\tweaking.com_registry_backup_setup.exe
2016-08-30 12:40 - 2016-08-30 12:40 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data
2016-08-30 12:11 - 2016-09-05 09:27 - 00000000 ____D C:\ProgramData\yes
2016-08-25 21:50 - 2016-08-25 21:50 - 00000000 _____ C:\Windows\Textart.INI
2016-08-19 07:03 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-10 16:00 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 16:00 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 16:00 - 2016-08-02 02:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 16:00 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 16:00 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 16:00 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 16:00 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 16:00 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 16:00 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 16:00 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 16:00 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 16:00 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 16:00 - 2016-08-02 01:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 16:00 - 2016-08-02 01:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 16:00 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 16:00 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 16:00 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 16:00 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 16:00 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 16:00 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 16:00 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 16:00 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 16:00 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 16:00 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 16:00 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 16:00 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 16:00 - 2016-08-02 01:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 16:00 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 16:00 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 16:00 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 16:00 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 16:00 - 2016-07-08 11:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 16:00 - 2016-07-08 11:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 16:00 - 2016-07-08 11:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 16:00 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 16:00 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 16:00 - 2016-07-08 10:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 16:00 - 2016-07-08 10:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 16:00 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 16:00 - 2016-07-08 10:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 16:00 - 2016-07-08 10:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 10:15 - 2013-10-11 22:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 10:14 - 2013-11-25 10:56 - 00000000 ____D C:\Users\Chris\AppData\Roaming\ClassicShell
2016-09-05 09:59 - 2016-03-15 11:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 09:13 - 2010-11-20 17:01 - 00795074 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-05 09:13 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-09-05 09:11 - 2009-07-14 00:34 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 09:11 - 2009-07-14 00:34 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 09:06 - 2013-10-11 22:28 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 09:06 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 09:06 - 1997-07-11 00:00 - 00022701 ____H C:\Windows\system32\FFASTLOG.TXT
2016-09-03 14:43 - 2016-04-03 23:32 - 00016444 _____ C:\Users\Chris\Documents\PDF_Log.txt
2016-09-03 01:36 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-03 00:33 - 2013-11-17 23:41 - 00000000 ____D C:\Users\Chris\Documents\My Scans
2016-09-02 22:48 - 2013-11-03 15:00 - 00000000 ____D C:\Users\Chris\AppData\Local\CutePDF Writer
2016-09-02 19:30 - 2013-10-22 18:58 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2016-08-31 22:42 - 2015-09-22 01:33 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-31 22:39 - 2013-10-24 14:36 - 00000749 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-31 22:39 - 2013-10-24 14:36 - 00000749 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-31 22:39 - 2013-10-11 20:27 - 00001164 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-31 22:39 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-30 13:17 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160831-123042.backup
2016-08-27 11:07 - 2013-10-24 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-08-24 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160830-131752.backup
2016-08-20 15:35 - 2014-02-01 01:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\HpUpdate
2016-08-19 08:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-08-17 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160824-123043.backup
2016-08-10 16:13 - 2009-07-14 00:33 - 00545640 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 16:04 - 2013-10-12 16:40 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 16:01 - 2013-10-12 16:40 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 12:30 - 2009-07-13 22:04 - 00453324 ____R C:\Windows\system32\Drivers\etc\hosts.20160817-123042.backup

==================== Files in the root of some directories =======

2015-08-01 10:23 - 2015-08-01 10:23 - 0000059 _____ () C:\Users\Chris\AppData\Roaming\StringRegExpGUIPattern.dat
2013-11-17 23:27 - 2013-11-17 23:27 - 0000093 _____ () C:\Users\Chris\AppData\Local\fusioncache.dat
2013-10-23 09:20 - 2015-09-19 10:24 - 0007607 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
2013-11-17 22:48 - 2015-05-25 11:35 - 0001453 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\libeay32.dll
C:\Users\Chris\AppData\Local\Temp\msvcr120.dll
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 10:04

==================== End of FRST.txt ============================

[Chris Haslam]

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:52 on 05/09/2016 by Chris
Administrator - Elevation successful

========== folderfind ==========

Searching for "FileFinder"
No folders found.

========== filefind ==========

Searching for "FileFinder"
No files found.

========== regfind ==========

Searching for "FileFinder"
[HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\FileFinder.ini]
[HKEY_CURRENT_USER\Software\Helios\TextPad 5\Recent File List]
"File4"="C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID]
@="HHCtrl.FileFinder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\VersionIndependentProgID]
@="HHCtrl.FileFinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"DisplayName"="FileFinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"UninstallString"=""C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"QuietUninstallString"=""C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe" -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"DisplayIcon"=""C:\Program Files\FileFinder\icon.ico""
[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\FLEXnet\Connect\db\FileFinder.ini]
[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Helios\TextPad 5\Recent File List]
"File4"="C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"

-= EOF =-

[Juliet]

Look back to post #23, did you run that FRST script?

[Chris Haslam]

My error: I saved the contents of the quote box to the wrong file name.

I have now saved to the correct file name.

Now fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Chris (05-09-2016 15:31:32) Run:2
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Windows\FileFinder.ini
C:\Program Files\FileFinder\FileFinder.exe
C:\Program Files\FileFinder
FirewallRules: [{2F4F8DFF-6326-425D-8D16-4A87F4A5BB07}] => (Allow) C:\Program Files\FileFinder\FileFinder.exe
FirewallRules: [{ECD938F0-FCBA-49A9-8CFA-61A57F920A71}] => (Allow) C:\Program Files\FileFinder\FileFinder.exe
C:\Users\Chris\AppData\Local\Temp\libeay32.dll
C:\Users\Chris\AppData\Local\Temp\msvcr120.dll
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\FileFinder.ini" => not found.
"C:\Program Files\FileFinder\FileFinder.exe" => not found.
"C:\Program Files\FileFinder" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F4F8DFF-6326-425D-8D16-4A87F4A5BB07} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECD938F0-FCBA-49A9-8CFA-61A57F920A71} => value not found.
"C:\Users\Chris\AppData\Local\Temp\libeay32.dll" => not found.
"C:\Users\Chris\AppData\Local\Temp\msvcr120.dll" => not found.
"C:\Users\Chris\AppData\Local\Temp\sqlite3.dll" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10997638 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 11394730 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Chris => 20631 B

RecycleBin => 0 B
EmptyTemp: => 21.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:31:41 ====

----
SystemLook.txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:34 on 05/09/2016 by Chris
Administrator - Elevation successful

========== folderfind ==========

Searching for "FileFinder"
No folders found.

========== filefind ==========

Searching for "FileFinder"
No files found.

========== regfind ==========

Searching for "FileFinder"
[HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\FileFinder.ini]
[HKEY_CURRENT_USER\Software\Helios\TextPad 5\Recent File List]
"File4"="C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID]
@="HHCtrl.FileFinder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\VersionIndependentProgID]
@="HHCtrl.FileFinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"DisplayName"="FileFinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"UninstallString"=""C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"QuietUninstallString"=""C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe" -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
"DisplayIcon"=""C:\Program Files\FileFinder\icon.ico""
[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\FLEXnet\Connect\db\FileFinder.ini]
[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Helios\TextPad 5\Recent File List]
"File4"="C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"

-= EOF =-

[Juliet]

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Chris (05-09-2016 15:31:32) Run:2

I don't think the first run is saved, and I think thats why we see
value not found.
file not found.

I've created a script for FRST, and since the above was run 2 times, chances are it isn't going to find much

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
Deletekey:[HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\FileFinder.ini]
DeleteKey:C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\VersionIndependentProgID]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\Program Files\FileFinder\icon.ico
DeleteKey:[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\FLEXnet\Connect\db\FileFinder.ini]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
end

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[Chris Haslam]

fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Chris (05-09-2016 18:06:07) Run:3
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Deletekey:[HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\FileFinder.ini]
DeleteKey:C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\VersionIndependentProgID]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe
DeleteKey:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder]
C:\Program Files\FileFinder\icon.ico
DeleteKey:[HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\FLEXnet\Connect\db\FileFinder.ini]
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg"
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\FileFinder.ini => key removed successfully.
C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg => key not found: incorrect path.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\VersionIndependentProgID => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HHCtrl.FileFinder.1 => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder => key not found.
"C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe" => not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder => key not found.
"C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.exe" => not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder => key not found.
"C:\Program Files\FileFinder\icon.ico" => not found.
HKEY_USERS\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\FLEXnet\Connect\db\FileFinder.ini => key not found.
"C:\ProgramData\yes\products\FileFinder\uninstall\uninstall.cfg" => not found.


The system needed a reboot.

==== End of Fixlog 18:06:16 ====

[Chris Haslam]

Directory C:\ProgramData\yes is now empty.

FileFinder is no longer listed in Control Panel > Programs and features.