Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC reporting problem with one of my hard drives


  • This topic is locked This topic is locked
18 replies to this topic

#1 scopio

scopio

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 13 January 2015 - 02:38 PM

System details;

OS Windows 7HP 64bit

CPU AMD Phenom II Quad

Motherboard ASUS M4A79-T Deluxe 790FX

Memory 12BG Corsair XMS3

Video card Sapphire ATI Radeon HD 4890

Boot disk C:\ Samsung Spinpoint 1TB 7200 SATA II 32MB

Backup Disk Seagate ST2000DM001-1C164 1TB SATA Gen3, 6GB

Symptoms since Saturday 10 January 2015

PC takes long time to boot and BIOS reports 4th Master Hard drive error Press F1, sometimes a black screen appears asking for “Proper Boot device or insert boot media”. After several tries rebooting Windows loads all being slow. At one stage BIOS did not detect the installed drives.

When Windows eventually loads Action Center reports to “Troubleshoot a problem with your computer’s hard disk”. I run HD Sentinel test and reports that C: is perfect but sometimes for the backup drive F: and G: it does not show details and sometimes it reports that it is perfect!

I have WinPatrol installed which reports that a new startup program wants to run “C:\PROGRA~\MICRO~2\Office14\GROOVEEX.Dll” to which I reject permission.

Sometimes chkdsk runs after logging in and deletes corrupted attributes recovers file verification etc.

What I have done to try to rectify the problem;

Run Antivirus and malware software

Kaspersky TDSSKiller, ADW cleaner, Vipre Online Virus Scanner, Panda Online scanner, Hitman Pro, Malwarebytes all of which have not found any threats except Vipre which found four threats which were deleted!

I have not tried to backup from the F: drive as I’m not sure if it is wise to do so as it might have been corrupted.

Don’t know if the problem is with a virus or the drives or the motherboard?

Please advice on how to go about rectifying this problem; any help would be much appreciated.



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 14 January 2015 - 10:34 AM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 14 January 2015 - 12:47 PM

Hey Machiavelli,

Thanks for your reply.

I am writing this from a different pc as I am running chkdsk on the problematic pc. As soon as I can get it running I will download FRST and post the reports you requested.

Thanks for your patience.

scopio



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 14 January 2015 - 03:13 PM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 14 January 2015 - 05:45 PM

Hey Machiavelli,

Thanks for responding to my post.

Since my last post I have disconnected my backup drive which was the one being flagged to eliminate it if the problem was with this drive. I then restarted Windows and it still reported to “Troubleshoot my hard disk”.

I run chkdsk which reported the foll0wing, file segment attribute records (128, “) and orphan file record 92858, completed Index verification 0unidexed file scanned or recovered, Verified security descriptors inserting data attributes into 8 files, usn Journal verification completed, verifying file data 395248 files processed file verification complete, verifying free space Volume clean. Windows booted. Everything run OK, I shutdown again and plugged the backup drive (F: and E: ) again to install and run FRST as to give you the accurate diagnostic results with it installed. Closed antivirus and malwarebytes, installed FRST and run scan. Unfortunately the pc shutdown by itself before FRST finished scanning! PC rebooted and the BIOS reported “4th Hard disk SMART command failed Press F1” pc rebooted, I shut it down and disconnected the hard disk (E: F: ) rebooted again closed antivirus and malwarebytes and run FRST scan again! Now waiting for FRST to finish scanning.

Please be patient I will continue to post. 



#6 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 14 January 2015 - 07:27 PM

Hey Machiavelli,

How long does FRST take to scan the pc? It has been scanning for over 2 hours and still scanning, it seems to be going on forever. There are two logs on the desktop, FRST.tex and Addition.text but I don't want to have a look at them as not to interrupt the scanning! 


Edited by scopio, 14 January 2015 - 07:31 PM.


#7 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 14 January 2015 - 08:21 PM

After a long time scanning FRST continued to scan without finishing so I looked at the two logs which I have copied below. If the logs are not complet please let me know if I have to rescan again!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Emer (administrator) on EMER-PC on 14-01-2015 21:51:33
Running from C:\Users\Emer\Desktop
Loaded Profiles: Emer (Available profiles: Emer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\MountPoints2: {808e5069-f5a2-11e0-ab31-806e6f6e6963} - E:\SmartAccess\bcont.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> DefaultScope {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/O3DPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5 [2014-12-14]
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Netcraft Extension) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-01-12]
CHR Extension: (Google Search) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Chromebleed) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-01-12]
CHR Extension: (SiteAdvisor) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-18]
CHR Extension: (AdBlock Premium) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-12]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-05-18]
CHR Extension: (IDM Integration Module) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S4 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
S4 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-23] (Fork Ltd.) [File not signed]
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-31] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-03-26] (Paramount Software UK Ltd)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-05-31] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [31024 2012-03-07] (Windows ® Win 7 DDK provider)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [23480 2013-10-01] (Christian Gulden)
S3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-11-07] (microOLAP Technologies LTD)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [114080 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [42912 2009-07-13] (Realtek)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [438376 2012-05-25] (Realtek Semiconductor Corporation                           )
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
R2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138}; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [146928 2010-07-30] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Emer\AppData\Local\Temp\ATICDSDr.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 21:51 - 2015-01-14 21:51 - 00037290 _____ () C:\Users\Emer\Desktop\FRST.txt
2015-01-14 21:49 - 2015-01-14 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-14 20:38 - 2015-01-14 21:51 - 00000000 ____D () C:\FRST
2015-01-14 20:35 - 2015-01-14 20:35 - 02125312 _____ (Farbar) C:\Users\Emer\Desktop\FRST64.exe
2015-01-14 19:43 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:43 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:43 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:43 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:42 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:42 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:42 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:42 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:39 - 2015-01-14 21:50 - 00000000 ____D () C:\Users\Emer\Documents\Bleeping.com
2015-01-13 17:46 - 2015-01-13 17:46 - 00000000 __SHD () C:\found.001
2015-01-13 16:03 - 2015-01-13 16:03 - 00000572 _____ () C:\Windows\system32\.crusader
2015-01-13 15:53 - 2015-01-13 15:52 - 00000632 _____ () C:\Users\Emer\Desktop\JRT.txt
2015-01-13 11:51 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-01-13 11:51 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-01-12 22:40 - 2015-01-12 22:40 - 00000000 ____D () C:\Users\Emer\53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2015-01-12 22:07 - 2015-01-12 22:09 - 178299256 _____ () C:\Users\Emer\Downloads\Camtasia Studio 7 Full - Español.rar
2015-01-12 20:46 - 2015-01-12 20:46 - 00275736 _____ () C:\Windows\Minidump\011215-20311-01.dmp
2015-01-12 17:41 - 2015-01-12 17:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-12 17:41 - 2015-01-12 17:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-12 17:15 - 2015-01-12 17:15 - 00010440 ____N () C:\bootsqm.dat
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\HardDiskSentinel
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Hard Disk Sentinel
2015-01-11 23:50 - 2015-01-11 23:50 - 00001007 _____ () C:\Users\Emer\Desktop\Hard Disk Sentinel.lnk
2015-01-11 23:50 - 2015-01-11 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2015-01-11 23:45 - 2015-01-12 15:19 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-01-11 18:49 - 2015-01-11 18:50 - 00000000 ____D () C:\Users\Emer\Documents\seagate drive
2015-01-11 13:36 - 2015-01-11 13:36 - 00001047 _____ () C:\Users\Emer\Desktop\DiskCheckup.lnk
2015-01-11 13:36 - 2015-01-11 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2015-01-11 13:35 - 2015-01-11 18:39 - 00000000 ____D () C:\Program Files (x86)\DiskCheckup
2015-01-02 12:48 - 2015-01-02 12:48 - 00275736 _____ () C:\Windows\Minidump\010215-23415-01.dmp
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-25 11:05 - 2014-12-25 11:05 - 00275736 _____ () C:\Windows\Minidump\122514-21091-01.dmp
2014-12-18 23:06 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 23:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:41 - 2014-11-29 00:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 21:50 - 2009-07-14 05:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 21:49 - 2014-03-11 12:12 - 00001763 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2015-01-14 21:49 - 2014-02-13 13:41 - 01279411 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 21:49 - 2013-12-28 14:27 - 00000000 ____D () C:\Windows\CryptoGuard
2015-01-14 21:46 - 2014-03-29 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 21:46 - 2012-02-11 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 21:45 - 2014-12-08 12:04 - 00003528 _____ () C:\Windows\setupact.log
2015-01-14 21:45 - 2011-10-13 23:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-14 21:45 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 21:40 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 21:40 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 21:31 - 2014-11-14 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0004952f56bb5.job
2015-01-14 21:31 - 2014-05-06 17:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf694dedc7fcd3.job
2015-01-14 20:36 - 2012-02-03 11:59 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\KeePass
2015-01-14 20:10 - 2011-10-14 16:05 - 00770404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 19:51 - 2013-07-11 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:43 - 2011-10-13 14:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:25 - 2013-04-18 19:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-14 16:24 - 2014-12-08 12:04 - 00029366 _____ () C:\Windows\PFRO.log
2015-01-14 14:41 - 2013-04-29 01:07 - 00000000 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:58 - 2011-10-13 22:06 - 00000000 ____D () C:\Users\Emer\Documents\Outlook Files
2015-01-14 13:53 - 2011-10-29 00:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-13 16:32 - 2012-03-21 15:45 - 00000000 ____D () C:\Users\Emer\AppData\Local\CrashDumps
2015-01-13 16:03 - 2014-05-04 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 15:40 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\DMCache
2015-01-13 15:32 - 2013-07-08 23:42 - 00000000 ____D () C:\VIPRERESCUE
2015-01-13 01:18 - 2011-10-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-01-13 00:10 - 2011-10-13 23:06 - 00078489 _____ () C:\Windows\system32\lvcoinst.log
2015-01-12 22:40 - 2011-10-13 14:09 - 00000000 ____D () C:\Users\Emer
2015-01-12 21:56 - 2014-08-26 21:40 - 00000000 ____D () C:\Users\Emer\AppData\Local\Adobe
2015-01-12 21:51 - 2011-10-18 09:42 - 00001013 _____ () C:\Users\Emer\Desktop\Internet Download Manager.lnk
2015-01-12 21:43 - 2012-02-19 16:19 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\vlc
2015-01-12 20:46 - 2014-12-09 13:08 - 662077080 _____ () C:\Windows\MEMORY.DMP
2015-01-12 20:46 - 2011-10-14 14:14 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 19:54 - 2014-03-28 16:41 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 19:23 - 2014-03-28 16:26 - 00000000 ____D () C:\AdwCleaner
2015-01-12 17:33 - 2011-10-13 18:42 - 00000000 ____D () C:\Users\Emer\AppData\Local\TechSmith
2015-01-12 14:57 - 2013-11-18 13:21 - 00000000 ____D () C:\Users\Emer\Documents\Rebecca
2015-01-12 14:56 - 2011-10-14 16:27 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Skype
2015-01-11 17:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 16:27 - 2011-11-07 16:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-11 16:27 - 2011-11-07 16:44 - 00000000 ____D () C:\Program Files\Speccy
2015-01-10 15:23 - 2014-05-04 13:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-10 15:23 - 2012-05-14 10:51 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\ArcSoft
2015-01-10 15:23 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 16:13 - 2012-05-18 14:57 - 00000000 ____D () C:\Users\Emer\Documents\SarahRose
2014-12-30 17:41 - 2014-01-06 16:03 - 00000000 ____D () C:\Users\Emer\Documents\Winzip payment
2014-12-30 16:49 - 2013-01-03 14:03 - 00000000 ____D () C:\Users\Emer\Documents\Kate Elson
2014-12-28 01:28 - 2011-11-07 13:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-12-27 18:20 - 2014-12-03 15:39 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:39 - 00000899 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:37 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 10
2014-12-27 15:40 - 2014-10-27 16:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 15:40 - 2013-10-21 12:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:40 - 2012-03-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 15:39 - 2012-05-20 13:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-22 13:57 - 2013-09-20 13:48 - 00000000 ____D () C:\Users\Emer\Documents\Pensions
2014-12-22 13:41 - 2011-10-16 10:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 13:41 - 2011-10-16 10:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 13:41 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\IDM
2014-12-21 19:28 - 2012-02-25 00:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 19:28 - 2011-10-14 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 11:45 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
 
Files to move or delete:
====================
C:\Users\Emer\cygwin1.dll
C:\Users\Emer\Make ISO.bat
C:\Users\Emer\mkisofs.exe
 
 
Some content of TEMP:
====================
C:\Users\Emer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emer\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\Emer\AppData\Local\Temp\Quarantine.exe
C:\Users\Emer\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Emer at 2015-01-14 21:52:11
Running from C:\Users\Emer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 15 January 2015 - 10:23 AM

That's not the full Addition Log. :(

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 15 January 2015 - 10:31 AM

This is the latest logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Emer (administrator) on EMER-PC on 15-01-2015 01:58:12
Running from C:\Users\Emer\Desktop
Loaded Profiles: Emer (Available profiles: Emer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\MountPoints2: {808e5069-f5a2-11e0-ab31-806e6f6e6963} - E:\SmartAccess\bcont.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> DefaultScope {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/O3DPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5 [2014-12-14]
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Netcraft Extension) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-01-12]
CHR Extension: (Google Search) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Chromebleed) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-01-12]
CHR Extension: (SiteAdvisor) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-18]
CHR Extension: (AdBlock Premium) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-12]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-05-18]
CHR Extension: (IDM Integration Module) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S4 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
S4 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-23] (Fork Ltd.) [File not signed]
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-31] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-03-26] (Paramount Software UK Ltd)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-05-31] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [31024 2012-03-07] (Windows ® Win 7 DDK provider)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [23480 2013-10-01] (Christian Gulden)
S3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-11-07] (microOLAP Technologies LTD)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [114080 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [42912 2009-07-13] (Realtek)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [438376 2012-05-25] (Realtek Semiconductor Corporation                           )
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
R2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138}; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [146928 2010-07-30] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Emer\AppData\Local\Temp\ATICDSDr.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 01:58 - 2015-01-15 01:58 - 00036867 _____ () C:\Users\Emer\Desktop\FRST.txt
2015-01-15 01:08 - 2015-01-15 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-14 20:38 - 2015-01-15 01:58 - 00000000 ____D () C:\FRST
2015-01-14 20:35 - 2015-01-14 20:35 - 02125312 _____ (Farbar) C:\Users\Emer\Desktop\FRST64.exe
2015-01-14 19:43 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:43 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:43 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:43 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:42 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:42 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:42 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:42 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:39 - 2015-01-15 01:10 - 00000000 ____D () C:\Users\Emer\Documents\Bleeping.com
2015-01-13 17:46 - 2015-01-13 17:46 - 00000000 __SHD () C:\found.001
2015-01-13 16:03 - 2015-01-13 16:03 - 00000572 _____ () C:\Windows\system32\.crusader
2015-01-13 15:53 - 2015-01-13 15:52 - 00000632 _____ () C:\Users\Emer\Desktop\JRT.txt
2015-01-13 11:51 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-01-13 11:51 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-01-12 22:40 - 2015-01-12 22:40 - 00000000 ____D () C:\Users\Emer\53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2015-01-12 22:07 - 2015-01-12 22:09 - 178299256 _____ () C:\Users\Emer\Downloads\Camtasia Studio 7 Full - Español.rar
2015-01-12 20:46 - 2015-01-12 20:46 - 00275736 _____ () C:\Windows\Minidump\011215-20311-01.dmp
2015-01-12 17:41 - 2015-01-12 17:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-12 17:41 - 2015-01-12 17:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\HardDiskSentinel
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Hard Disk Sentinel
2015-01-11 23:50 - 2015-01-11 23:50 - 00001007 _____ () C:\Users\Emer\Desktop\Hard Disk Sentinel.lnk
2015-01-11 23:50 - 2015-01-11 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2015-01-11 23:45 - 2015-01-12 15:19 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-01-11 18:49 - 2015-01-11 18:50 - 00000000 ____D () C:\Users\Emer\Documents\seagate drive
2015-01-11 13:36 - 2015-01-11 13:36 - 00001047 _____ () C:\Users\Emer\Desktop\DiskCheckup.lnk
2015-01-11 13:36 - 2015-01-11 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2015-01-11 13:35 - 2015-01-11 18:39 - 00000000 ____D () C:\Program Files (x86)\DiskCheckup
2015-01-02 12:48 - 2015-01-02 12:48 - 00275736 _____ () C:\Windows\Minidump\010215-23415-01.dmp
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-25 11:05 - 2014-12-25 11:05 - 00275736 _____ () C:\Windows\Minidump\122514-21091-01.dmp
2014-12-18 23:06 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 23:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:41 - 2014-11-29 00:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 01:51 - 2013-12-28 14:27 - 00000000 ____D () C:\Windows\CryptoGuard
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\ProgramData\TechSmith
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-01-15 01:41 - 2014-03-29 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 01:31 - 2014-11-14 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0004952f56bb5.job
2015-01-15 01:31 - 2014-05-06 17:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf694dedc7fcd3.job
2015-01-15 01:21 - 2012-02-03 11:59 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\KeePass
2015-01-15 01:10 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 01:10 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 01:08 - 2014-03-11 12:12 - 00001763 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2015-01-15 01:06 - 2014-02-13 13:41 - 01283179 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 01:03 - 2014-12-08 12:04 - 00003584 _____ () C:\Windows\setupact.log
2015-01-15 01:03 - 2012-02-11 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 01:03 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 01:02 - 2011-10-13 23:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-14 21:50 - 2009-07-14 05:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 20:10 - 2011-10-14 16:05 - 00770404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 19:51 - 2013-07-11 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:43 - 2011-10-13 14:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:25 - 2013-04-18 19:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-14 16:24 - 2014-12-08 12:04 - 00029366 _____ () C:\Windows\PFRO.log
2015-01-14 14:41 - 2013-04-29 01:07 - 00000000 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:58 - 2011-10-13 22:06 - 00000000 ____D () C:\Users\Emer\Documents\Outlook Files
2015-01-14 13:53 - 2011-10-29 00:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-13 16:32 - 2012-03-21 15:45 - 00000000 ____D () C:\Users\Emer\AppData\Local\CrashDumps
2015-01-13 16:03 - 2014-05-04 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 15:40 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\DMCache
2015-01-13 15:32 - 2013-07-08 23:42 - 00000000 ____D () C:\VIPRERESCUE
2015-01-13 01:18 - 2011-10-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-01-13 00:10 - 2011-10-13 23:06 - 00078489 _____ () C:\Windows\system32\lvcoinst.log
2015-01-12 22:40 - 2011-10-13 14:09 - 00000000 ____D () C:\Users\Emer
2015-01-12 21:56 - 2014-08-26 21:40 - 00000000 ____D () C:\Users\Emer\AppData\Local\Adobe
2015-01-12 21:51 - 2011-10-18 09:42 - 00001013 _____ () C:\Users\Emer\Desktop\Internet Download Manager.lnk
2015-01-12 21:43 - 2012-02-19 16:19 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\vlc
2015-01-12 20:46 - 2014-12-09 13:08 - 662077080 _____ () C:\Windows\MEMORY.DMP
2015-01-12 20:46 - 2011-10-14 14:14 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 19:54 - 2014-03-28 16:41 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 19:23 - 2014-03-28 16:26 - 00000000 ____D () C:\AdwCleaner
2015-01-12 17:33 - 2011-10-13 18:42 - 00000000 ____D () C:\Users\Emer\AppData\Local\TechSmith
2015-01-12 14:57 - 2013-11-18 13:21 - 00000000 ____D () C:\Users\Emer\Documents\Rebecca
2015-01-12 14:56 - 2011-10-14 16:27 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Skype
2015-01-11 17:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 16:27 - 2011-11-07 16:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-11 16:27 - 2011-11-07 16:44 - 00000000 ____D () C:\Program Files\Speccy
2015-01-10 15:23 - 2014-05-04 13:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-10 15:23 - 2012-05-14 10:51 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\ArcSoft
2015-01-10 15:23 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 16:13 - 2012-05-18 14:57 - 00000000 ____D () C:\Users\Emer\Documents\SarahRose
2014-12-30 17:41 - 2014-01-06 16:03 - 00000000 ____D () C:\Users\Emer\Documents\Winzip payment
2014-12-30 16:49 - 2013-01-03 14:03 - 00000000 ____D () C:\Users\Emer\Documents\Kate Elson
2014-12-28 01:28 - 2011-11-07 13:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-12-27 18:20 - 2014-12-03 15:39 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:39 - 00000899 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:37 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 10
2014-12-27 15:40 - 2014-10-27 16:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 15:40 - 2013-10-21 12:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:40 - 2012-03-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 15:39 - 2012-05-20 13:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-22 13:57 - 2013-09-20 13:48 - 00000000 ____D () C:\Users\Emer\Documents\Pensions
2014-12-22 13:41 - 2011-10-16 10:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 13:41 - 2011-10-16 10:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 13:41 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\IDM
2014-12-21 19:28 - 2012-02-25 00:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 19:28 - 2011-10-14 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 11:45 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
 
Files to move or delete:
====================
C:\Users\Emer\cygwin1.dll
C:\Users\Emer\Make ISO.bat
C:\Users\Emer\mkisofs.exe
 
 
Some content of TEMP:
====================
C:\Users\Emer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emer\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\Emer\AppData\Local\Temp\Quarantine.exe
C:\Users\Emer\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Emer at 2015-01-15 01:58:39
Running from C:\Users\Emer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
If these are not the full logs I don't know why as FRST has been scanning "Listing Installed Programs" for hours!  :( 
 

Edited by scopio, 15 January 2015 - 10:47 AM.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 15 January 2015 - 10:46 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 15 January 2015 - 12:40 PM

Please note that I disconnected the second hard dis (F: G: ) which seems to report a fault! I will not be connecting it again.

 

AdwCleaner log;

# AdwCleaner v4.107 - Report created 15/01/2015 at 16:08:24
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Emer - EMER-PC
# Running from : C:\Users\Emer\Desktop\AdwCleaner_2.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.99
 
 
*************************
 
AdwCleaner[R0].txt - [4099 octets] - [28/03/2014 16:26:33]
AdwCleaner[R1].txt - [3383 octets] - [24/06/2014 14:44:35]
AdwCleaner[R2].txt - [1470 octets] - [10/11/2014 14:21:48]
AdwCleaner[R3].txt - [3522 octets] - [12/01/2015 19:08:18]
AdwCleaner[R4].txt - [1880 octets] - [15/01/2015 16:05:47]
AdwCleaner[S0].txt - [4174 octets] - [28/03/2014 16:30:28]
AdwCleaner[S1].txt - [3317 octets] - [24/06/2014 14:46:53]
AdwCleaner[S2].txt - [1494 octets] - [10/11/2014 14:24:38]
AdwCleaner[S3].txt - [3637 octets] - [12/01/2015 19:22:45]
AdwCleaner[S4].txt - [1805 octets] - [15/01/2015 16:08:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1865 octets] ##########
 
Malwarebytes log;
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: Thu/15/01/2015
Scan Time: 16:27:39
Logfile: Malwarebytes log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.15.09
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Emer
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355240
Time Elapsed: 29 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
JRT Log;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Emer on Thu/15/01/2015 at 17:03:20.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu/15/01/2015 at 17:11:08.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST logs;
Again FRST did not shut down by itself, it continued scanning "Listing Installed Programs" for a long time so I had to close it via Task Manager!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Emer (administrator) on EMER-PC on 15-01-2015 17:14:53
Running from C:\Users\Emer\Desktop
Loaded Profiles: Emer (Available profiles: Emer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\MountPoints2: {808e5069-f5a2-11e0-ab31-806e6f6e6963} - E:\SmartAccess\bcont.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/O3DPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5 [2014-12-14]
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Netcraft Extension) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-01-12]
CHR Extension: (Google Search) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Chromebleed) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-01-12]
CHR Extension: (SiteAdvisor) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-18]
CHR Extension: (AdBlock Premium) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-12]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-05-18]
CHR Extension: (IDM Integration Module) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S4 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
S4 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-23] (Fork Ltd.) [File not signed]
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-31] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-03-26] (Paramount Software UK Ltd)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
R3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-05-31] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [31024 2012-03-07] (Windows ® Win 7 DDK provider)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [23480 2013-10-01] (Christian Gulden)
S3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-11-07] (microOLAP Technologies LTD)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [114080 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [42912 2009-07-13] (Realtek)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [438376 2012-05-25] (Realtek Semiconductor Corporation                           )
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
R2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138}; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [146928 2010-07-30] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Emer\AppData\Local\Temp\ATICDSDr.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 17:14 - 2015-01-15 17:15 - 00035915 _____ () C:\Users\Emer\Desktop\FRST.txt
2015-01-15 17:11 - 2015-01-15 17:11 - 00000632 _____ () C:\Users\Emer\Desktop\JRT.txt
2015-01-15 17:01 - 2015-01-15 17:02 - 01707939 _____ (Thisisu) C:\Users\Emer\Desktop\JRT_2.exe
2015-01-15 16:29 - 2015-01-15 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-15 16:04 - 2015-01-15 16:05 - 02191360 _____ () C:\Users\Emer\Desktop\AdwCleaner_2.exe
2015-01-14 20:38 - 2015-01-15 17:14 - 00000000 ____D () C:\FRST
2015-01-14 20:35 - 2015-01-14 20:35 - 02125312 _____ (Farbar) C:\Users\Emer\Desktop\FRST64.exe
2015-01-14 19:43 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:43 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:43 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:43 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:42 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:42 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:42 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:42 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:39 - 2015-01-15 15:44 - 00000000 ____D () C:\Users\Emer\Documents\Bleeping.com
2015-01-13 17:46 - 2015-01-13 17:46 - 00000000 __SHD () C:\found.001
2015-01-13 16:03 - 2015-01-13 16:03 - 00000572 _____ () C:\Windows\system32\.crusader
2015-01-13 11:51 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-01-13 11:51 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-01-12 22:40 - 2015-01-12 22:40 - 00000000 ____D () C:\Users\Emer\53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2015-01-12 22:07 - 2015-01-12 22:09 - 178299256 _____ () C:\Users\Emer\Downloads\Camtasia Studio 7 Full - Español.rar
2015-01-12 20:46 - 2015-01-12 20:46 - 00275736 _____ () C:\Windows\Minidump\011215-20311-01.dmp
2015-01-12 17:41 - 2015-01-12 17:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-12 17:41 - 2015-01-12 17:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\HardDiskSentinel
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Hard Disk Sentinel
2015-01-11 23:50 - 2015-01-11 23:50 - 00001007 _____ () C:\Users\Emer\Desktop\Hard Disk Sentinel.lnk
2015-01-11 23:50 - 2015-01-11 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2015-01-11 23:45 - 2015-01-12 15:19 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-01-11 18:49 - 2015-01-11 18:50 - 00000000 ____D () C:\Users\Emer\Documents\seagate drive
2015-01-11 13:36 - 2015-01-11 13:36 - 00001047 _____ () C:\Users\Emer\Desktop\DiskCheckup.lnk
2015-01-11 13:36 - 2015-01-11 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2015-01-11 13:35 - 2015-01-11 18:39 - 00000000 ____D () C:\Program Files (x86)\DiskCheckup
2015-01-02 12:48 - 2015-01-02 12:48 - 00275736 _____ () C:\Windows\Minidump\010215-23415-01.dmp
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-25 11:05 - 2014-12-25 11:05 - 00275736 _____ () C:\Windows\Minidump\122514-21091-01.dmp
2014-12-18 23:06 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 23:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:41 - 2014-11-29 00:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 16:44 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\DMCache
2015-01-15 16:31 - 2014-11-14 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0004952f56bb5.job
2015-01-15 16:31 - 2014-05-06 17:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf694dedc7fcd3.job
2015-01-15 16:30 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:30 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:29 - 2014-03-11 12:12 - 00001763 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2015-01-15 16:29 - 2014-02-13 13:41 - 01321820 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:29 - 2013-12-28 14:27 - 00000000 ____D () C:\Windows\CryptoGuard
2015-01-15 16:24 - 2014-03-29 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 16:24 - 2012-02-11 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 16:23 - 2014-12-08 12:04 - 00003696 _____ () C:\Windows\setupact.log
2015-01-15 16:23 - 2011-10-13 23:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-15 16:23 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 16:22 - 2014-12-08 12:04 - 00030236 _____ () C:\Windows\PFRO.log
2015-01-15 16:22 - 2014-03-28 16:26 - 00000000 ____D () C:\AdwCleaner
2015-01-15 16:08 - 2012-02-03 11:59 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\KeePass
2015-01-15 16:08 - 2011-10-13 22:06 - 00000000 ____D () C:\Users\Emer\Documents\Outlook Files
2015-01-15 16:08 - 2009-07-14 05:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\ProgramData\TechSmith
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-01-14 20:10 - 2011-10-14 16:05 - 00770404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 19:51 - 2013-07-11 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:43 - 2011-10-13 14:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:25 - 2013-04-18 19:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-14 14:41 - 2013-04-29 01:07 - 00000000 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:53 - 2011-10-29 00:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-13 16:32 - 2012-03-21 15:45 - 00000000 ____D () C:\Users\Emer\AppData\Local\CrashDumps
2015-01-13 16:03 - 2014-05-04 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 15:32 - 2013-07-08 23:42 - 00000000 ____D () C:\VIPRERESCUE
2015-01-13 01:18 - 2011-10-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-01-13 00:10 - 2011-10-13 23:06 - 00078489 _____ () C:\Windows\system32\lvcoinst.log
2015-01-12 22:40 - 2011-10-13 14:09 - 00000000 ____D () C:\Users\Emer
2015-01-12 21:56 - 2014-08-26 21:40 - 00000000 ____D () C:\Users\Emer\AppData\Local\Adobe
2015-01-12 21:51 - 2011-10-18 09:42 - 00001013 _____ () C:\Users\Emer\Desktop\Internet Download Manager.lnk
2015-01-12 21:43 - 2012-02-19 16:19 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\vlc
2015-01-12 20:46 - 2014-12-09 13:08 - 662077080 _____ () C:\Windows\MEMORY.DMP
2015-01-12 20:46 - 2011-10-14 14:14 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 19:54 - 2014-03-28 16:41 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 17:33 - 2011-10-13 18:42 - 00000000 ____D () C:\Users\Emer\AppData\Local\TechSmith
2015-01-12 14:57 - 2013-11-18 13:21 - 00000000 ____D () C:\Users\Emer\Documents\Rebecca
2015-01-12 14:56 - 2011-10-14 16:27 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Skype
2015-01-11 17:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 16:27 - 2011-11-07 16:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-11 16:27 - 2011-11-07 16:44 - 00000000 ____D () C:\Program Files\Speccy
2015-01-10 15:23 - 2014-05-04 13:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-10 15:23 - 2012-05-14 10:51 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\ArcSoft
2015-01-10 15:23 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 16:13 - 2012-05-18 14:57 - 00000000 ____D () C:\Users\Emer\Documents\SarahRose
2014-12-30 17:41 - 2014-01-06 16:03 - 00000000 ____D () C:\Users\Emer\Documents\Winzip payment
2014-12-30 16:49 - 2013-01-03 14:03 - 00000000 ____D () C:\Users\Emer\Documents\Kate Elson
2014-12-28 01:28 - 2011-11-07 13:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-12-27 18:20 - 2014-12-03 15:39 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:39 - 00000899 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:37 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 10
2014-12-27 15:40 - 2014-10-27 16:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 15:40 - 2013-10-21 12:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:40 - 2012-03-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 15:39 - 2012-05-20 13:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-22 13:57 - 2013-09-20 13:48 - 00000000 ____D () C:\Users\Emer\Documents\Pensions
2014-12-22 13:41 - 2011-10-16 10:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 13:41 - 2011-10-16 10:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 13:41 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\IDM
2014-12-21 19:28 - 2012-02-25 00:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 19:28 - 2011-10-14 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 11:45 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
 
Files to move or delete:
====================
C:\Users\Emer\cygwin1.dll
C:\Users\Emer\Make ISO.bat
C:\Users\Emer\mkisofs.exe
 
 
Some content of TEMP:
====================
C:\Users\Emer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emer\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\Emer\AppData\Local\Temp\Quarantine.exe
C:\Users\Emer\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Emer at 2015-01-15 17:15:20
Running from C:\Users\Emer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 15 January 2015 - 02:03 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\MountPoints2: {808e5069-f5a2-11e0-ab31-806e6f6e6963} - E:\SmartAccess\bcont.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini ()
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
    Hosts: Hosts file not detected in the default directory
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
    C:\Users\Emer\cygwin1.dll
    C:\Users\Emer\Make ISO.bat
    C:\Users\Emer\mkisofs.exe
    Emptytemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 15 January 2015 - 07:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by Emer at 2015-01-15 20:07:22 Run:1
Running from C:\Users\Emer\Desktop
Loaded Profiles: Emer (Available profiles: Emer)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\MountPoints2: {808e5069-f5a2-11e0-ab31-806e6f6e6963} - E:\SmartAccess\bcont.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini ()
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Hosts: Hosts file not detected in the default directory
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
C:\Users\Emer\cygwin1.dll
C:\Users\Emer\Make ISO.bat
C:\Users\Emer\mkisofs.exe
Emptytemp:
*****************
 
"HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808e5069-f5a2-11e0-ab31-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{808e5069-f5a2-11e0-ab31-806e6f6e6963} => Key not found. 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(15877).ini => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Key not found. 
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
C:\Users\Emer\cygwin1.dll => Moved successfully.
C:\Users\Emer\Make ISO.bat => Moved successfully.
C:\Users\Emer\mkisofs.exe => Moved successfully.
EmptyTemp: => Removed 123.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:07:26 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by Emer (administrator) on EMER-PC on 15-01-2015 23:39:44
Running from C:\Users\Emer\Desktop
Loaded Profiles: Emer (Available profiles: Emer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> DefaultScope {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2998714003-4165445360-1002644601-1001 -> {BA2D4886-3C73-4EBC-B5C4-355E248288C7} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20130418&p={SearchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @talk.google.com/O3DPlugin -> C:\Users\Emer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2998714003-4165445360-1002644601-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Emer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Emer\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5 [2014-12-14]
FF HKU\S-1-5-21-2998714003-4165445360-1002644601-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Emer\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Netcraft Extension) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-01-12]
CHR Extension: (Google Search) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Chromebleed) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-01-12]
CHR Extension: (AdBlock Premium) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-12]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-05-18]
CHR Extension: (IDM Integration Module) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Emer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S4 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
S4 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-23] (Fork Ltd.) [File not signed]
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
S4 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-05-31] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-03-26] (Paramount Software UK Ltd)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer 10\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2x64.sys [21504 2007-10-15] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-05-31] ()
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [31024 2012-03-07] (Windows ® Win 7 DDK provider)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [23480 2013-10-01] (Christian Gulden)
S3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-11-07] (microOLAP Technologies LTD)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [114080 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [42912 2009-07-13] (Realtek)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [438376 2012-05-25] (Realtek Semiconductor Corporation                           )
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
R2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138}; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [146928 2010-07-30] (CyberLink Corp.)
S3 ATICDSDr; \??\C:\Users\Emer\AppData\Local\Temp\ATICDSDr.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 23:39 - 2015-01-15 23:39 - 00036357 _____ () C:\Users\Emer\Desktop\FRST.txt
2015-01-15 23:34 - 2015-01-15 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-15 20:18 - 2015-01-15 20:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-15 20:17 - 2015-01-15 20:17 - 02347384 _____ (ESET) C:\Users\Emer\Desktop\esetsmartinstaller_enu.exe
2015-01-15 17:11 - 2015-01-15 17:11 - 00000632 _____ () C:\Users\Emer\Desktop\JRT.txt
2015-01-15 17:01 - 2015-01-15 17:02 - 01707939 _____ (Thisisu) C:\Users\Emer\Desktop\JRT_2.exe
2015-01-15 16:04 - 2015-01-15 16:05 - 02191360 _____ () C:\Users\Emer\Desktop\AdwCleaner_2.exe
2015-01-14 20:38 - 2015-01-15 23:39 - 00000000 ____D () C:\FRST
2015-01-14 20:35 - 2015-01-14 20:35 - 02125312 _____ (Farbar) C:\Users\Emer\Desktop\FRST64.exe
2015-01-14 19:43 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:43 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:43 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:43 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:43 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:42 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 19:42 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 19:42 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 19:42 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 19:42 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:42 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:39 - 2015-01-15 17:50 - 00000000 ____D () C:\Users\Emer\Documents\Bleeping.com
2015-01-13 17:46 - 2015-01-13 17:46 - 00000000 __SHD () C:\found.001
2015-01-13 16:03 - 2015-01-13 16:03 - 00000572 _____ () C:\Windows\system32\.crusader
2015-01-13 11:51 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-01-13 11:51 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-01-12 22:40 - 2015-01-12 22:40 - 00000000 ____D () C:\Users\Emer\53FA9A9F3C194D43AD6BDEF365D469BA.TMP
2015-01-12 22:07 - 2015-01-12 22:09 - 178299256 _____ () C:\Users\Emer\Downloads\Camtasia Studio 7 Full - Español.rar
2015-01-12 20:46 - 2015-01-12 20:46 - 00275736 _____ () C:\Windows\Minidump\011215-20311-01.dmp
2015-01-12 17:41 - 2015-01-12 17:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-12 17:41 - 2015-01-12 17:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Windows\System32\Tasks\HardDiskSentinel
2015-01-11 23:54 - 2015-01-11 23:54 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Hard Disk Sentinel
2015-01-11 23:50 - 2015-01-11 23:50 - 00001007 _____ () C:\Users\Emer\Desktop\Hard Disk Sentinel.lnk
2015-01-11 23:50 - 2015-01-11 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2015-01-11 23:45 - 2015-01-12 15:19 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-01-11 18:49 - 2015-01-11 18:50 - 00000000 ____D () C:\Users\Emer\Documents\seagate drive
2015-01-11 13:36 - 2015-01-11 13:36 - 00001047 _____ () C:\Users\Emer\Desktop\DiskCheckup.lnk
2015-01-11 13:36 - 2015-01-11 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2015-01-11 13:35 - 2015-01-11 18:39 - 00000000 ____D () C:\Program Files (x86)\DiskCheckup
2015-01-02 12:48 - 2015-01-02 12:48 - 00275736 _____ () C:\Windows\Minidump\010215-23415-01.dmp
2014-12-27 15:39 - 2014-12-27 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-25 11:05 - 2014-12-25 11:05 - 00275736 _____ () C:\Windows\Minidump\122514-21091-01.dmp
2014-12-18 23:06 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 23:06 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 12:41 - 2014-11-29 00:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 23:37 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:37 - 2009-07-14 04:45 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:34 - 2014-03-11 12:12 - 00001763 _____ () C:\Users\Public\Desktop\Plusnet Protect.lnk
2015-01-15 23:34 - 2013-12-28 14:27 - 00000000 ____D () C:\Windows\CryptoGuard
2015-01-15 23:33 - 2014-02-13 13:41 - 01339726 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 23:31 - 2014-11-14 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0004952f56bb5.job
2015-01-15 23:31 - 2014-05-06 17:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf694dedc7fcd3.job
2015-01-15 23:29 - 2014-03-29 11:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 23:29 - 2012-02-11 15:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 23:28 - 2014-12-08 12:04 - 00003864 _____ () C:\Windows\setupact.log
2015-01-15 23:28 - 2011-10-13 23:06 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-15 23:28 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 23:25 - 2011-10-13 22:06 - 00000000 ____D () C:\Users\Emer\Documents\Outlook Files
2015-01-15 20:12 - 2014-12-08 12:04 - 00030852 _____ () C:\Windows\PFRO.log
2015-01-15 20:11 - 2012-02-03 11:59 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\KeePass
2015-01-15 20:11 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\DMCache
2015-01-15 20:07 - 2011-10-13 14:09 - 00000000 ____D () C:\Users\Emer
2015-01-15 16:22 - 2014-03-28 16:26 - 00000000 ____D () C:\AdwCleaner
2015-01-15 16:08 - 2009-07-14 05:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\ProgramData\TechSmith
2015-01-15 01:51 - 2011-10-15 14:45 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-01-14 20:10 - 2011-10-14 16:05 - 00770404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 19:51 - 2013-07-11 10:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:43 - 2011-10-13 14:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:25 - 2013-04-18 19:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-14 14:41 - 2013-04-29 01:07 - 00000000 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 13:53 - 2011-10-29 00:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-13 16:32 - 2012-03-21 15:45 - 00000000 ____D () C:\Users\Emer\AppData\Local\CrashDumps
2015-01-13 16:03 - 2014-05-04 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 15:32 - 2013-07-08 23:42 - 00000000 ____D () C:\VIPRERESCUE
2015-01-13 01:18 - 2011-10-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-01-13 00:10 - 2011-10-13 23:06 - 00078489 _____ () C:\Windows\system32\lvcoinst.log
2015-01-12 21:56 - 2014-08-26 21:40 - 00000000 ____D () C:\Users\Emer\AppData\Local\Adobe
2015-01-12 21:51 - 2011-10-18 09:42 - 00001013 _____ () C:\Users\Emer\Desktop\Internet Download Manager.lnk
2015-01-12 21:43 - 2012-02-19 16:19 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\vlc
2015-01-12 20:46 - 2014-12-09 13:08 - 662077080 _____ () C:\Windows\MEMORY.DMP
2015-01-12 20:46 - 2011-10-14 14:14 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 19:54 - 2014-03-28 16:41 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-01-12 17:33 - 2011-10-13 18:42 - 00000000 ____D () C:\Users\Emer\AppData\Local\TechSmith
2015-01-12 14:57 - 2013-11-18 13:21 - 00000000 ____D () C:\Users\Emer\Documents\Rebecca
2015-01-12 14:56 - 2011-10-14 16:27 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\Skype
2015-01-11 17:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 16:27 - 2011-11-07 16:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-11 16:27 - 2011-11-07 16:44 - 00000000 ____D () C:\Program Files\Speccy
2015-01-10 15:23 - 2014-05-04 13:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-10 15:23 - 2012-05-14 10:51 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\ArcSoft
2015-01-10 15:23 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-04 16:13 - 2012-05-18 14:57 - 00000000 ____D () C:\Users\Emer\Documents\SarahRose
2014-12-30 17:41 - 2014-01-06 16:03 - 00000000 ____D () C:\Users\Emer\Documents\Winzip payment
2014-12-30 16:49 - 2013-01-03 14:03 - 00000000 ____D () C:\Users\Emer\Documents\Kate Elson
2014-12-28 01:28 - 2011-11-07 13:06 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-12-27 18:20 - 2014-12-03 15:39 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:39 - 00000899 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-27 18:20 - 2014-12-03 15:37 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 10
2014-12-27 15:40 - 2014-10-27 16:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 15:40 - 2013-10-21 12:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 15:40 - 2012-03-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 15:39 - 2012-05-20 13:52 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-22 13:57 - 2013-09-20 13:48 - 00000000 ____D () C:\Users\Emer\Documents\Pensions
2014-12-22 13:41 - 2011-10-16 10:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-22 13:41 - 2011-10-16 10:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-22 13:41 - 2011-10-13 18:31 - 00000000 ____D () C:\Users\Emer\AppData\Roaming\IDM
2014-12-21 19:28 - 2012-02-25 00:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 19:28 - 2011-10-14 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 11:45 - 2013-09-15 11:01 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
I scanned the pc with ESET  Online Scanner which found 12 threats (PUP's)  It took three hours to scan! When it finished the pc went mad opening and closing programs at random very quickly as if it was being controlled remotely, I actually lost control, could not use the mouse and had to shut the pc at the power button!
 
I have rebooted and restarted ESET  Online Scanner again I will post the result when finished scanning.

Edited by scopio, 15 January 2015 - 07:27 PM.


#14 scopio

scopio
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Droitwich UK
  • Local time:02:59 PM

Posted 15 January 2015 - 10:19 PM

Run ESET Online Scanner again after the events that I have stated on my last post above.

 

The scan completed and found no threats so therefore there was the facility to save a List of found threats and save it to the desktop to paste on here.

 

Don't know if the logs are saved on the pc somewhere where I could extract them from, any suggestions?

 

The pc seems to be running OK.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:59 AM

Posted 16 January 2015 - 08:05 AM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users