Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MREMP50 NDIS Protocol Driver Unsigned


  • Please log in to reply
17 replies to this topic

#1 buna

buna

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 24 February 2015 - 12:55 PM

Bullguard informed me of Unsigned MREMP50 - 2 copies present.

Malwarebytes (free vn) was all OK.

TDSSKiller shows all OK, including parameters changed to TDLFS file system.

I'm in deep water & don't really know what I'm doing.

Is it correct that MREMP50 can hide malware?

Symptoms are:

Thunderbird slow, sometimes shows multiple entries (every 2 minutes) of drafts when composing messages. Sometimes freezes.

Firefox very slow, sometimes "not responding".

Have uninstalled/reinstalled both Thunderbird & Firefox twice in January 2015.

Broadband Provider is Plusnet.

I would like to get rid of unsigned copies of MREMP50 & think a clean copy will then be installed.

Help please, and be gentle with me!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 01 March 2015 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Mremp50.sys with description PCAUSA NDIS 5.0 MPR Protocol Driver is a driver file from company Printing Communications Assoc., Inc
http://www.runscanner.net/lib/MREMP50.SYS.html

The file is not signed.

===

If you have any issues wth this computer please explain and run this tool.
Post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

#3 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 01 March 2015 - 12:29 PM

Hello nasdaq - thanks v much.

 

FRST.txt log is

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015
Ran by David (administrator) on DAVID-PC on 01-03-2015 15:45:40
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available profiles: David)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_80034f72\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BingBar.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciControlHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1133904 2015-02-18] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2326864 2015-02-18] (BullGuard Ltd.)
HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1193838665-3655751906-3381256662-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1193838665-3655751906-3381256662-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\v30xbmvx.default-1409231163657
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\v30xbmvx.default-1409231163657\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-02]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-26]
FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard [2014-08-20]
FF HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2014-08-20]
FF HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter
FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [705360 2015-02-18] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [520016 2015-02-18] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [130896 2015-02-18] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [361296 2015-02-18] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [643920 2015-02-18] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [600400 2015-02-18] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [450384 2015-02-18] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [238928 2015-02-18] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [331088 2015-02-18] (BullGuard Ltd.)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2009-10-08] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-02-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2009-07-15] (Portrait Displays, Inc.)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_80034f72\STacSV.exe [221273 2008-06-26] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [35024 2014-09-08] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [340688 2014-09-08] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [98608 2014-08-20] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [63584 2014-08-20] (BullGuard Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl773e1885; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5239F65E-F7A5-40CA-AB9C-AAD7E9AEC9EB}\MpKsl773e1885.sys [39464 2015-03-01] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [263432 2015-01-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [21888 2015-01-29] (BullGuard Ltd.)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17136 2009-07-15] (Portrait Displays, Inc.)
R4 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-27] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-02-12] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-02-12] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-02-12] (IBM Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-02-13] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-09-12] (BitDefender S.R.L.)
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 15:45 - 2015-03-01 15:46 - 00017758 _____ () C:\Users\David\Downloads\FRST.txt
2015-03-01 15:45 - 2015-03-01 15:45 - 00000000 ____D () C:\FRST
2015-03-01 15:43 - 2015-03-01 15:43 - 01132032 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2015-03-01 14:53 - 2015-03-01 14:53 - 00000544 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-03-01 14:50 - 2015-03-01 14:50 - 00000382 _____ () C:\Windows\PFRO.log
2015-02-28 11:43 - 2015-02-28 11:43 - 11530032 _____ (Microsoft Corporation) C:\Users\David\Downloads\mseinstall.exe
2015-02-25 21:54 - 2015-02-27 13:01 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-25 16:38 - 2015-02-25 16:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-24 18:17 - 2015-02-24 20:55 - 00000000 ____D () C:\Qoobox
2015-02-24 18:16 - 2015-02-24 18:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 18:07 - 2015-02-24 18:07 - 02126848 _____ () C:\Users\David\Downloads\AdwCleaner(1).exe
2015-02-24 18:04 - 2015-02-24 18:04 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller(1).exe
2015-02-24 17:59 - 2015-02-24 18:02 - 00002198 _____ () C:\Users\David\Desktop\Rkill.txt
2015-02-24 17:58 - 2015-02-24 17:58 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.com
2015-02-23 17:56 - 2015-02-24 18:09 - 00000000 ____D () C:\AdwCleaner
2015-02-23 17:55 - 2015-02-23 17:55 - 02126848 _____ () C:\Users\David\Downloads\AdwCleaner.exe
2015-02-23 17:45 - 2015-02-23 17:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
2015-02-16 18:25 - 2015-02-28 16:08 - 00047359 _____ () C:\Users\David\Documents\interest calcs Jan 2015.xlsx
2015-02-15 18:04 - 2015-02-15 18:04 - 00046002 _____ () C:\Users\David\Documents\interest calcs Jan 2014..xlsx
2015-02-15 18:04 - 2015-02-15 18:04 - 00000165 ____H () C:\Users\David\Documents\~$interest calcs Jan 2014..xlsx
2015-02-15 16:36 - 2015-02-15 16:36 - 00000000 ____D () C:\ProgramData\Uniblue
2015-02-13 12:04 - 2015-01-23 03:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 12:04 - 2015-01-23 02:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 12:42 - 2014-11-26 02:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 12:41 - 2015-01-09 00:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 12:39 - 2015-01-13 01:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 12:24 - 2015-01-15 04:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 12:16 - 2015-02-12 12:16 - 00000000 ____D () C:\Windows\Temp9F44B1BD-51C8-C8D8-E277-1400183D4A17-Signatures
2015-02-12 12:08 - 2014-12-08 01:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 10:00 - 2015-02-12 10:00 - 00208856 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2015-02-11 17:22 - 2015-01-14 01:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:22 - 2015-01-14 01:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 17:22 - 2015-01-14 01:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:22 - 2015-01-14 01:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:22 - 2015-01-14 01:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:22 - 2015-01-14 01:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:22 - 2015-01-14 01:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:22 - 2015-01-14 01:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:22 - 2015-01-14 01:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:22 - 2015-01-14 01:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 17:22 - 2015-01-14 01:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 17:22 - 2015-01-14 01:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 17:22 - 2015-01-14 01:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 17:22 - 2015-01-14 01:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 17:22 - 2015-01-14 01:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 15:45 - 2010-02-14 15:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:43 - 2012-06-19 16:27 - 00000000 ____D () C:\ProgramData\BullGuard
2015-03-01 15:42 - 2006-11-02 10:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 14:59 - 2014-10-17 14:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-01 14:58 - 2009-02-17 01:02 - 01793271 _____ () C:\Windows\WindowsUpdate.log
2015-03-01 14:54 - 2014-06-11 12:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-03-01 14:51 - 2010-02-14 15:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 14:50 - 2014-03-14 16:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-01 14:50 - 2009-02-20 16:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-01 14:50 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 14:50 - 2006-11-02 12:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 14:50 - 2006-11-02 12:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 22:12 - 2012-06-19 16:54 - 00168256 _____ () C:\Windows\system32\config\afw_db.conf
2015-02-28 22:12 - 2012-06-19 16:54 - 00000356 _____ () C:\Windows\system32\config\afw_hm.conf
2015-02-28 22:12 - 2006-11-02 13:01 - 00032670 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-28 22:04 - 2012-06-19 16:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\BullGuard
2015-02-28 17:40 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\tracing
2015-02-28 13:08 - 2014-07-02 14:14 - 00002198 _____ () C:\Windows\epplauncher.mif
2015-02-27 12:53 - 2013-09-18 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-02-24 18:35 - 2006-11-02 11:18 - 00000000 __RHD () C:\Users\Default
2015-02-24 18:35 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2015-02-24 18:31 - 2014-07-25 13:31 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-02-22 17:16 - 2009-02-20 15:12 - 00102424 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 17:15 - 2006-11-02 12:47 - 00381928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-20 17:49 - 2014-07-01 15:09 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 13:33 - 2013-09-12 15:25 - 00140280 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2015-02-18 13:33 - 2013-09-12 15:25 - 00064336 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2015-02-17 16:10 - 2009-02-20 15:11 - 00000000 ____D () C:\Users\David
2015-02-16 18:32 - 2013-02-05 21:02 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 16:31 - 2014-03-14 16:09 - 00046450 _____ () C:\Users\David\Documents\interest calcs Jan 2014.xlsx
2015-02-15 16:28 - 2014-02-24 22:50 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-02-13 12:05 - 2014-07-14 13:21 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-13 12:04 - 2014-07-14 13:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-13 11:58 - 2014-02-24 22:50 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-13 04:48 - 2013-08-21 11:45 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 04:43 - 2006-11-02 10:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 12:47 - 2014-07-02 13:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 12:42 - 2009-03-21 17:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 15:59 - 2014-10-17 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 15:59 - 2014-10-17 14:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 16:41 - 2012-06-19 14:40 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2009-07-29 10:27 - 2009-12-13 21:42 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\David\AppData\Roaming\DataSafeDotNet.exe
2009-02-26 16:04 - 2011-11-09 22:37 - 0000480 _____ () C:\Users\David\AppData\Roaming\wklnhst.dat
2009-07-20 13:30 - 2009-07-20 13:28 - 0809144 _____ () C:\Users\David\AppData\Local\Alzheimers Society SO form.JPG
2010-04-12 21:20 - 2014-01-17 13:09 - 0001356 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2009-03-21 17:39 - 2012-02-15 14:50 - 0007680 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-15 19:45 - 2009-07-15 19:45 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat
2009-06-18 15:39 - 2009-06-18 15:39 - 0106577 _____ () C:\Users\David\AppData\Local\Humax Warranty Service.doc.docx
2014-07-02 13:43 - 2014-07-02 13:45 - 0006338 _____ () C:\ProgramData\Install_vcredist64.log
2014-07-02 13:44 - 2014-07-02 13:45 - 0172658 _____ () C:\ProgramData\Install_vcredist64_0_vcRuntimeMinimum_x86.log
2014-07-02 13:45 - 2014-07-02 13:45 - 0225416 _____ () C:\ProgramData\Install_vcredist64_1_vcRuntimeAdditional_x86.log
2014-07-02 13:42 - 2014-07-02 13:49 - 0006856 _____ () C:\ProgramData\Install_vcredist86.log
2014-07-02 13:43 - 2014-07-02 13:48 - 0170308 _____ () C:\ProgramData\Install_vcredist86_0_vcRuntimeMinimum_x86.log
2014-07-02 13:48 - 2014-07-02 13:49 - 0236694 _____ () C:\ProgramData\Install_vcredist86_1_vcRuntimeAdditional_x86.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 15:15

 

I have the other log Addition.txt - I think on my Desktop as Addition - Notepad but can't locate it in the Browse box (just below). I've used Try our uploader and Try our advanced uploader but these don't help me find the file.

 

Since I'm unable at present to attach it I'm pasting it at the bottom.

 

Did you intend me to click on runnerscanner.net/lib/MREMP50.SYS.HTML? I did click on it [after running Farbar Recovery Scanner - sorry!] and it led to the Scan only vn of PC Mechanic 2015 with apparently oodles (866!) of issues. I regularly scan with Bullguard & Malwarebytes (free vn) which show a clean sheet apart from the unsigned vn of MREMP50. So why do I need another tool?

 

System still somewhat erratic, my broadband connection slow to respond although tested at 2.64, 2.89 & 2.90 Mbps. Sartup is quite slow and I have been leaving compuuter switched on but sleeping. Although I have asked for auto updates, these seem to wait for me to close down/restart before appearing. Plusnet advises leaving router on all the time, other advice is to unplug ethernet cable if left on overnight.

 

What is the effect of using the unsigned vn of MREMP50?

 

Apologies for being a noodle.

 

Buna

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-02-2015
Ran by David at 2015-03-01 15:46:54
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader Free Download Packages (HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Adobe Reader Free Download Packages) (Version:  - ) <==== ATTENTION
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AnyRail5 (HKLM\...\AnyRail5 5.17.1) (Version: 5.17.1 - DRail Modelspoor Software)
AnyRail5 (Version: 5.17.1 - DRail Modelspoor Software) Hidden
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0828.2143 - )
Bing Bar (HKLM\...\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}) (Version: 7.1.391.0 - Microsoft Corporation)
BullGuard (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version:  - )
Canon MP830 (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
ccc-core-static (Version: 2008.0828.2144.37162 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 en-GB)) (Version: 31.5.0 - Mozilla)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PerfectSuite Plus (HKLM\...\{ACA283A7-AE25-4D18-BACE-6145DD847D50}) (Version: 1.50.011 - Portrait Displays, Inc.)
Pivot Software (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
Plusnet Assist (HKLM\...\Plusnet Assist) (Version:  - )
Presto! PageManager 7.15.11 (HKLM\...\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}) (Version:  - )
Rapport (Version: 3.5.1404.75 - Trusteer) Hidden
SDK (Version: 2.17.002 - Portrait Displays, Inc.) Hidden
Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
Skins (Version: 2008.0828.2144.37162 - ATI) Hidden
Superscape 3D Control (HKLM\...\Superscape 3D Control) (Version:  - )
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Yahoo Community Smartbar (HKLM\...\{8188AEF6-2A51-421C-BA75-5EB53AAF4271}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\{e6821292-a0fe-4581-9617-87cd52bc4fa8}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION
Yontoo Layers 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - ) <==== ATTENTION
Zoom ADSL USB Modem (HKLM\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: 11.x - Ikanos Communications, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-01-2015 10:57:33 Scheduled Checkpoint
30-01-2015 14:09:21 Scheduled Checkpoint
30-01-2015 20:59:06 Windows Update
02-02-2015 13:03:44 Scheduled Checkpoint
02-02-2015 21:45:20 Windows Update
03-02-2015 13:47:51 Scheduled Checkpoint
05-02-2015 14:28:50 Scheduled Checkpoint
06-02-2015 22:13:23 Scheduled Checkpoint
07-02-2015 14:21:59 Scheduled Checkpoint
07-02-2015 14:42:03 Windows Update
08-02-2015 02:50:54 Scheduled Checkpoint
09-02-2015 14:23:25 Scheduled Checkpoint
10-02-2015 11:52:18 Scheduled Checkpoint
11-02-2015 14:00:11 Windows Update
12-02-2015 12:08:18 Windows Modules Installer
12-02-2015 12:43:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-02-2015 12:46:04 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
13-02-2015 05:57:45 Scheduled Checkpoint
13-02-2015 11:58:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
13-02-2015 12:03:05 Windows Update
14-02-2015 03:00:36 Windows Update
15-02-2015 16:27:13 Removed DriverUpdate
15-02-2015 16:35:44 Uniblue DriverScanner installation
16-02-2015 19:01:47 Scheduled Checkpoint
17-02-2015 22:18:06 Windows Update
18-02-2015 13:14:41 Scheduled Checkpoint
20-02-2015 00:00:00 Scheduled Checkpoint
21-02-2015 11:17:18 Scheduled Checkpoint
21-02-2015 21:29:01 Windows Update
22-02-2015 18:05:09 Scheduled Checkpoint
23-02-2015 14:03:58 Scheduled Checkpoint
27-02-2015 12:52:39 Installed Rapport
27-02-2015 16:58:23 Windows Update
28-02-2015 11:24:19 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-24 20:56 - 2015-02-24 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FCA850E-FDE5-4DF2-9941-9880DF64046D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {24898F54-051C-4166-93B8-E751AB02C26D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {29CB4E13-8A39-432C-8D06-EAB6FEB90EE6} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-2 No Task File <==== ATTENTION
Task: {2C4942FE-A5BD-4EDC-836C-0A7C248C1FD7} - \Speedial No Task File <==== ATTENTION
Task: {2DECCE3F-7051-4A3E-AC92-D187DE81E5B8} - System32\Tasks\{9C48D7AC-197D-4AB8-BE59-528D55EA4431} => pcalua.exe -a C:\Users\David\Downloads\AdobeReaderSetup.exe -d C:\Users\David\Downloads
Task: {30491955-5D45-464E-946B-681DAF5C8534} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-1 No Task File <==== ATTENTION
Task: {355C4A0A-6843-42BC-9B5C-0038723371CF} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {5BD824F8-C424-4B8D-BAC4-54FDB841E680} - System32\Tasks\{BBE84581-9DB9-446C-9D52-0B415486627D} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {5C775D1E-CC58-4AAF-9005-0DE3133FFD4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {6664C8C1-42DA-4A97-91F0-A5508094E9A5} - System32\Tasks\{31E2C766-EED6-4CFC-A43F-EF32A0BF2010} => pcalua.exe -a C:\Users\David\Downloads\CCleanerSetup.exe -d C:\Users\David\Downloads
Task: {688CDAC4-DBDC-400F-8FB6-2E5BA6AB848D} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-3 No Task File <==== ATTENTION
Task: {6D7F1F86-8134-4B3C-9331-A02C8D404710} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {86C644A6-D3D0-4B2F-A742-4EC465D5BF96} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-4 No Task File <==== ATTENTION
Task: {8F73AED3-6CDE-4ABC-AED8-EFA64954F217} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {9A0B229D-4D1F-4845-94A7-F043ABD27B82} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-5_user No Task File <==== ATTENTION
Task: {AEAA4E74-319C-40EF-B181-BF8E6778A658} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-11 No Task File <==== ATTENTION
Task: {B39FAF6F-7A01-4010-A2EE-492F59508F46} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B4429526-B452-4E65-882E-6D82F3810083} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B615C3FD-07C4-4447-A28F-5C6AB05C7BDA} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-5 No Task File <==== ATTENTION
Task: {C66DEBDE-57D2-493A-B58F-BC8C1CBFE968} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-12 15:25 - 2015-02-18 13:29 - 00488784 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2013-09-12 15:25 - 2015-02-18 13:33 - 00074064 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2013-09-12 15:25 - 2015-02-18 13:30 - 00559952 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2013-09-12 15:25 - 2015-02-18 13:30 - 00559952 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2013-09-12 20:59 - 2015-02-18 13:32 - 00021800 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2013-09-12 15:25 - 2015-02-18 13:33 - 00056656 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2013-09-12 15:25 - 2015-02-18 13:33 - 00074064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2010-01-05 15:43 - 2009-10-08 18:10 - 00069632 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
2010-08-04 01:14 - 2011-04-20 00:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-09-12 15:25 - 2015-02-18 13:29 - 00488784 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2013-09-12 20:59 - 2015-02-18 13:33 - 00279848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2013-09-12 20:59 - 2015-02-18 13:32 - 00033064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2009-03-27 16:30 - 2005-10-20 20:16 - 00034304 _____ () C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
2009-03-27 16:30 - 2005-10-20 20:16 - 00064000 _____ () C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
2015-02-05 15:59 - 2015-02-05 15:59 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2015-02-25 21:54 - 2015-02-25 21:54 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-25 21:54 - 2015-02-25 21:54 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-25 21:54 - 2015-02-25 21:54 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\Dellwall1.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== Accounts: =============================

Administrator (S-1-5-21-1193838665-3655751906-3381256662-500 - Administrator - Disabled)
David (S-1-5-21-1193838665-3655751906-3381256662-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1193838665-3655751906-3381256662-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 01:16:50 PM) (Source: ESENT) (EventID: 413) (User: )
Description: BullGuard (3460) BullGuard: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (02/27/2015 01:16:50 PM) (Source: ESENT) (EventID: 488) (User: )
Description: BullGuard (3460) BullGuard: An attempt to create the file "C:\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (02/27/2015 00:52:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93d7cc62-e091-4a9b-b19b-a1fa2339cea8}

Error: (02/26/2015 09:04:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BullGuard.exe version 15.0.0.132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d88
Start Time: 01d04ec32a3b3a14
Termination Time: 16787

Error: (02/22/2015 01:28:42 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (02/22/2015 01:28:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (02/17/2015 02:46:53 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (02/17/2015 02:46:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (02/16/2015 04:36:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (02/16/2015 04:36:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).


System errors:
=============
Error: (03/01/2015 02:54:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (03/01/2015 02:50:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: General Purpose USB Driver (adildr.sys)%%2

Error: (02/28/2015 10:12:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/27/2015 01:05:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.659.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (02/27/2015 00:56:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (02/27/2015 00:49:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: General Purpose USB Driver (adildr.sys)%%2

Error: (02/27/2015 00:48:40 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.64 for the Network Card with network address 002219108E9F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (02/26/2015 09:04:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (02/26/2015 09:04:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/25/2015 10:48:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.193.659.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-01 15:46:42.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:42.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:42.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:41.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:16.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:15.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:15.412
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:15.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:14.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-01 15:46:14.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 68%
Total physical RAM: 3069.22 MB
Available physical RAM: 956.9 MB
Total Pagefile: 6368.73 MB
Available Pagefile: 3773.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:449.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581.1 GB) - (Type=07 NTFS)
 

 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 01 March 2015 - 01:38 PM

Remove these programs using the Add/Remove Programs applet.

Adobe Reader Free Download Packages (HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTION
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Yahoo Community Smartbar (HKLM\...\{8188AEF6-2A51-421C-BA75-5EB53AAF4271}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\...\{e6821292-a0fe-4581-9617-87cd52bc4fa8}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION
Yontoo Layers 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1193838665-3655751906-3381256662-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1193838665-3655751906-3381256662-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-1193838665-3655751906-3381256662-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {29CB4E13-8A39-432C-8D06-EAB6FEB90EE6} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-2 No Task File <==== ATTENTION
Task: {2C4942FE-A5BD-4EDC-836C-0A7C248C1FD7} - \Speedial No Task File <==== ATTENTION
Task: {30491955-5D45-464E-946B-681DAF5C8534} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-1 No Task File <==== ATTENTION
Task: {355C4A0A-6843-42BC-9B5C-0038723371CF} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {688CDAC4-DBDC-400F-8FB6-2E5BA6AB848D} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-3 No Task File <==== ATTENTION
Task: {86C644A6-D3D0-4B2F-A742-4EC465D5BF96} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-4 No Task File <==== ATTENTION
Task: {8F73AED3-6CDE-4ABC-AED8-EFA64954F217} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {9A0B229D-4D1F-4845-94A7-F043ABD27B82} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-5_user No Task File <==== ATTENTION
Task: {AEAA4E74-319C-40EF-B181-BF8E6778A658} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-11 No Task File <==== ATTENTION
Task: {B39FAF6F-7A01-4010-A2EE-492F59508F46} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B4429526-B452-4E65-882E-6D82F3810083} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B615C3FD-07C4-4447-A28F-5C6AB05C7BDA} - \8f4914dd-2e05-48a1-a01c-453ac6d977e3-5 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Get the latest version of the AdwCleaner tool and clean everything that will be found.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now.

Edited by nasdaq, 01 March 2015 - 01:38 PM.


#5 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 01 March 2015 - 04:05 PM

Thanks for all that.

Will do it all tomorrow.

Goodnight.

Buna



#6 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 05 March 2015 - 10:41 AM

Hi nasdaq

Sorry for the delay.

I wasn't able to remove Yahoo Community Smartbar or Yahoo Community Smartbar Engine.

Message "The feature you are trying to use is on a network resource that is unavailable."
"Click OK to try again or enter an alternate path to a folder containing the installation package 'Installer.msi' in the box below."
Use source
C:\Users\David\AppData\Local\Temp\smartbar\
The "Browse" box failed to find Installer.msi.
All programs search for installer.msi gave AnyRail5.17.1 which is a model railway planner I downloaded 19/11/2014 but haven't yet used seriously.

Following your insructions I opened Notepad but was unable to "copy the entire contents of the code box".

How do I highlight this to copy?

Thunderbird seems to be working OK again, Firefox was difficult (crashed) yesterday so I again uninstalled/downloaded a new copy using Chrome, from the official Mozilla page.
Firefox now OK but very slow, could be my broadband connection. However yesterday I watched a catchup TV prgramme via wireless connection and it was perfect. Computer connection is via ethernet cable.

An odd fault on Chrome is that the extreme right hand side of the page displayed (including the button to scroll down) is missing. Last year I had to install a secondhand display board (new apparently no longer available) within the computer but it worker OK and I have a good display - Viewsonic 20.1" 4:3 aspect ratio with rotatable screen.

Thanks again for your help, sorry I'm stuck again!

Buna
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 05 March 2015 - 11:49 AM

I wasn't able to remove Yahoo Community Smartbar or Yahoo Community Smartbar Engine.


Follow the instructions on this page.
http://malwaretips.com/blogs/yahoo-community-smartbar-removal/

===

Download the fixlist.txt file attached.

Run the Farbar tool to clean the computer with it.

Restart the computer when done and post the log.

Let me know what problem persists.

Attached Files



#8 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 10 March 2015 - 03:57 PM

Thanks very much.

Sorry, I've been incredibly busy and unable to follow you instructions; hope to do so later this week.

Thanks again, your help is very much appreciated.

Buna



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 16 March 2015 - 07:06 AM

Are you still with me?

#10 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 16 March 2015 - 07:33 AM

Yes! But trimming trees etc - no action yet.

Sorry.

Buna



#11 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 16 March 2015 - 09:38 AM

Downloaded Revo uninstaller Pro trial vn.

Ran uninstall Community smartbar.

Message "network resource unavailable" as in my post 05/03/2015.

Found leftover Registry items. "Please carefully verify the bolded items.Only checked bolded items and their subitems will be deleted!"

HKEY_CURRENT-USER/Software/MS/Installer

Features bolded 6FEA881815 ...

Products bolded same address

Upgrade codes bolded 5E8031...

 

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Installer

UpgradeCodes bolded 5E8031..

UserData/Components/bolded 016A7206.. and a huge wodge of bolded stuff

 

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion

 

Uninstall bolded {8188aef6 ....}

 

Is it safe to Delete all this (bolded) stuff?

 

Buna



#12 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 16 March 2015 - 10:19 AM

Think that the above was for basic vn of Revo Uninstall.

Now repeated with Revo Uninstaller Pro 3.1.2
Uninstall  Yahoo Community Smartbar
Full Registry backup - done!
System Restore Point - done!
Analyzing and starting the program's built-in uninstaller for the default uninstall.
Scanning mode Moderate selected.
Scan.

Leads to a different vn of Found Leftover Registry items.
I'm invited to Select All/Delete and chose to skip deletion of found leftover Registry entries.
Finish.

 

Now to

Uninstall Yahoo Community Smartbar Engine
Full Registry backup - done!
System Restore Point - done!
Analyzing and starting the program's built-in uninstaller for the default uninstall.
Scanning mode Moderate selected.
Scan.
I'm invited to Select All/Delete and chose to skip deletion of found leftover Registry entries.
Finish.

I supect that no uninstall was performed - I'm scared of doing the deletions without further instrctuions.

Thanks again, and again sorry to be a ninny!

Buna



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 16 March 2015 - 12:53 PM

Uninstall Yahoo Community Smartbar Engine

If you mean this yes you can remove it.

How is the computer running?

#14 buna

buna
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Suffolk United Kingdom
  • Local time:01:16 PM

Posted 16 March 2015 - 05:25 PM

Computer better than when I started, but Firefox still stalls - message "not responding". However recovers quite quickly.

 

I was surprised to find Excel also misbehaving. Thunderbird shows a lot of entries in Drafts as I compose a long email - seems to save a draft every 2 minutes even though I am working on a message. T'bird also loses the cursor sometimes - again quick to recover.

 

Revo uninstall has created system rstore points. I should be able to restore OK if anything goes wrong.

 

Am I safe to delete the "found leftover regisrty entries"? If so, I'll carry on tomorrow.

 

Thanks again

 

Buna



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 17 March 2015 - 07:31 AM

How to configure the AutoRecover settings in Excel.
Read about it.

http://support.microsoft.com/en-us/kb/289273
===

Revo uninstall has created system rstore points. I should be able to restore OK if anything goes wrong.

Yes.

===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users