Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015 Ran by Mayheme1 (administrator) on MAYHEME1-PC on 28-02-2015 19:16:56 Running from C:\Users\Mayheme1\Desktop Loaded Profiles: Mayheme1 (Available profiles: Mayheme1) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\SubliminalMessages.exe (www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (JAM Software) C:\Program Files\JAM Software\TreeSize Free\TreeSizeFree.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe () C:\WinBoard-4.5.2\WinBoard\winboard.exe (Sysinternals - www.sysinternals.com) C:\Users\Mayheme1\Downloads\procexp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKU\S-1-5-21-3105599382-3656226746-3736112976-1001\...\Run: [SubliminalMessages] => C:\Users\Mayheme1\AppData\Roaming\Mind of Winner\Subliminal Messages\SubliminalMessages.exe [958976 2014-04-06] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3105599382-3656226746-3736112976-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3105599382-3656226746-3736112976-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-3105599382-3656226746-3736112976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKU\S-1-5-21-3105599382-3656226746-3736112976-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{28371F2B-6892-4372-AA00-E20B4EA0932E}: [NameServer] 68.94.156.1,68.94.157.1 FireFox: ======== FF ProfilePath: C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Dr.Web Anti-Virus Link Checker - C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2014-01-08] FF Extension: Personas Plus - C:\Users\Mayheme1\AppData\Roaming\Mozilla\Firefox\Profiles\tfohzgt0.default\Extensions\personas@christopher.beard.xpi [2012-12-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4816568 2014-11-10] (Emsisoft GmbH) R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-06-28] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2014-06-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2014-06-28] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-06-28] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2014-06-28] (Emsisoft GmbH) R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761280 2009-09-10] () S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X] U5 CSC; C:\Windows\System32\Drivers\CSC.sys [388096 2010-11-19] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 19:12 - 2015-02-28 19:12 - 00006991 _____ () C:\Users\Mayheme1\Downloads\System Idle Process.txt 2015-02-28 19:01 - 2015-02-28 19:01 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mayheme1\Downloads\procexp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 19:17 - 2014-10-05 07:45 - 00022624 _____ () C:\Users\Mayheme1\Desktop\FRST.txt 2015-02-28 19:17 - 2014-05-23 21:40 - 00000000 ____D () C:\FRST 2015-02-28 19:16 - 2014-05-30 21:33 - 00000000 ____D () C:\Users\Mayheme1\Desktop\FRST-OlderVersion 2015-02-28 19:16 - 2014-05-23 21:36 - 01132032 _____ (Farbar) C:\Users\Mayheme1\Desktop\FRST.exe 2015-02-28 18:57 - 2014-11-08 20:26 - 00007791 _____ () C:\Users\Mayheme1\Desktop\comp2.txt 2015-02-28 18:56 - 2010-02-01 01:15 - 01975937 _____ () C:\Windows\WindowsUpdate.log 2015-02-28 09:56 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-25 21:24 - 2011-06-24 13:04 - 00000000 ____D () C:\Users\Mayheme1\Documents\x86 2015-02-25 20:23 - 2011-06-24 12:56 - 00000000 ____D () C:\Program Files\Arena 2015-02-25 18:52 - 2012-07-10 23:04 - 00036934 _____ () C:\Users\Mayheme1\Desktop\OTL.Txt 2015-02-25 16:57 - 2014-12-10 18:15 - 00003090 _____ () C:\Windows\setupact.log 2015-02-07 20:08 - 2014-06-27 10:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-17 09:38 ==================== End Of Log ============================