Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by Bethywethy17 (administrator) on BETHANYSDESKTOP on 22-02-2015 12:49:32
Running from C:\Users\Bethywethy17\Downloads
Loaded Profiles: Bethywethy17 (Available profiles: Bethywethy17)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Bethywethy17\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Netflix, Inc.) C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.9.0.29_x64__mcm4njqhnhss8\Netflix.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\Run: [GoogleChromeAutoLaunch_AB28A3FE9ACDACC7751415F106FDA551] => C:\Users\Bethywethy17\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\RunOnce: [Adobe Speed Launcher] => 1424632789
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\...\MountPoints2: {601ca8e5-9392-11e4-8260-f80f41cb6195} - "G:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3805554956-1740810855-2374541093-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3805554956-1740810855-2374541093-1001 -> {F314CBCA-C0EA-4930-95D5-6FC9A700C560} URL =
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-13]
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2014-04-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-15]
CHR Extension: (YouTube) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-15]
CHR Extension: (Google Search) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]
CHR Extension: (Google Sheets) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-15]
CHR Extension: (Bookmark Manager) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-01]
CHR Extension: (Pin It Button) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR Extension: (Kaspersky Security Scan) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni [2015-02-20]
CHR Extension: (Gmail) - C:\Users\Bethywethy17\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-18] () [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 0205311422818424mcinstcleanup; C:\Windows\TEMP\020531~1.EXE -cleanup -nolog [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 MFE_RR; \??\C:\Users\BETHYW~1\AppData\Local\Temp\mfe_rr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 12:31 - 2015-02-22 12:34 - 00025225 _____ () C:\Users\Bethywethy17\Downloads\Addition.txt
2015-02-22 12:29 - 2015-02-22 12:49 - 00020650 _____ () C:\Users\Bethywethy17\Downloads\FRST.txt
2015-02-22 12:29 - 2015-02-22 12:49 - 00000000 ____D () C:\FRST
2015-02-22 12:28 - 2015-02-22 12:28 - 01126912 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST.exe
2015-02-22 12:25 - 2015-02-22 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-22 12:23 - 2015-02-22 12:23 - 02087424 _____ (Farbar) C:\Users\Bethywethy17\Downloads\FRST64.exe
2015-02-22 02:47 - 2015-02-22 02:47 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2 (1).txt
2015-02-22 02:13 - 2015-02-22 02:14 - 00001052 _____ () C:\Users\Bethywethy17\Downloads\mbscan2.txt
2015-02-22 01:42 - 2015-02-22 01:42 - 00001239 _____ () C:\Users\Bethywethy17\Documents\mbscan2.xml
2015-02-22 01:41 - 2015-02-22 01:41 - 00001052 _____ () C:\Users\Bethywethy17\Documents\mbscan2.txt
2015-02-21 23:17 - 2015-02-21 23:17 - 00001050 _____ () C:\Users\Bethywethy17\Documents\mbscan.txt
2015-02-21 03:24 - 2014-12-31 04:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 03:04 - 2015-02-21 03:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-21 02:49 - 2015-02-21 03:57 - 00000000 ____D () C:\Users\Bethywethy17\Desktop\mbar
2015-02-21 02:35 - 2015-02-21 02:40 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Bethywethy17\Downloads\mbar-1.08.3.1004.exe
2015-02-21 02:31 - 2015-02-21 02:32 - 00000296 _____ () C:\Users\Bethywethy17\Downloads\RootkitRemover_20150221_023146.log
2015-02-21 02:30 - 2015-02-21 02:37 - 00000000 ____D () C:\Users\Bethywethy17\Pavark
2015-02-21 02:30 - 2015-02-21 02:31 - 00783120 _____ (McAfee, Inc.) C:\Users\Bethywethy17\Downloads\rootkitremover.exe
2015-02-21 02:30 - 2015-02-21 02:30 - 00003186 _____ () C:\Windows\System32\Tasks\{C615C728-8B0A-4E50-AC73-46A5F42FF35E}
2015-02-21 02:29 - 2015-02-21 02:44 - 70178632 _____ (Sophos Limited) C:\Users\Bethywethy17\Downloads\Sophos Virus Removal Tool.exe
2015-02-21 01:56 - 2015-02-21 01:56 - 00002468 _____ () C:\Users\Bethywethy17\Desktop\Google Chrome.lnk
2015-02-21 01:56 - 2015-02-21 01:56 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 01:50 - 2015-02-22 12:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 01:49 - 2015-02-21 01:49 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 01:49 - 2015-02-21 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 01:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 01:48 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 01:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieUserList
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieSiteList
2015-02-21 01:19 - 2015-02-21 01:19 - 00000000 __SHD () C:\Users\Bethywethy17\AppData\Local\EmieBrowserModeList
2015-02-20 23:10 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-20 23:10 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-20 19:59 - 2015-02-20 19:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-20 19:42 - 2015-02-21 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-02-20 19:40 - 2015-02-21 00:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-20 19:40 - 2015-02-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-20 19:24 - 2015-02-20 19:24 - 00000000 ___HD () C:\kleaner.tmp
2015-02-20 11:06 - 2015-02-21 01:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 11:06 - 2015-02-20 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 00:09 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 00:09 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 00:09 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 00:09 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 00:09 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 00:09 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 00:09 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 00:09 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 00:09 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 00:09 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 00:09 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 00:09 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 00:09 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 00:09 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 00:09 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 00:09 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 00:09 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 00:09 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 00:09 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 00:09 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 00:09 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 00:09 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 00:09 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 00:09 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 00:09 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 00:09 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 00:09 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 00:09 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 00:09 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 00:09 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 00:06 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 00:06 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 00:06 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 00:06 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 00:06 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 00:06 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 00:06 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 23:59 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 23:59 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 23:59 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 23:58 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 23:58 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 23:58 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 23:58 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 23:58 - 2014-12-08 16:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 23:58 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 23:58 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 23:58 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 23:58 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 23:56 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 23:56 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 23:56 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 23:56 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 23:56 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:55 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-08 05:07 - 2015-02-08 05:22 - 91931728 _____ (The GIMP Team ) C:\Users\Bethywethy17\Downloads\gimp-2.8.14-setup-1.exe
2015-01-30 00:06 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-01-27 20:52 - 2015-02-21 03:01 - 00005120 ___SH () C:\Users\Bethywethy17\Desktop\Thumbs.db
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 12:49 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Pokki
2015-02-22 12:30 - 2014-12-15 20:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3805554956-1740810855-2374541093-1001
2015-02-22 12:30 - 2014-06-26 23:04 - 01783282 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 12:23 - 2014-12-15 20:40 - 00002350 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-22 12:22 - 2014-03-18 02:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 12:19 - 2014-12-16 16:42 - 00000000 ____D () C:\Users\Bethywethy17\OneDrive
2015-02-22 12:18 - 2014-12-15 20:36 - 00000000 ____D () C:\Users\Bethywethy17
2015-02-22 12:18 - 2014-06-26 23:31 - 00552987 _____ () C:\Windows\SysWOW64\rootpa.e2e
2015-02-22 12:17 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 12:16 - 2013-08-22 07:46 - 00026496 _____ () C:\Windows\setupact.log
2015-02-22 11:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 08:30 - 2014-12-15 20:42 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3BFA3A4-5351-4BB1-A374-CB52400CAB07}
2015-02-21 04:50 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 04:20 - 2014-06-26 23:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-21 04:20 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-21 03:30 - 2014-12-16 22:30 - 00882176 ___SH () C:\Users\Bethywethy17\Downloads\Thumbs.db
2015-02-21 03:26 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-21 02:59 - 2014-03-18 02:39 - 00022450 _____ () C:\Windows\PFRO.log
2015-02-21 02:40 - 2014-12-15 20:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 01:35 - 2014-12-15 20:43 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Deployment
2015-02-21 01:20 - 2014-04-13 22:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-21 01:12 - 2013-08-22 07:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-21 01:03 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee
2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-21 01:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-21 01:03 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\mcafee.com
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\mcafee.com
2015-02-21 01:02 - 2014-04-13 22:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-21 01:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-21 00:52 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration
2015-02-20 06:32 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 04:08 - 2014-12-16 02:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 02:28 - 2014-12-20 02:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-08 05:13 - 2014-12-15 20:37 - 00000000 ____D () C:\Users\Bethywethy17\AppData\Local\Packages
2015-02-03 12:31 - 2014-12-16 05:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 12:31 - 2014-12-16 05:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 03:06 - 2014-12-20 17:31 - 00002427 _____ () C:\Users\Bethywethy17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL.lnk
==================== Files in the root of some directories =======
2014-06-26 23:27 - 2014-06-26 23:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-15 20:50 - 2014-12-15 20:50 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some content of TEMP:
====================
C:\Users\Bethywethy17\AppData\Local\Temp\COMAP.EXE
C:\Users\Bethywethy17\AppData\Local\Temp\oct15C3.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct2069.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct6B88.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct8D03.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\oct9EDB.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\octABD2.tmp.exe
C:\Users\Bethywethy17\AppData\Local\Temp\octF8DF.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-18 02:23
==================== End Of Log ============================