Inactive Rogue.multiple, several PUM's and lot's of PUP's

Working on a friend's computer for them. It will not connect via wifi and I currently don't have a wired connection so the programs used herein will not update. I currently use a Linux distro on my own system, I know, traitor lol. I discovered the problems using MBAM on the infected system.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Otelia&Terrence (administrator) on CRUSHER (24-02-2018 15:59:42)
Running from C:\Users\Otelia&Terrence\Desktop
Loaded Profiles: Otelia&Terrence (Available Profiles: Otelia&Terrence)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Facebook Inc.) C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Smilebox, Inc.) C:\Users\Otelia&Terrence\AppData\Roaming\Smilebox\SmileboxTray.exe
() C:\Users\Otelia&Terrence\AppData\Local\CommonLauncher.exe
() C:\Program Files (x86)\Download Free Music\Download Free MusicService.exe
(DigitalSoftware Group) C:\Users\Otelia&Terrence\AppData\Local\TraGen.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\NielsenOnline64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2015-01-16] (The Nielsen Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-27] (Google Inc.)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [Facebook Update] => C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-18] (Facebook Inc.)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36207136 2015-02-08] (ooVoo LLC)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [SmileboxTray] => C:\Users\Otelia&Terrence\AppData\Roaming\Smilebox\SmileboxTray.exe [341976 2015-04-23] (Smilebox, Inc.)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [ContentFinder] => C:\Users\Otelia&Terrence\AppData\Local\ContentFinder.exe
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [CommonLauncher] => C:\Users\Otelia&Terrence\AppData\Local\CommonLauncher.exe [210944 2014-03-12] ()
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [Download Free Music] => C:\Program Files (x86)\Download Free Music\Download Free Music.exe [1554120 2015-04-20] (Download Free Music Company)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [Download Free Music Service] => C:\Program Files (x86)\Download Free Music\Download Free MusicService.exe [142536 2015-04-20] ()
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Run: [TraGen] => C:\Users\Otelia&Terrence\AppData\Local\TraGen.exe [126976 2015-04-17] (DigitalSoftware Group)
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\MountPoints2: {da41e2a3-bcc4-11e4-a6a6-f80f410d46bd} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\MountPoints2: {eeb2b477-b1c5-11e4-b0b2-f80f410d46bd} - E:\Windows\AutoRun.exe {E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70} 3.0.0.01 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-22]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Otelia&Terrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2018-02-24]
ShortcutTarget: IMVU.lnk -> C:\Users\Otelia&Terrence\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 02 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 03 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 04 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 05 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 06 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 17 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9 18 C:\Windows\SysWOW64\nvLsp.dll [268832 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Windows\system32\nvLsp64.dll [434208 2009-04-19] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3014522419-3766504801-4221179096-1001 -> DefaultScope {68E1C514-838E-453E-A8CB-3B55E5695D29} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3014522419-3766504801-4221179096-1001 -> {68E1C514-838E-453E-A8CB-3B55E5695D29} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3014522419-3766504801-4221179096-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-22] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-22] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3014522419-3766504801-4221179096-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Otelia&Terrence\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3014522419-3766504801-4221179096-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Otelia&Terrence\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR NewTab: Default -> "chrome-extension://ojkadamghpfiakhmkmibacdgclgmnidd/homepage.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US679D20140326&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default [2018-02-24]
CHR Extension: (Nielsen) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\amebgbgmoldiehbbbjcaoceilcfnniop [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (SiteAdvisor) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-17]
CHR Extension: (Star Stable Online) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-10]
CHR Extension: (Webfetti) - C:\Users\Otelia&Terrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkadamghpfiakhmkmibacdgclgmnidd [2014-07-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]
CHR HKLM-x32\...\Chrome\Extension: [amebgbgmoldiehbbbjcaoceilcfnniop] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-16]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\default_apps\search.crx [2015-04-13]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\default_apps\search.crx [2015-03-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-16] (BitRaider, LLC)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-09-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2934496 2015-01-16] (The Nielsen Company)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-22] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mcpltsvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [15584 2015-01-16] (The Nielsen Company)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-01-16] (BitRaider)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-24] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [26848 2015-01-16] (The Nielsen Company)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S1 umgcnuxe; \??\C:\Windows\system32\drivers\umgcnuxe.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 15:59 - 2018-02-24 16:10 - 000026279 _____ C:\Users\Otelia&Terrence\Desktop\FRST.txt
2018-02-24 15:58 - 2018-02-24 16:10 - 002403328 _____ (Farbar) C:\Users\Otelia&Terrence\Desktop\FRST64.exe
2018-02-24 15:58 - 2018-02-24 15:59 - 000000000 ____D C:\FRST
2018-02-24 15:42 - 2010-11-20 08:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2018-02-24 14:50 - 2018-02-24 14:50 - 000319967 _____ C:\Users\Otelia&Terrence\Documents\mbam.txt
2018-02-24 13:20 - 2018-02-24 13:20 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-24 13:20 - 2018-02-24 13:20 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-24 13:20 - 2018-02-24 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-24 13:20 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-24 12:01 - 2018-02-24 12:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-24 12:01 - 2018-02-24 12:01 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 16:10 - 2014-02-27 18:24 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2018-02-24 16:02 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-24 16:02 - 2009-07-13 23:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-24 15:54 - 2014-10-15 20:32 - 000000000 ____D C:\Users\Otelia&Terrence\AppData\Roaming\IMVU
2018-02-24 15:52 - 2014-03-02 09:28 - 000000000 ____D C:\ProgramData\Kodak
2018-02-24 15:52 - 2014-02-27 18:24 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-02-24 15:52 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-24 15:01 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-24 15:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-24 15:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-24 14:36 - 2014-07-12 17:56 - 000000324 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2018-02-24 14:33 - 2015-04-23 17:42 - 000000000 ____D C:\Program Files (x86)\Download Free Music
2018-02-24 14:30 - 2014-02-27 18:46 - 000000000 ____D C:\Users\Otelia&Terrence\AppData\Roaming\ParetoLogic
2018-02-24 14:30 - 2014-02-27 18:45 - 000000000 ____D C:\ProgramData\ParetoLogic
2018-02-24 14:23 - 2014-11-15 15:59 - 000000000 ____D C:\ProgramData\APN
2018-02-24 14:23 - 2014-06-14 22:23 - 000000000 ____D C:\Users\Otelia&Terrence\AppData\LocalLow\Company
2018-02-24 13:34 - 2014-04-18 09:29 - 000000968 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3014522419-3766504801-4221179096-1001UA.job
2018-02-24 13:11 - 2014-02-27 17:29 - 000000000 ____D C:\Users\Otelia&Terrence
2018-02-24 13:11 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-02-24 13:10 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-02-24 13:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-02-24 13:06 - 2014-02-27 18:23 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-24 13:06 - 2010-08-26 21:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-24 13:00 - 2014-08-30 19:30 - 000000000 ____D C:\ProgramData\Real
2018-02-24 12:50 - 2014-03-05 06:10 - 000000000 ____D C:\Windows\system32\MRT
2018-02-24 12:48 - 2014-02-27 18:46 - 000000514 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2018-02-24 12:18 - 2014-04-11 07:32 - 000000000 __SHD C:\Users\Otelia&Terrence\AppData\LocalLow\EmieUserList
2018-02-24 12:18 - 2014-04-11 07:27 - 000000000 __SHD C:\Users\Otelia&Terrence\AppData\LocalLow\EmieSiteList
2018-02-24 12:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2014-06-14 22:21 - 2014-06-14 22:27 - 000000322 _____ () C:\Users\Otelia&Terrence\AppData\Roaming\aps.uninstall.scan.results
2015-04-23 17:44 - 2015-04-24 02:30 - 000000185 _____ () C:\Users\Otelia&Terrence\AppData\Local\ca.log
2015-04-23 17:42 - 2014-03-12 11:31 - 000210944 _____ () C:\Users\Otelia&Terrence\AppData\Local\CommonLauncher.exe
2014-11-22 08:50 - 2014-11-22 08:50 - 000003584 _____ () C:\Users\Otelia&Terrence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-23 17:44 - 2015-04-24 02:30 - 000076663 _____ () C:\Users\Otelia&Terrence\AppData\Local\gen.txt
2015-04-23 17:42 - 2013-03-18 17:45 - 001122304 _____ (The OpenSSL Project, /index.html) C:\Users\Otelia&Terrence\AppData\Local\libeay32.dll
2015-04-23 17:43 - 2015-04-24 02:30 - 000116061 _____ () C:\Users\Otelia&Terrence\AppData\Local\log.txt
2015-04-23 17:43 - 2011-06-11 00:58 - 000421200 _____ (Microsoft Corporation) C:\Users\Otelia&Terrence\AppData\Local\msvcp100.dll
2015-04-23 17:43 - 2011-06-11 00:58 - 000773968 _____ (Microsoft Corporation) C:\Users\Otelia&Terrence\AppData\Local\msvcr100.dll
2015-04-23 17:42 - 2014-07-07 10:54 - 002599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Otelia&Terrence\AppData\Local\QtCore4.dll
2015-04-23 17:42 - 2014-04-20 02:43 - 008587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Otelia&Terrence\AppData\Local\QtGui4.dll
2015-04-23 17:43 - 2014-04-20 02:38 - 001053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Otelia&Terrence\AppData\Local\QtNetwork4.dll
2015-04-23 17:43 - 2014-04-20 04:40 - 013108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Otelia&Terrence\AppData\Local\QtWebKit4.dll
2015-04-23 17:42 - 2013-03-18 17:45 - 000274432 _____ (The OpenSSL Project, /index.html) C:\Users\Otelia&Terrence\AppData\Local\ssleay32.dll
2015-04-23 17:44 - 2015-04-17 11:03 - 000126976 _____ (DigitalSoftware Group) C:\Users\Otelia&Terrence\AppData\Local\TraGen.exe
2015-04-23 17:44 - 2015-04-24 02:30 - 000018701 _____ () C:\Users\Otelia&Terrence\AppData\Local\viewer.log
2015-04-23 17:43 - 2015-04-23 17:43 - 000000552 _____ () C:\Users\Otelia&Terrence\AppData\Local\viewer.txt

Some files in TEMP:
====================
2015-04-23 17:43 - 2015-04-23 17:43 - 022253456 _____ (Download Free Music Company ) C:\Users\Otelia&Terrence\AppData\Local\Temp\Download Free Music_updater.exe
2014-06-14 21:50 - 2014-06-14 23:49 - 001393560 _____ () C:\Users\Otelia&Terrence\AppData\Local\Temp\f.exe
2014-09-02 11:07 - 2014-09-02 11:07 - 003895296 _____ () C:\Users\Otelia&Terrence\AppData\Local\Temp\ffmpeg17.exe
2014-10-14 16:02 - 2014-10-14 16:02 - 004118096 _____ (NCH Software) C:\Users\Otelia&Terrence\AppData\Local\Temp\gvsetup.exe
2014-10-15 20:30 - 2014-10-21 15:48 - 038191728 _____ () C:\Users\Otelia&Terrence\AppData\Local\Temp\InstallIMVU_509.0.exe
2014-08-30 19:30 - 2014-11-11 10:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\Otelia&Terrence\AppData\Local\Temp\lowproc.exe
2014-02-27 19:53 - 2010-08-13 04:41 - 000468232 _____ (Microsoft Corporation) C:\Users\Otelia&Terrence\AppData\Local\Temp\MSN389E.exe
2015-03-03 21:47 - 2015-03-03 21:47 - 000026424 _____ () C:\Users\Otelia&Terrence\AppData\Local\Temp\ochelper.exe
2014-09-09 09:20 - 2014-09-09 09:20 - 006039624 _____ (NCH Software) C:\Users\Otelia&Terrence\AppData\Local\Temp\pstagesetup.exe
2014-09-02 11:11 - 2014-09-02 11:11 - 000802816 _____ () C:\Users\Otelia&Terrence\AppData\Local\Temp\soxdec.exe
2014-08-30 19:30 - 2014-11-11 10:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\Otelia&Terrence\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-03 16:23

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Otelia&Terrence (24-02-2018 16:10:55)
Running from C:\Users\Otelia&Terrence\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-27 22:29:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3014522419-3766504801-4221179096-500 - Administrator - Disabled)
Guest (S-1-5-21-3014522419-3766504801-4221179096-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3014522419-3766504801-4221179096-1002 - Limited - Enabled)
Otelia&Terrence (S-1-5-21-3014522419-3766504801-4221179096-1001 - Administrator - Enabled) => C:\Users\Otelia&Terrence

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088649) (Version: 2.2.0.95 - WildTangent) Hidden
Acer Arcade Deluxe (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Movie (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (HKLM-x32\...\Acer Game Console) (Version: - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (HKLM-x32\...\WT088295) (Version: 2.2.0.95 - WildTangent) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
AVG 2014 (HKLM\...\{CE470020-CCCF-4C09-9AB9-B710A4FBE2C8}) (Version: 14.0.3705 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT088300) (Version: 2.2.0.95 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blackhawk Striker 2 (HKLM-x32\...\WT088373) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (HKLM-x32\...\WT088310) (Version: 2.2.0.95 - WildTangent) Hidden
C4USelfUpdater (HKLM-x32\...\{48B41C3A-9A92-4B81-B653-C97FEB85C910}) (Version: 1.00.0000 - Your Company Name) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT088312) (Version: 2.2.0.95 - WildTangent) Hidden
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
Cross DJ Free 3.0.1 (HKLM-x32\...\MixVibes Cross DJ Free 3.0.1) (Version: 3.0.1 - MixVibes)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT088318) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT088393) (Version: 2.2.0.95 - WildTangent) Hidden
Download Free Music (HKLM-x32\...\Download Free Music_is1) (Version: 3.8.6.0 - Download Free Music Company)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (HKLM-x32\...\WT088413) (Version: 2.2.0.95 - WildTangent) Hidden
Golden Videos VHS to DVD Converter (HKLM-x32\...\GoldenVideos) (Version: 3.03 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Jewel Quest - Heritage (HKLM-x32\...\WT088653) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT088350) (Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WT088445) (Version: 2.2.0.95 - WildTangent) Hidden
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.)
MediaShow Espresso (HKLM-x32\...\{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}) (Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
Nero 9 Essentials (HKLM-x32\...\{01edc90d-6ac3-41a4-8d69-03d4064058ba}) (Version: - Nero AG)
Nielsen (HKLM-x32\...\NetSight) (Version: - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.7001 - ooVoo LLC.)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Penguins! (HKLM-x32\...\WT088449) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.52 - NCH Software)
Plants vs. Zombies (HKLM-x32\...\WT088364) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT088453) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT088457) (Version: 2.2.0.95 - WildTangent) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.12992 - RocketLife Inc.)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Smilebox (HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\Smilebox) (Version: 1.0.0.28509 - Smilebox, Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Times Reader (HKLM-x32\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Unity Web Player (HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088553) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Zulu DJ Software (HKLM-x32\...\Zulu) (Version: 3.32 - NCH Software)
Zuma's Revenge (HKLM-x32\...\WT088517) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (Egis Technology Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2015-05-13] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2010-04-02] (Egis Technology Inc.)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-11-22] (RealNetworks, Inc.)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (Egis Technology Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-11-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\MSC\McCtxMenuFrmWrk.dll [2015-05-13] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03104640-CE0C-497D-BC5F-27E5218B0D29} - System32\Tasks\RealCreateProcessScheduledTask1551463358S-1-5-21-3014522419-3766504801-4221179096-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [2014-11-22] (RealNetworks, Inc.)
Task: {06840AF4-F766-4838-9D31-459E0D035548} - System32\Tasks\Opera scheduled Autoupdate 1425437379 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {0FB8B5FA-511D-438B-BF03-42A63EE8B2F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {11A883AD-4335-4C6E-88B3-39A27206D231} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {12118290-41F2-42CC-985C-05E16600BA77} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3014522419-3766504801-4221179096-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {1533BA0A-624E-4694-A17D-3BD06190C29E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3014522419-3766504801-4221179096-1001UA => C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-18] (Facebook Inc.)
Task: {1D0E91FA-8150-4133-AA9E-7A9523D93C2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3014522419-3766504801-4221179096-1001Core => C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-18] (Facebook Inc.)
Task: {3533A6C7-A341-40DF-8EB2-80979871AF51} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {AE2DF5F2-8AEF-48D0-BB51-3BD204730960} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-17] (Adobe Systems Incorporated)
Task: {C044DA65-962B-44C7-A7B0-FA5D052FB8DD} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2014-07-12] ()
Task: {DFC315C7-45BE-49FB-ADA0-00D15336FB2F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3014522419-3766504801-4221179096-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E9CED3C6-B9B4-4BC5-BA2D-30A9E54230A2} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {F36587A6-697B-42C3-A428-06D5E6461977} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3014522419-3766504801-4221179096-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {F9A24F43-2C21-43B4-8EB6-DD814E70D196} - System32\Tasks\RealCreateProcessScheduledTask601086563S-1-5-21-3014522419-3766504801-4221179096-1001 => c:\program files (x86)\real\realplayer\update\realsched.exe [2014-11-22] (RealNetworks, Inc.)
Task: {FC0C6D02-2BC6-4E71-ACEF-64626F7CF5EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3014522419-3766504801-4221179096-1001Core.job => C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3014522419-3766504801-4221179096-1001UA.job => C:\Users\Otelia&Terrence\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Otelia&Terrence\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

ShortcutWithArgument: C:\Users\Otelia&Terrence\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001
ShortcutWithArgument: C:\Users\Otelia&Terrence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

==================== Loaded Modules (Whitelisted) ==============

2014-10-26 22:59 - 2014-10-26 22:59 - 000039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 000031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-02-27 17:52 - 2010-05-13 00:23 - 000244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2009-04-19 10:34 - 2009-04-19 10:34 - 000207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-04-19 10:34 - 2009-04-19 10:34 - 000070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 10:34 - 2009-04-19 10:34 - 000578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-04-19 10:34 - 2009-04-19 10:34 - 000625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2018-02-24 13:20 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-04-23 17:42 - 2014-03-12 11:31 - 000210944 _____ () C:\Users\Otelia&Terrence\AppData\Local\CommonLauncher.exe
2015-04-23 17:42 - 2015-04-20 12:36 - 000142536 _____ () C:\Program Files (x86)\Download Free Music\Download Free MusicService.exe
2014-09-29 19:51 - 2014-09-29 19:51 - 000074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2010-08-04 07:40 - 2010-08-04 07:40 - 000611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 000560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-08-30 19:32 - 2014-11-22 08:49 - 000865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 000035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 000039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 000032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-12-01 16:28 - 2015-01-16 09:40 - 000504832 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2015-02-20 18:18 - 2015-01-16 09:34 - 000505344 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\communication.dll
2010-08-04 04:47 - 2010-08-04 04:47 - 000144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 001382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-02-20 18:18 - 2015-01-16 09:35 - 000595968 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npchromeinstaller.dll
2015-02-20 18:18 - 2015-01-16 09:35 - 000851968 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
2015-02-20 18:18 - 2015-01-16 09:37 - 000150528 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npsp1.dll
2015-02-20 18:18 - 2015-01-16 09:34 - 000228864 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
2015-02-20 18:18 - 2015-01-16 09:34 - 000224768 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npwmi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-04-23 17:43 - 000000883 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.googleapis.com
127.0.0.1 clients4.google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3014522419-3766504801-4221179096-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Otelia&Terrence\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F605C30E-10E1-4082-A0E1-897C95CD4AAC}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{1F6BCCD4-CC4B-4E01-ACC7-FB8F5833E76B}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
FirewallRules: [{12D198FB-5066-4081-8D0D-31DECAA6BF1B}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\CLMLSvc.exe
FirewallRules: [{0E510486-2AEE-4BDF-86A2-DCF5F22F6291}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{D74F28A4-6DC3-4620-B590-B0849571497C}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovie.exe
FirewallRules: [{BA286B74-FCF3-4C9C-9751-7538DF59645B}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovieService.exe
FirewallRules: [{56B10614-8B42-499D-808E-8B44359ACEF1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{1CF41328-C909-4194-BCB4-FEDE4EA27ED4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{66A535FC-4652-4B20-848F-C0983E8D6032}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4A19054-A3CB-4922-B272-90ADFCEA2A05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50026B84-EB78-4D7A-A42C-3FD4A266CE3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B03BB97-BF22-4547-8C34-E4B92BEBD318}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{029DC05D-5D68-4DE3-95E7-2BCA00A83F97}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{CE73F4EA-C698-4CFF-9336-270C33BDAE15}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
FirewallRules: [{F845ADEA-DB91-4832-9633-ED1814733FB7}] => (Allow) LPort=5353
FirewallRules: [{8E8478F6-A5D1-4F75-BD77-C6717E0B746E}] => (Allow) LPort=9322
FirewallRules: [{5BCC3DB2-632B-4155-89FA-1F06813721AE}] => (Allow) LPort=5353
FirewallRules: [{1DB05ABB-C667-4D1D-A854-AB6D183A3682}] => (Allow) C:\Users\Otelia&Terrence\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{446BF93B-FCD8-429D-A21B-05A6C21392E4}] => (Allow) LPort=9322
FirewallRules: [{44FC0939-AE5A-407D-B10B-AE09014E6B9E}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{7C8A8A81-3FD4-41B7-A731-021D7AD80F7D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{8744B912-C5DC-42BD-A8E7-26E2067FDAE9}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{F5F5E298-419B-4187-926F-5F8C73F1C565}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{7B0ABEF2-B25E-41CA-B3E7-B8C5D4802DA3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{E111F6B1-63DA-41C9-BD5B-B6F930B16ABE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{0FCAD236-DAD3-4F23-A3EF-A90F1FCAD1AA}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{ACC64F7A-387A-4F71-9A36-019D56423A85}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{9A8D7038-F6DA-45E3-A006-04A0CF4F5969}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{C8875A28-5C86-4ED9-A848-E166D93AD82B}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{23069843-4F7B-42C4-9C95-FAEF6FBD93F8}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{0DB604CA-B257-4513-B8AB-C9AC84C581B7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5BD29A76-17A1-4218-9F11-2CFF073F1A14}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FC8C44CF-8051-4979-B924-4FA1CD4A2CD3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A802CBC0-A5E7-49FA-B254-A754A8FB598D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{575D2A6A-704B-4862-8778-D443D0FC3E16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-09-2017 17:29:39 Scheduled Checkpoint
26-09-2017 19:53:22 Windows Update
06-10-2017 08:53:33 Scheduled Checkpoint
11-10-2017 02:00:24 Windows Update
18-10-2017 23:00:06 Scheduled Checkpoint
26-10-2017 16:27:49 Scheduled Checkpoint
02-11-2017 23:00:02 Scheduled Checkpoint
03-02-2018 16:30:02 Scheduled Checkpoint
24-02-2018 12:52:26 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2018 04:05:55 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 03:54:08 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 03:04:11 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 02:53:38 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 01:34:09 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 01:04:03 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 12:49:47 PM) (Source: Google Update) (EventID: 20) (User: crusher)
Description: Event-ID 20

Error: (02/24/2018 12:48:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={2849A6FC-39FA-4639-A0FB-A518FD3475A5}: The user crusher\Otelia&Terrence dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.


System errors:
=============
Error: (02/24/2018 03:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/24/2018 03:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/24/2018 03:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Home Network service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/24/2018 03:56:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/24/2018 03:54:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/24/2018 03:54:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (02/24/2018 03:54:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Firewall Core Service service hung on starting.

Error: (02/24/2018 03:48:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 255 Processor
Percentage of memory in use: 53%
Total physical RAM: 3839.23 MB
Available physical RAM: 1770.45 MB
Total Virtual: 7676.65 MB
Available Virtual: 5831.4 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.84 GB) (Free:436.67 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:29.73 GB) FAT32

\\?\Volume{172358e5-a016-11e3-8a6b-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{172358e4-a016-11e3-8a6b-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:17.58 GB) (Free:3.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C4632D33)
Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 000AE339)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

1. The infected machine creates the connection but will not to connect to the internet. I attempted to diagnose the issue using the tools provided in the control panel, no joy.
2. Malwarebytes is not a paid version and I am planning on installing Avast free AV.
3. I am cleaning up the leftovers now.

 

It just said that the LAN was established but no connection could be made.
Now I cannot get it to boot properly, it hangs on the logo screen and auto reboots. So I tried launching start up repair and it won't work, loads files and hangs on a blank screen.
Mcafee has not yet been cleaned up.

 

That is correct.

 

Still hanging on logo screen then rebooting.

 

I am thinking perhaps the registry or hdd has been corrupted.

 

It appears that the only software available for this drive would have to be run from a windows computer in order to create the cd image as the file is an .exe and creates the image from within, like i mentioned my system has a Linux distro on it. I had to pull the dvd to get to the hdd and it was still pretty hot by the time I got it out, so if I had my guess I would say the hdd is toast. I might be able to use wine for Linux and create the image that way but that will wait until tomorrow.

 

I can't get the executable to run in Wine.

 

Ok, thank you very much for your your help. I did find a program that will allow me to view the SMART data on the hdd, I'll start the topic with that and link back to this thread.