Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 01
Ran by Admin (administrator) on ADMIN-PC on 11-01-2015 22:06:41
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe
( ) C:\Windows\System32\lxebcoms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CASIO COMPUTER CO.,LTD.) C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ë****<*>] => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1484856 2010-06-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-19\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\Run: [Þ**<*>] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-20\...\RunOnce: [****<*>] => C:\Windows\System32\mctadmin.exe [14232 2013-07-01] () <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...\Run: [******<*>] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\{85cb47ce-fa68-7742-3733-a821a7d0dbc0}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-18\...\RunOnce: [****<*>] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"
http://go.microsoft..../?LinkID=122915" /build:7601 <===== ATTENTION (Value Name with invalid characters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
ShortcutTarget: Photo Loader supervisory.lnk -> C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3618061388-1582232378-1363670412-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {6EC10236-FD16-420F-B8AA-20AC36E0CDEF} URL =
SearchScopes: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> {87ABEF57-22B5-48B3-9D67-81EC811DC3D8} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho64.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100810221608.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3618061388-1582232378-1363670412-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @fileplanet.com/fpdlm -> C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://us.yahoo.com/"
CHR DefaultSearchKeyword: Default -> uk.yahoo.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-01-21] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-08-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-04-15] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-05-31] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-05-31] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-05-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-11] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-05] (Electronic Arts)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2012-11-27] (Alcatel-Lucent)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-14] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 22:06 - 2015-01-11 22:07 - 00025541 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-11 22:05 - 2015-01-11 22:06 - 00000000 ____D () C:\FRST
2015-01-11 22:05 - 2015-01-11 22:05 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-11 20:28 - 2015-01-11 20:28 - 00042024 _____ () C:\Users\Admin\Desktop\HitmanPro_20150111_2028.log
2015-01-11 20:12 - 2015-01-11 20:12 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-11 20:11 - 2015-01-11 20:12 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-11 20:10 - 2015-01-11 20:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-11 20:09 - 2015-01-11 20:09 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Desktop\HitmanPro_x64.exe
2015-01-11 20:06 - 2015-01-11 20:06 - 00001060 _____ () C:\Users\Admin\Desktop\MalWareBytes.txt
2015-01-11 19:44 - 2015-01-11 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-11 19:39 - 2015-01-11 19:39 - 00007475 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-11 19:27 - 2015-01-11 20:37 - 00000000 ____D () C:\AdwCleaner
2015-01-11 19:24 - 2015-01-11 19:24 - 02191360 _____ () C:\Users\Admin\Desktop\adwcleaner_4.107.exe
2015-01-05 17:25 - 2015-01-05 17:25 - 00009904 _____ () C:\Users\Admin\Downloads\Eggborough Copy of Commercial Analyst - Candidate Questions.xlsx
2014-12-27 13:00 - 2015-01-11 18:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinZip
2014-12-27 12:48 - 2014-12-27 12:50 - 47297544 _____ () C:\Users\Admin\Downloads\2015-performance-parts-full-catalog-web-1.pdf.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 22:06 - 2010-10-30 22:26 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-01-11 22:06 - 2010-10-30 22:26 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-11 21:45 - 2012-08-31 12:35 - 00000590 _____ () C:\Users\Admin\Desktop\DCS.txt
2015-01-11 21:43 - 2009-07-14 05:10 - 01772627 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:43 - 2009-07-14 04:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 21:36 - 2012-06-07 20:48 - 00241769 _____ () C:\Windows\setupact.log
2015-01-11 21:36 - 2010-02-06 12:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 21:36 - 2010-01-26 16:35 - 00987156 _____ () C:\ProgramData\lxebscan.log
2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\SoftThinks
2015-01-11 21:36 - 2010-01-26 15:09 - 00000000 ____D () C:\Users\Admin
2015-01-11 21:36 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 21:35 - 2014-08-27 15:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 21:35 - 2011-02-03 18:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-11 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-01-11 20:22 - 2010-02-06 12:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 19:47 - 2014-08-27 15:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 19:46 - 2014-08-27 15:38 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 19:46 - 2014-08-27 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 19:38 - 2012-07-15 10:56 - 00187870 _____ () C:\Windows\PFRO.log
2015-01-11 18:14 - 2014-05-06 13:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-11 18:14 - 2014-02-02 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-01-11 18:14 - 2011-12-06 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-11 18:14 - 2011-12-02 16:03 - 00000000 ____D () C:\Program Files\WinZip
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\servicing
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-11 18:14 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-11 18:13 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-11 18:12 - 2011-12-02 16:03 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-11 18:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-06 01:27
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 01
Ran by Admin at 2015-01-11 22:07:33
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco)
ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0918.2131 - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Belkin F6D4050 Enhanced Wireless USB Adapter (HKLM-x32\...\InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}) (Version: 2.0.0.08 - Belkin)
Belkin F6D4050 Enhanced Wireless USB Adapter (x32 Version: 2.0.0.08 - Belkin) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
ccc-core-static (x32 Version: 2009.0918.2132.36825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CryEngine®2 Sandbox2 (HKLM-x32\...\{7E4B7FD9-4ECE-4298-A910-3160B7918059}) (Version: 1.00.0000 - Electronic Arts)
Crysis WARHEAD® (HKLM-x32\...\Crysis WARHEAD®) (Version: - Electronic Arts)
Crysis WARHEAD® (x32 Version: 1.0 - Crytek) Hidden
Crysis Wars® (HKLM-x32\...\Crysis Wars®) (Version: - Electronic Arts)
Crysis Wars® (x32 Version: 1.0 - Crytek) Hidden
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.4.12913 - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Digital Combat Simulator: A-10C Warthog (HKLM-x32\...\Steam App 61010) (Version: - )
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
doPDF 6.2 printer (HKLM\...\doPDF 6 printer_is1) (Version: - Softland)
Download Manager 2.3.10 (HKLM-x32\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.)