Scan Result of Farbar Recovery
Sc
an Tool ( First ) (x64) Version: 20-07-2016
Ran by Este (administrator) on ESTE-PC (23-07-2016 00:26:16)
Running from C:\Users\Este\Downloads
Loaded Profiles: Este (Available Profiles: Este)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\MountPoints2: I - I:\autorun.exe
HKU\S-1-5-21-928187507-283903971-1354544283-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-19] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{D8309F82-0678-4A18-93C6-148595D836C1}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Internet Explorer:
==================
HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-928187507-283903971-1354544283-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://centurylink.net/
SearchScopes: HKLM -> DefaultScope {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {89CF1AB2-644E-42B7-A844-ECE10AB08615} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> DefaultScope {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL = hxxp://www.bing.com/search?FORM=U004DF&PC=U004&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL = hxxp://www.bing.com/search?FORM=U004DF&PC=U004&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {89CF1AB2-644E-42B7-A844-ECE10AB08615} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=C19AD2A001CE7FF4011F63F5&install_time=2013-07-13T18:14:08Z&src_id=31154&camp_id=5105&tb_version=1.3.4000.0(B)
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {BF677AAE-AE1C-49AD-951E-F39E95ABDB3B} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20100821&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {C6A47FBB-2ECA-430E-8466-5523772CA4FA} hxxp://www.uscconlinealbum.com/tlc/script/ext/bulkuploader/Uploader8.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-08-20] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-07] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-928187507-283903971-1354544283-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Este\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-928187507-283903971-1354544283-1001: @nsroblox.roblox.com/launcher -> C:\Users\Este\AppData\Local\Roblox\Versions\version-8484f0d4199b4d0f\\NPRobloxProxy.dll [2013-08-21] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-06-22] [not signed]
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US739D20160622&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-06-22]
CHR Extension: (SearchLock) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - <no Path/update_url>
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-06-01] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-05] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-03-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [451904 2009-06-04] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-07-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R0 ctsrddrv; C:\Windows\System32\DRIVERS\ctsrddrv.sys [112376 2016-01-11] (Centurion Technologies)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S2 PDFsFilter; C:\Windows\SysWOW64\DRIVERS\PDFsFilter.sys [82160 2014-12-29] (Raxco Software, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2015-09-23] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 00:26 - 2016-07-23 00:27 - 00025025 _____ C:\Users\Este\Downloads\FRST.txt
2016-07-23 00:24 - 2016-07-23 00:26 - 00000000 ____D C:\FRST
2016-07-23 00:24 - 2016-07-23 00:24 - 02393600 _____ (Farbar) C:\Users\Este\Downloads\FRST64.exe
2016-07-22 23:05 - 2016-07-22 23:05 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-07-22 22:39 - 2016-07-22 22:39 - 00000000 ____D C:\Users\Este\AppData\Local\ElevatedDiagnostics
2016-07-22 12:31 - 2016-07-22 12:31 - 00002952 _____ C:\Windows\System32\Tasks\{52FA45CA-ED35-4E9A-B0FC-7A8DA2B215C4}
2016-07-21 19:12 - 2016-07-22 21:48 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-07-21 19:12 - 2016-07-22 13:41 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-07-21 13:34 - 2016-07-21 13:34 - 22851472 _____ (Malwarebytes ) C:\Users\Este\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-20 13:47 - 2016-07-20 13:47 - 00215142 ____T C:\Users\Este\Documents\mv.pdf
2016-07-12 21:19 - 2016-07-12 21:19 - 00156032 ____T C:\Users\Este\Documents\dmv reciept for dodge tk.pdf
2016-07-07 19:02 - 2016-07-07 19:03 - 02959376 _____ (Microsoft Corporation) C:\Users\Este\Downloads\dotnetfx35setup.exe
2016-07-07 18:41 - 2016-07-07 18:42 - 02416788 _____ C:\Users\Este\Downloads\AA.Net.Client-x64.rar
2016-07-04 20:15 - 2016-07-04 20:16 - 03390815 _____ C:\Users\Este\Downloads\07-2016 The Down Easterner.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 00:21 - 2010-03-09 19:58 - 00000000 ____D C:\Users\Este\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-07-23 00:20 - 2016-05-20 12:49 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-23 00:20 - 2015-12-12 07:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d134d2994b4ce8.job
2016-07-23 00:20 - 2015-12-12 07:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d134d2980791c3.job
2016-07-23 00:20 - 2010-03-22 18:55 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-23 00:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-23 00:17 - 2016-06-16 20:37 - 00000000 ____D C:\ProgramData\SpeedyPC Software
2016-07-23 00:02 - 2016-06-17 10:43 - 00000000 ____D C:\Users\Este\AppData\Roaming\USTechSupport
2016-07-23 00:02 - 2016-06-17 10:42 - 00000000 ____D C:\ProgramData\USTechSupport
2016-07-22 23:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-22 22:43 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-22 22:43 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-22 11:23 - 2016-06-16 20:38 - 00000569 _____ C:\Windows\Tasks\SpeedyPC Pro_sch_C41F7B77-3423-11E6-B865-002170609D8D.job
2016-07-21 22:13 - 2015-12-13 11:59 - 00000153 _____ C:\ADRInfos.xml
2016-07-21 16:37 - 2013-07-18 20:26 - 00000000 ____D C:\Windows\system32\MRT
2016-07-21 16:37 - 2013-05-14 18:02 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-07-21 16:37 - 2011-05-19 07:07 - 00000000 ____D C:\Windows\system32\SPReview
2016-07-21 16:37 - 2011-05-19 07:05 - 00000000 ____D C:\Windows\system32\EventProviders
2016-07-21 16:37 - 2010-12-20 18:18 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2016-07-21 16:37 - 2010-10-08 07:58 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2016-07-21 16:37 - 2010-10-08 07:58 - 00000000 ____D C:\Windows\system32\logishrd
2016-07-21 16:37 - 2010-03-26 18:07 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-07-21 16:37 - 2010-03-09 19:58 - 00000000 ____D C:\Users\Este
2016-07-21 16:37 - 2010-03-05 20:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-21 16:37 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-07-21 16:36 - 2016-06-16 13:27 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-21 16:36 - 2016-05-31 23:41 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-21 16:36 - 2016-04-30 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2016-07-21 16:36 - 2016-03-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-21 16:36 - 2016-03-09 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-07-21 16:36 - 2016-01-11 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Kure
2016-07-21 16:36 - 2015-12-12 02:41 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-07-21 16:36 - 2015-09-23 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2016-07-21 16:36 - 2015-07-09 06:32 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warplanes
2016-07-21 16:36 - 2015-07-03 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-07-21 16:36 - 2014-04-15 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-21 16:36 - 2013-08-06 17:02 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-07-21 16:36 - 2013-04-08 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Pirates of the Caribbean Online
2016-07-21 16:36 - 2013-03-13 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-21 16:36 - 2012-06-24 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-21 16:36 - 2012-04-13 08:29 - 00000000 ____D C:\Windows\en
2016-07-21 16:36 - 2012-01-16 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink™ Game Player
2016-07-21 16:36 - 2011-08-28 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink Help
2016-07-21 16:36 - 2011-06-25 10:37 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2016-07-21 16:36 - 2011-04-06 10:57 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2nd Story Software
2016-07-21 16:36 - 2011-04-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2nd Story Software
2016-07-21 16:36 - 2010-10-18 09:27 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-21 16:36 - 2010-05-27 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2016-07-21 16:36 - 2010-04-28 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty - United Offensive
2016-07-21 16:36 - 2010-04-27 18:31 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-21 16:36 - 2010-04-06 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
2016-07-21 16:36 - 2010-04-01 08:59 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Extension Finder
2016-07-21 16:36 - 2010-03-22 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-07-21 16:36 - 2010-03-22 18:55 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-07-21 16:36 - 2010-03-05 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2016-07-21 16:36 - 2010-03-05 20:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-21 16:36 - 2010-03-05 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2016-07-21 16:36 - 2010-03-05 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-21 16:36 - 2010-03-05 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-21 16:36 - 2010-03-05 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-07-21 16:36 - 2010-03-05 20:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-07-21 16:36 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-21 16:36 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-21 16:36 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-21 14:08 - 2011-06-25 10:37 - 00000000 ____D C:\Users\Este\AppData\Local\Deployment
2016-07-21 14:06 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-07-21 13:26 - 2015-07-03 00:18 - 00000000 ____D C:\Users\Este\AppData\Roaming\TS3Client
2016-07-21 13:07 - 2012-07-25 09:14 - 00000000 ____D C:\Users\Este\AppData\Roaming\Spyzooka
2016-07-21 12:50 - 2009-07-14 01:13 - 00792614 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-21 12:46 - 2016-04-27 03:46 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-18 19:23 - 2016-06-22 12:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-14 12:59 - 2016-06-22 12:11 - 00003142 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-14 12:59 - 2010-03-05 20:45 - 00000000 ____D C:\ProgramData\McAfee
2016-07-13 15:04 - 2013-04-25 09:42 - 00000000 ____D C:\Users\Este\AppData\Roaming\Skype
2016-07-13 13:55 - 2010-03-12 09:41 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-10 17:14 - 2015-07-03 00:18 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-07-08 15:30 - 2014-11-16 20:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-08 11:15 - 2016-05-20 12:49 - 00004016 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-07 04:50 - 2012-07-27 00:30 - 00000000 ____D C:\Users\Este\AppData\Roaming\Malwarebytes
2016-07-07 04:49 - 2012-07-27 00:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-07 04:44 - 2012-07-27 00:09 - 00000000 ____D C:\zookaplus
2016-07-05 23:54 - 2013-04-25 09:42 - 00000000 ____D C:\ProgramData\Skype
2016-07-04 15:05 - 2015-04-21 18:10 - 00000000 ____D C:\ProgramData\Norton
2016-07-01 13:04 - 2011-03-21 19:18 - 00002080 _____ C:\Users\Public\Desktop\Logitech Vid HD.lnk
2016-06-24 11:37 - 2013-05-26 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-24 09:21 - 2013-03-13 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 09:21 - 2013-03-13 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
==================== Files in the root of some directories =======
2010-04-29 14:18 - 2010-04-30 09:35 - 8656832 _____ (Dell, Inc. ) C:\Users\Este\AppData\Roaming\DataSafeDotNet.exe
2016-06-16 20:38 - 2016-07-22 23:54 - 0000115 _____ () C:\Users\Este\AppData\Roaming\LogFile.txt
2010-11-08 16:28 - 2014-12-20 14:27 - 0116736 _____ () C:\Users\Este\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-14 08:03 - 2016-06-20 22:13 - 0007606 _____ () C:\Users\Este\AppData\Local\Resmon.ResmonCfg
2012-01-10 08:21 - 2012-01-10 08:21 - 0000000 _____ () C:\Users\Este\AppData\Local\{03B732AB-95C2-4166-8C82-A4FC6F32A5B2}
2014-09-30 19:44 - 2014-09-30 19:44 - 0000000 _____ () C:\Users\Este\AppData\Local\{7484980D-3102-4B7A-867E-00216215DBA5}
2014-08-20 22:25 - 2014-08-20 22:25 - 0000000 _____ () C:\Users\Este\AppData\Local\{79861E96-7B0E-43F4-BDED-94EDC2D0242E}
2014-10-01 19:44 - 2014-10-01 19:44 - 0000000 _____ () C:\Users\Este\AppData\Local\{A68034FE-4CD7-47EC-9B37-96D084B0542C}
2015-03-19 14:40 - 2015-03-19 14:40 - 0000000 _____ () C:\Users\Este\AppData\Local\{A8C3C37A-E398-4CB7-8960-09E9708CB5CE}
2016-01-11 22:11 - 2016-01-11 22:11 - 0000000 _____ () C:\ProgramData\doinstall
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-20 11:46
Hi I think the program The Kure has compatabily issues..not sure though that is why I am here. Thank you for any help you could give ps at Idle the cpu runs 50% to 100%
Sc
an Tool ( First ) (x64) Version: 20-07-2016
Ran by Este (administrator) on ESTE-PC (23-07-2016 00:26:16)
Running from C:\Users\Este\Downloads
Loaded Profiles: Este (Available Profiles: Este)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-928187507-283903971-1354544283-1001\...\MountPoints2: I - I:\autorun.exe
HKU\S-1-5-21-928187507-283903971-1354544283-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-06-19] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{D8309F82-0678-4A18-93C6-148595D836C1}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Internet Explorer:
==================
HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-928187507-283903971-1354544283-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://centurylink.net/
SearchScopes: HKLM -> DefaultScope {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {89CF1AB2-644E-42B7-A844-ECE10AB08615} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> DefaultScope {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL = hxxp://www.bing.com/search?FORM=U004DF&PC=U004&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {117DB037-2A39-4BAE-BDF0-8DAF36ADC782} URL = hxxp://www.bing.com/search?FORM=U004DF&PC=U004&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {89CF1AB2-644E-42B7-A844-ECE10AB08615} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=C19AD2A001CE7FF4011F63F5&install_time=2013-07-13T18:14:08Z&src_id=31154&camp_id=5105&tb_version=1.3.4000.0(B)
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {AE5CC408-B0A3-47EE-AB85-4204F204FD4D} URL =
SearchScopes: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> {BF677AAE-AE1C-49AD-951E-F39E95ABDB3B} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US739D20100821&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-928187507-283903971-1354544283-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {C6A47FBB-2ECA-430E-8466-5523772CA4FA} hxxp://www.uscconlinealbum.com/tlc/script/ext/bulkuploader/Uploader8.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-11] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-08-20] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-07] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-928187507-283903971-1354544283-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Este\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-928187507-283903971-1354544283-1001: @nsroblox.roblox.com/launcher -> C:\Users\Este\AppData\Local\Roblox\Versions\version-8484f0d4199b4d0f\\NPRobloxProxy.dll [2013-08-21] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-06-22] [not signed]
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US739D20160622&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-06-22]
CHR Extension: (SearchLock) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Este\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - <no Path/update_url>
CHR HKU\S-1-5-21-928187507-283903971-1354544283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-06-01] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-05] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2010-03-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [451904 2009-06-04] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-07-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R0 ctsrddrv; C:\Windows\System32\DRIVERS\ctsrddrv.sys [112376 2016-01-11] (Centurion Technologies)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S2 PDFsFilter; C:\Windows\SysWOW64\DRIVERS\PDFsFilter.sys [82160 2014-12-29] (Raxco Software, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2015-09-23] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 00:26 - 2016-07-23 00:27 - 00025025 _____ C:\Users\Este\Downloads\FRST.txt
2016-07-23 00:24 - 2016-07-23 00:26 - 00000000 ____D C:\FRST
2016-07-23 00:24 - 2016-07-23 00:24 - 02393600 _____ (Farbar) C:\Users\Este\Downloads\FRST64.exe
2016-07-22 23:05 - 2016-07-22 23:05 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-07-22 22:39 - 2016-07-22 22:39 - 00000000 ____D C:\Users\Este\AppData\Local\ElevatedDiagnostics
2016-07-22 12:31 - 2016-07-22 12:31 - 00002952 _____ C:\Windows\System32\Tasks\{52FA45CA-ED35-4E9A-B0FC-7A8DA2B215C4}
2016-07-21 19:12 - 2016-07-22 21:48 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-07-21 19:12 - 2016-07-22 13:41 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-07-21 13:34 - 2016-07-21 13:34 - 22851472 _____ (Malwarebytes ) C:\Users\Este\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-20 13:47 - 2016-07-20 13:47 - 00215142 ____T C:\Users\Este\Documents\mv.pdf
2016-07-12 21:19 - 2016-07-12 21:19 - 00156032 ____T C:\Users\Este\Documents\dmv reciept for dodge tk.pdf
2016-07-07 19:02 - 2016-07-07 19:03 - 02959376 _____ (Microsoft Corporation) C:\Users\Este\Downloads\dotnetfx35setup.exe
2016-07-07 18:41 - 2016-07-07 18:42 - 02416788 _____ C:\Users\Este\Downloads\AA.Net.Client-x64.rar
2016-07-04 20:15 - 2016-07-04 20:16 - 03390815 _____ C:\Users\Este\Downloads\07-2016 The Down Easterner.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 00:21 - 2010-03-09 19:58 - 00000000 ____D C:\Users\Este\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:52 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:52 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-07-23 00:21 - 2010-03-05 20:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-07-23 00:20 - 2016-05-20 12:49 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-23 00:20 - 2015-12-12 07:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d134d2994b4ce8.job
2016-07-23 00:20 - 2015-12-12 07:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d134d2980791c3.job
2016-07-23 00:20 - 2010-03-22 18:55 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-23 00:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-23 00:17 - 2016-06-16 20:37 - 00000000 ____D C:\ProgramData\SpeedyPC Software
2016-07-23 00:02 - 2016-06-17 10:43 - 00000000 ____D C:\Users\Este\AppData\Roaming\USTechSupport
2016-07-23 00:02 - 2016-06-17 10:42 - 00000000 ____D C:\ProgramData\USTechSupport
2016-07-22 23:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-22 22:43 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-22 22:43 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-22 11:23 - 2016-06-16 20:38 - 00000569 _____ C:\Windows\Tasks\SpeedyPC Pro_sch_C41F7B77-3423-11E6-B865-002170609D8D.job
2016-07-21 22:13 - 2015-12-13 11:59 - 00000153 _____ C:\ADRInfos.xml
2016-07-21 16:37 - 2013-07-18 20:26 - 00000000 ____D C:\Windows\system32\MRT
2016-07-21 16:37 - 2013-05-14 18:02 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-07-21 16:37 - 2011-05-19 07:07 - 00000000 ____D C:\Windows\system32\SPReview
2016-07-21 16:37 - 2011-05-19 07:05 - 00000000 ____D C:\Windows\system32\EventProviders
2016-07-21 16:37 - 2010-12-20 18:18 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
2016-07-21 16:37 - 2010-10-08 07:58 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2016-07-21 16:37 - 2010-10-08 07:58 - 00000000 ____D C:\Windows\system32\logishrd
2016-07-21 16:37 - 2010-03-26 18:07 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-07-21 16:37 - 2010-03-09 19:58 - 00000000 ____D C:\Users\Este
2016-07-21 16:37 - 2010-03-05 20:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-21 16:37 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-21 16:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-07-21 16:36 - 2016-06-16 13:27 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-21 16:36 - 2016-05-31 23:41 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-21 16:36 - 2016-04-30 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2016-07-21 16:36 - 2016-03-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-21 16:36 - 2016-03-09 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-07-21 16:36 - 2016-01-11 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Kure
2016-07-21 16:36 - 2015-12-12 02:41 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-07-21 16:36 - 2015-09-23 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2016-07-21 16:36 - 2015-07-09 06:32 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warplanes
2016-07-21 16:36 - 2015-07-03 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2016-07-21 16:36 - 2014-04-15 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-21 16:36 - 2013-08-06 17:02 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-07-21 16:36 - 2013-04-08 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Pirates of the Caribbean Online
2016-07-21 16:36 - 2013-03-13 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-21 16:36 - 2012-06-24 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-21 16:36 - 2012-04-13 08:29 - 00000000 ____D C:\Windows\en
2016-07-21 16:36 - 2012-01-16 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink™ Game Player
2016-07-21 16:36 - 2011-08-28 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink Help
2016-07-21 16:36 - 2011-06-25 10:37 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2016-07-21 16:36 - 2011-04-06 10:57 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2nd Story Software
2016-07-21 16:36 - 2011-04-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2nd Story Software
2016-07-21 16:36 - 2010-10-18 09:27 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-21 16:36 - 2010-05-27 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2016-07-21 16:36 - 2010-04-28 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty - United Offensive
2016-07-21 16:36 - 2010-04-27 18:31 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-21 16:36 - 2010-04-06 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
2016-07-21 16:36 - 2010-04-01 08:59 - 00000000 ____D C:\Users\Este\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Extension Finder
2016-07-21 16:36 - 2010-03-22 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-07-21 16:36 - 2010-03-22 18:55 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-07-21 16:36 - 2010-03-05 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2016-07-21 16:36 - 2010-03-05 20:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-21 16:36 - 2010-03-05 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2016-07-21 16:36 - 2010-03-05 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-21 16:36 - 2010-03-05 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-07-21 16:36 - 2010-03-05 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-07-21 16:36 - 2010-03-05 20:20 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-07-21 16:36 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-21 16:36 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-21 16:36 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-21 14:08 - 2011-06-25 10:37 - 00000000 ____D C:\Users\Este\AppData\Local\Deployment
2016-07-21 14:06 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-07-21 13:26 - 2015-07-03 00:18 - 00000000 ____D C:\Users\Este\AppData\Roaming\TS3Client
2016-07-21 13:07 - 2012-07-25 09:14 - 00000000 ____D C:\Users\Este\AppData\Roaming\Spyzooka
2016-07-21 12:50 - 2009-07-14 01:13 - 00792614 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-21 12:46 - 2016-04-27 03:46 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-18 19:23 - 2016-06-22 12:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-14 12:59 - 2016-06-22 12:11 - 00003142 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-07-14 12:59 - 2010-03-05 20:45 - 00000000 ____D C:\ProgramData\McAfee
2016-07-13 15:04 - 2013-04-25 09:42 - 00000000 ____D C:\Users\Este\AppData\Roaming\Skype
2016-07-13 13:55 - 2010-03-12 09:41 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-10 17:14 - 2015-07-03 00:18 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-07-08 15:30 - 2014-11-16 20:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-08 11:15 - 2016-05-20 12:49 - 00004016 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-07 04:50 - 2012-07-27 00:30 - 00000000 ____D C:\Users\Este\AppData\Roaming\Malwarebytes
2016-07-07 04:49 - 2012-07-27 00:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-07 04:44 - 2012-07-27 00:09 - 00000000 ____D C:\zookaplus
2016-07-05 23:54 - 2013-04-25 09:42 - 00000000 ____D C:\ProgramData\Skype
2016-07-04 15:05 - 2015-04-21 18:10 - 00000000 ____D C:\ProgramData\Norton
2016-07-01 13:04 - 2011-03-21 19:18 - 00002080 _____ C:\Users\Public\Desktop\Logitech Vid HD.lnk
2016-06-24 11:37 - 2013-05-26 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-24 09:21 - 2013-03-13 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 09:21 - 2013-03-13 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
==================== Files in the root of some directories =======
2010-04-29 14:18 - 2010-04-30 09:35 - 8656832 _____ (Dell, Inc. ) C:\Users\Este\AppData\Roaming\DataSafeDotNet.exe
2016-06-16 20:38 - 2016-07-22 23:54 - 0000115 _____ () C:\Users\Este\AppData\Roaming\LogFile.txt
2010-11-08 16:28 - 2014-12-20 14:27 - 0116736 _____ () C:\Users\Este\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-14 08:03 - 2016-06-20 22:13 - 0007606 _____ () C:\Users\Este\AppData\Local\Resmon.ResmonCfg
2012-01-10 08:21 - 2012-01-10 08:21 - 0000000 _____ () C:\Users\Este\AppData\Local\{03B732AB-95C2-4166-8C82-A4FC6F32A5B2}
2014-09-30 19:44 - 2014-09-30 19:44 - 0000000 _____ () C:\Users\Este\AppData\Local\{7484980D-3102-4B7A-867E-00216215DBA5}
2014-08-20 22:25 - 2014-08-20 22:25 - 0000000 _____ () C:\Users\Este\AppData\Local\{79861E96-7B0E-43F4-BDED-94EDC2D0242E}
2014-10-01 19:44 - 2014-10-01 19:44 - 0000000 _____ () C:\Users\Este\AppData\Local\{A68034FE-4CD7-47EC-9B37-96D084B0542C}
2015-03-19 14:40 - 2015-03-19 14:40 - 0000000 _____ () C:\Users\Este\AppData\Local\{A8C3C37A-E398-4CB7-8960-09E9708CB5CE}
2016-01-11 22:11 - 2016-01-11 22:11 - 0000000 _____ () C:\ProgramData\doinstall
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-20 11:46
Hi I think the program The Kure has compatabily issues..not sure though that is why I am here. Thank you for any help you could give ps at Idle the cpu runs 50% to 100%