Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 Ran by BB4xl (ATTENTION: The user is not administrator) on BOB-PC (14-02-2017 23:35:15) Running from C:\Users\BB4xl\Downloads Loaded Profiles: UpdatusUser & BB4xl (Available Profiles: Bob & UpdatusUser & BB4xl & Boss) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> nvSCPAPISvr.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> nvxdsync.exe Failed to access process -> nvvsvc.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> svchost.exe Failed to access process -> mbamservice.exe Failed to access process -> mfemms.exe Failed to access process -> mfevtps.exe Failed to access process -> ModuleCoreService.exe Failed to access process -> MotoHelperService.exe Failed to access process -> mfevtps.exe Failed to access process -> daemonu.exe Failed to access process -> PEFService.exe Failed to access process -> ForwardDaemon.exe Failed to access process -> mfefire.exe Failed to access process -> McSvHost.exe Failed to access process -> mfefire.exe Failed to access process -> McCSPServiceHost.exe Failed to access process -> mcsacore.exe Failed to access process -> mcapexe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe Failed to access process -> WUDFHost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wmpnetwk.exe Failed to access process -> SearchIndexer.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> UI0Detect.exe Failed to access process -> QcShm.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe Failed to access process -> McClientAnalytics.exe Failed to access process -> svchost.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_221_ActiveX.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Farbar) C:\Users\BB4xl\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{6A57956D-12C0-4890-9E00-104414C22D88}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/ URLSearchHook: [S-1-5-21-3990082703-2204388882-176178493-1003] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3990082703-2204388882-176178493-1004 -> {A8E90CBC-057E-4737-935C-900EF9969C32} URL = hxxps://www.google.com/search?q={searchTerms} BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\BB4xl\AppData\Roaming\Mozilla\Firefox\Profiles\tla73gu0.default [2016-12-03] FF Homepage: Mozilla\Firefox\Profiles\tla73gu0.default -> hxxps://www.bing.com FF Extension: (Firefox Hotfix) - C:\Users\BB4xl\AppData\Roaming\Mozilla\Firefox\Profiles\tla73gu0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03] FF Extension: (Youtube Unblocker Remediation) - C:\Users\BB4xl\AppData\Roaming\Mozilla\Firefox\Profiles\tla73gu0.default\features\{8eeca5f3-809a-4e7a-875e-051b32a44f78}\malware-remediation@mozilla.org.xpi [2016-10-03] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-10] FF SearchPlugin: C:\Users\BB4xl\AppData\Roaming\Mozilla\Firefox\Profiles\tla73gu0.default\searchplugins\McSiteAdvisor.xml [2016-03-14] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default [2017-01-07] CHR Extension: (Google Docs) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-14] CHR Extension: (YouTube) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02] CHR Extension: (Bitdefender Wallet) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-04-30] CHR Extension: (Google Search) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02] CHR Extension: (Google Wallet) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07] CHR Extension: (Gmail) - C:\Users\BB4xl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.) R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-08-08] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-02] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.) S3 MWAC; \??\C:\Windows\system32\drivers\ [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-14 23:35 - 2017-02-14 23:35 - 00018112 _____ C:\Users\BB4xl\Downloads\FRST.txt 2017-02-14 23:33 - 2017-02-14 23:34 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64 (2).exe 2017-02-14 23:30 - 2017-02-14 23:30 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64 (1).exe 2017-02-14 23:29 - 2017-02-14 23:29 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64.exe 2017-02-14 23:28 - 2017-02-14 23:28 - 00006443 _____ C:\Users\BB4xl\Desktop\Fixlist.txt 2017-02-14 23:27 - 2017-02-14 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-02-12 22:05 - 2017-02-14 23:35 - 00000000 ____D C:\FRST 2017-02-11 13:11 - 2017-02-11 13:11 - 00000000 _____ C:\Users\BB4xl\ipconfig 2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\Program Files\Malwarebytes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-14 23:24 - 2013-10-08 21:00 - 00000000 ____D C:\Temp 2017-02-14 23:07 - 2014-03-31 20:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-14 23:07 - 2013-08-08 19:41 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-14 23:07 - 2013-08-08 19:41 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-14 21:49 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-14 21:49 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-14 21:44 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-14 21:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2017-02-14 21:39 - 2013-08-08 18:32 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-14 21:39 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-13 16:59 - 2013-08-10 09:03 - 00000000 ____D C:\ProgramData\McAfee 2017-02-13 12:16 - 2016-01-16 20:04 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-02-12 11:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-11 13:11 - 2013-09-12 19:43 - 00000000 ____D C:\Users\BB4xl 2017-02-07 22:43 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-05 11:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2017-02-04 17:53 - 2017-01-07 15:09 - 00000000 ____D C:\AdwCleaner 2017-02-04 17:01 - 2014-12-03 08:30 - 00583762 _____ C:\Windows\ntbtlog.txt 2017-02-04 16:35 - 2013-11-17 00:20 - 00000000 ____D C:\Users\Boss 2017-02-04 16:35 - 2013-08-08 18:32 - 00000000 ____D C:\Users\UpdatusUser 2017-02-04 16:34 - 2013-08-08 13:01 - 00000000 ____D C:\Users\Bob 2017-02-04 16:33 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files\McAfee 2017-02-04 16:33 - 2015-02-23 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-02-04 16:33 - 2013-08-26 19:23 - 00000000 ____D C:\Windows\Minidump 2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2017-02-04 16:31 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-04 16:30 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-02-02 22:44 - 2013-10-05 18:05 - 00000000 ____D C:\Users\BB4xl\AppData\Local\Adobe 2017-02-02 22:34 - 2013-08-09 19:19 - 00000000 ____D C:\Windows\system32\MRT 2017-02-02 16:48 - 2014-10-28 07:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-02 16:48 - 2014-10-28 07:34 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-02-02 15:43 - 2013-11-18 22:25 - 00000000 ___RD C:\Users\BB4xl\Documents\Scanned Documents 2017-02-02 12:36 - 2014-02-02 11:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-02 12:36 - 2014-02-02 11:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-19 21:14 - 2016-11-26 00:08 - 00000000 ____D C:\Users\BB4xl\Desktop\Recites 2017-01-19 20:27 - 2013-08-26 19:23 - 598985133 _____ C:\Windows\MEMORY.DMP 2017-01-19 09:27 - 2016-08-22 18:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin 2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin 2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin 2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin 2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin 2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin Some files in TEMP: ==================== 2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe 2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================