Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mcfee from At&t and Malwarebytes will not open or run


  • This topic is locked This topic is locked

#1
BB4xl

BB4xl

    New Member

  • Member
  • Pip
  • 9 posts

Hi I am new here and have a problem. I have windows 7 Pro. I have Malware bytes and Mcfee from At&t uverse.  Neither will open or run.  I contacted MWbytes. after a week and a half they tell me to uninstall and reinstall.  When I go to the control panel add/remove it says that I have version 2.2. I downloaded the 3.0 version weeks ago.  Window says that the 2.2 version does not exist so I cannot uninstall.  The 3. version is not listed. I responded to MWbytes a week ago and have not heard anything from them. At this point I don't know what to do.  Any help/advise would most appreciated . 

Thank you.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi Thank you for your help. Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Boss (administrator) on BOB-PC (12-02-2017 22:05:14)
Running from C:\Users\Boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTVO1Y75
Loaded Profiles: Bob & UpdatusUser & BB4xl & Boss (Available Profiles: Bob & UpdatusUser & BB4xl & Boss)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_194_ActiveX.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_194_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6A57956D-12C0-4890-9E00-104414C22D88}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3990082703-2204388882-176178493-1004 -> {A8E90CBC-057E-4737-935C-900EF9969C32} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\yayhxogh.default [2017-02-05]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-08-08] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 22:05 - 2017-02-12 22:05 - 00000000 ____D C:\FRST
2017-02-12 11:47 - 2017-02-12 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-11 13:11 - 2017-02-11 13:11 - 00000000 _____ C:\Users\BB4xl\ipconfig
2017-02-07 23:11 - 2017-02-07 23:11 - 00002976 _____ C:\Windows\System32\Tasks\{27E78AB5-D2BD-411E-A94D-45325E4D248D}
2017-02-06 17:08 - 2017-02-06 17:08 - 00151352 _____ C:\Users\Bob\Desktop\check dental 3-17.jpeg
2017-02-06 16:56 - 2017-02-06 16:56 - 00346433 _____ C:\Users\Bob\Desktop\Dental Mar 17.jpeg
2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-19 20:27 - 2017-01-19 20:27 - 00941192 _____ C:\Windows\Minidump\011917-17160-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-12 22:00 - 2014-03-31 20:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-12 12:18 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-12 12:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-12 11:44 - 2013-10-08 21:00 - 00000000 ____D C:\Temp
2017-02-12 11:15 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-12 11:15 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-12 11:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-12 11:02 - 2013-08-08 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-12 11:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-11 13:11 - 2013-09-12 19:43 - 00000000 ____D C:\Users\BB4xl
2017-02-08 10:52 - 2017-01-01 08:18 - 00000000 ____D C:\Users\Bob\Desktop\things to organize
2017-02-08 10:47 - 2016-01-16 20:07 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-08 10:47 - 2013-08-10 09:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-07 22:43 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 17:08 - 2013-09-24 10:33 - 00000000 ___RD C:\Users\Bob\Documents\Scanned Documents
2017-02-05 11:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-02-04 17:53 - 2017-01-07 15:09 - 00000000 ____D C:\AdwCleaner
2017-02-04 17:01 - 2014-12-03 08:30 - 00583762 _____ C:\Windows\ntbtlog.txt
2017-02-04 16:35 - 2013-11-17 00:20 - 00000000 ____D C:\Users\Boss
2017-02-04 16:35 - 2013-08-08 18:32 - 00000000 ____D C:\Users\UpdatusUser
2017-02-04 16:34 - 2013-08-08 13:01 - 00000000 ____D C:\Users\Bob
2017-02-04 16:33 - 2016-01-16 20:09 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-04 16:33 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files\McAfee
2017-02-04 16:33 - 2016-01-16 20:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-04 16:33 - 2015-02-23 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-04 16:33 - 2013-08-26 19:23 - 00000000 ____D C:\Windows\Minidump
2017-02-04 16:33 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-04 16:33 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-02-04 16:31 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-04 16:30 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-02 22:44 - 2014-09-02 17:45 - 00000000 ____D C:\Users\Boss\AppData\Local\Adobe
2017-02-02 22:44 - 2013-10-05 18:05 - 00000000 ____D C:\Users\BB4xl\AppData\Local\Adobe
2017-02-02 22:34 - 2013-08-09 19:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 16:48 - 2014-10-28 07:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 16:48 - 2014-10-28 07:34 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-02 15:43 - 2013-11-18 22:25 - 00000000 ___RD C:\Users\BB4xl\Documents\Scanned Documents
2017-02-02 12:36 - 2014-02-02 11:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 12:36 - 2014-02-02 11:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 15:48 - 2016-01-16 20:09 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-19 21:14 - 2016-11-26 00:08 - 00000000 ____D C:\Users\BB4xl\Desktop\Recites
2017-01-19 20:27 - 2013-08-26 19:23 - 598985133 _____ C:\Windows\MEMORY.DMP
2017-01-19 09:27 - 2016-08-22 18:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-07-01 18:48 - 2014-07-01 18:48 - 0000041 _____ () C:\Users\Boss\AppData\Roaming\WB.CFG
2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin
2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin
2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin
2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin
2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin
2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin

Some files in TEMP:
====================
2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-01-18 07:16 - 2013-01-18 07:16 - 0559480 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 1028648 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 0354528 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll
2013-01-18 07:15 - 2013-01-18 07:15 - 0709920 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStInst.exe
2006-10-30 05:35 - 2006-10-30 05:35 - 0145184 ____R (Microsoft Corporation) C:\Users\Bob\AppData\Local\Temp\ose00000.exe
2015-12-02 10:05 - 2015-12-02 10:05 - 0120336 _____ (McAfee, Inc.) C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 11:31

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Boss (12-02-2017 22:06:10)
Running from C:\Users\Boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTVO1Y75
Windows 7 Professional Service Pack 1 (X64) (2013-08-08 18:01:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3990082703-2204388882-176178493-500 - Administrator - Disabled)
BB4xl (S-1-5-21-3990082703-2204388882-176178493-1004 - Limited - Enabled) => C:\Users\BB4xl
Bob (S-1-5-21-3990082703-2204388882-176178493-1000 - Limited - Enabled) => C:\Users\Bob
Boss (S-1-5-21-3990082703-2204388882-176178493-1005 - Administrator - Enabled) => C:\Users\Boss
Guest (S-1-5-21-3990082703-2204388882-176178493-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3990082703-2204388882-176178493-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3990082703-2204388882-176178493-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E5BB2A-2FA4-45C9-AFAD-93D0936B67BC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {228B4E99-9224-4C0C-9D90-73D2B813559F} - System32\Tasks\{27E78AB5-D2BD-411E-A94D-45325E4D248D} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {492E6906-03F4-4796-AC55-AB3DECE53230} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4F758B45-166B-438A-BC80-05969D48EC1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-12] (Adobe Systems Incorporated)
Task: {510918BC-163A-45B8-A8AD-A9C4BD4651B8} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {67AACEF6-2B76-41DB-B899-67B11C894EC5} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {86C23044-5E5A-4403-BF70-5DBD6B941590} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {928D171A-FCC3-4969-9AD7-76C3A29B65C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {AADD9596-942C-45F2-8C05-45A6136DCBDE} - System32\Tasks\4456 => Wscript.exe C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {BA3B219A-C755-4ADA-ABBD-E6B64345E517} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender\bdproductdata.exe
Task: {F8A16CE2-8FF1-4D52-8207-67210D22ADCC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {FF432168-9800-4907-8B63-BDAB6AD2D174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-08 18:32 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\abm.com -> hxxps://access.abm.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3990082703-2204388882-176178493-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BB4xl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3990082703-2204388882-176178493-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F5339C1A-6204-42ED-AE24-04DA8EEDA81B}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8AB17CB8-743A-4BC5-87F8-BB5039A45BE0}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5A0C16A0-4392-4FA1-B80D-AED26933B205}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{880FCE76-BF4E-4F8E-8EDE-DE271D06F283}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41C2196A-1CAE-4518-8301-3932CFDA9250}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4482F062-9E2C-4539-83BD-D7829B36D147}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-02-2017 17:06:38 Restore Operation
02-02-2017 22:32:15 McAfee Vulnerability Scanner
02-02-2017 22:33:22 Windows Update
04-02-2017 12:56:40 Restore Operation
12-02-2017 11:38:21 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2017 11:07:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1724

Start Time: 01d28549d8626cfc

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (02/11/2017 11:30:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db
Faulting module name: nvwgf2um.dll, version: 9.18.13.2049, time stamp: 0x51c4104b
Exception code: 0xc0000005
Fault offset: 0x001b4e0e
Faulting process id: 0x165c
Faulting application start time: 0x01d284843524e4c3
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\nvwgf2um.dll
Report Id: 77114481-f077-11e6-9606-00248c4b30ab

Error: (02/10/2017 12:49:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 77c

Start Time: 01d283c4d8659e5d

Termination Time: 63

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (02/08/2017 06:26:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db
Faulting module name: user32.DLL, version: 6.1.7601.23594, time stamp: 0x58249e1c
Exception code: 0xc0000005
Fault offset: 0x0002a00c
Faulting process id: 0x1d44
Faulting application start time: 0x01d2824fddfc9a4a
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\syswow64\user32.DLL
Report Id: 05af89b5-ee56-11e6-8a5b-00248c4b30ab

Error: (02/08/2017 12:32:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18538, time stamp: 0x582749db
Faulting module name: MSHTML.dll, version: 11.0.9600.18538, time stamp: 0x58275c38
Exception code: 0xc0000005
Fault offset: 0x000a9b6d
Faulting process id: 0x1d58
Faulting application start time: 0x01d282306bc80af9
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: 88d512b4-ee24-11e6-8a5b-00248c4b30ab

Error: (02/04/2017 02:31:44 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.

Error: (02/04/2017 02:09:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005.

Error: (02/04/2017 01:55:38 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/04/2017 01:55:35 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/04/2017 01:54:45 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

System errors:
=============
Error: (02/12/2017 10:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2017 10:06:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/12/2017 10:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2017 10:06:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2017 10:05:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 6143.29 MB
Available physical RAM: 3702.02 MB
Total Virtual: 12284.76 MB
Available Virtual: 8934.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:863.18 GB) NTFS
Drive d: (HP) (Fixed) (Total:687.44 GB) (Free:630.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.2 GB) (Free:1.03 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=687.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C36D26B)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Did you have Bitdefender Anti virus installed at one time ? I see a lot of left over files of it that I'd like to remove.
  • 0

#5
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yes I did have Bitdefender at one time.  When I uninstalled it I used their uninstall link. 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello,

Lets get rid if the left over Bitdefender files using this fix.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin
2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin
2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin
2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin
2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin
2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin
2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-01-18 07:16 - 2013-01-18 07:16 - 0559480 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 1028648 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 0354528 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll
2013-01-18 07:15 - 2013-01-18 07:15 - 0709920 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStInst.exe
2006-10-30 05:35 - 2006-10-30 05:35 - 0145184 ____R (Microsoft Corporation) C:\Users\Bob\AppData\Local\Temp\ose00000.exe
2015-12-02 10:05 - 2015-12-02 10:05 - 0120336 _____ (McAfee, Inc.) C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll
Task: {AADD9596-942C-45F2-8C05-45A6136DCBDE} - System32\Tasks\4456 => Wscript.exe C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {BA3B219A-C755-4ADA-ABBD-E6B64345E517} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender\bdproductdata.exe
C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B
C:\Program Files\Bitdefender
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012.exe:BDU [0]
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
C:\Program Files\Common Files\Bitdefender
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Please run the clean tool for Malwarebytes way down at the bottom of the page,
https://forums.malwa...emoval-process/

Then
Reinstall Malwarebytes.
  • 0

#7
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I think I may have made a mistake.  I did not run this as the administrator. I use a different computer user  when I am on the internet not the administrator desk top.  Should I run it again as the administrator?


  • 0

#8
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here are the files

Attached Files


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Yes. right click on FRST and run as administrator.

Also the fixlist that I made must be in this location-->C:\Users\BB4xl\Downloads

Fixlist and FRST must always be in the same location.
  • 0

#10
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I ran as instructed

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 01
Ran by Boss (administrator) on BOB-PC (15-02-2017 14:17:46)
Running from C:\Users\Boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64HEPRPL
Loaded Profiles: UpdatusUser & BB4xl & Boss (Available Profiles: Bob & UpdatusUser & BB4xl & Boss)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_221_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6A57956D-12C0-4890-9E00-104414C22D88}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3990082703-2204388882-176178493-1004 -> {A8E90CBC-057E-4737-935C-900EF9969C32} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\yayhxogh.default [2017-02-05]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-08-08] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 14:13 - 2017-02-15 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-15 09:00 - 2017-02-15 09:00 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-14 23:47 - 2017-02-14 23:47 - 00025700 _____ C:\Users\BB4xl\Desktop\FRST.txt
2017-02-14 23:37 - 2017-02-14 23:37 - 00019015 _____ C:\Users\BB4xl\Desktop\Addition.txt
2017-02-14 23:36 - 2017-02-14 23:36 - 00019015 _____ C:\Users\BB4xl\Downloads\Addition.txt
2017-02-14 23:35 - 2017-02-14 23:36 - 00025700 _____ C:\Users\BB4xl\Downloads\FRST.txt
2017-02-14 23:33 - 2017-02-14 23:34 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64 (2).exe
2017-02-14 23:30 - 2017-02-14 23:30 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64 (1).exe
2017-02-14 23:29 - 2017-02-14 23:29 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64.exe
2017-02-14 23:28 - 2017-02-15 14:13 - 00006441 _____ C:\Users\BB4xl\Desktop\Fixlist.txt
2017-02-13 08:54 - 2017-02-15 14:12 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-12 22:05 - 2017-02-15 14:17 - 00000000 ____D C:\FRST
2017-02-11 13:11 - 2017-02-11 13:11 - 00000000 _____ C:\Users\BB4xl\ipconfig
2017-02-07 23:11 - 2017-02-07 23:11 - 00002976 _____ C:\Windows\System32\Tasks\{27E78AB5-D2BD-411E-A94D-45325E4D248D}
2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-19 20:27 - 2017-01-19 20:27 - 00941192 _____ C:\Windows\Minidump\011917-17160-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 14:15 - 2013-10-08 21:00 - 00000000 ____D C:\Temp
2017-02-15 14:12 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-15 14:12 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-15 14:07 - 2014-03-31 20:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-15 14:06 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 14:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-15 14:02 - 2013-08-08 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-15 14:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-14 23:07 - 2014-03-31 20:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 23:07 - 2013-08-08 19:41 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 23:07 - 2013-08-08 19:41 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 11:20 - 2017-01-01 08:18 - 00000000 ____D C:\Users\Bob\Desktop\things to organize
2017-02-14 11:18 - 2013-09-24 10:33 - 00000000 ___RD C:\Users\Bob\Documents\Scanned Documents
2017-02-13 16:59 - 2013-08-10 09:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 12:16 - 2016-01-16 20:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-13 12:13 - 2016-01-16 20:09 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-12 11:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-11 13:11 - 2013-09-12 19:43 - 00000000 ____D C:\Users\BB4xl
2017-02-08 10:47 - 2016-01-16 20:07 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-07 22:43 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-05 11:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-02-04 17:53 - 2017-01-07 15:09 - 00000000 ____D C:\AdwCleaner
2017-02-04 17:01 - 2014-12-03 08:30 - 00583762 _____ C:\Windows\ntbtlog.txt
2017-02-04 16:35 - 2013-11-17 00:20 - 00000000 ____D C:\Users\Boss
2017-02-04 16:35 - 2013-08-08 18:32 - 00000000 ____D C:\Users\UpdatusUser
2017-02-04 16:34 - 2013-08-08 13:01 - 00000000 ____D C:\Users\Bob
2017-02-04 16:33 - 2016-01-16 20:09 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-04 16:33 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files\McAfee
2017-02-04 16:33 - 2015-02-23 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-04 16:33 - 2014-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-04 16:33 - 2013-08-26 19:23 - 00000000 ____D C:\Windows\Minidump
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-02-04 16:31 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-04 16:30 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-02 22:44 - 2014-09-02 17:45 - 00000000 ____D C:\Users\Boss\AppData\Local\Adobe
2017-02-02 22:44 - 2013-10-05 18:05 - 00000000 ____D C:\Users\BB4xl\AppData\Local\Adobe
2017-02-02 22:34 - 2013-08-09 19:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 16:48 - 2014-10-28 07:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 16:48 - 2014-10-28 07:34 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-02 15:43 - 2013-11-18 22:25 - 00000000 ___RD C:\Users\BB4xl\Documents\Scanned Documents
2017-02-02 12:36 - 2014-02-02 11:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 12:36 - 2014-02-02 11:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-19 21:14 - 2016-11-26 00:08 - 00000000 ____D C:\Users\BB4xl\Desktop\Recites
2017-01-19 20:27 - 2013-08-26 19:23 - 598985133 _____ C:\Windows\MEMORY.DMP
2017-01-19 09:27 - 2016-08-22 18:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-07-01 18:48 - 2014-07-01 18:48 - 0000041 _____ () C:\Users\Boss\AppData\Roaming\WB.CFG
2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin
2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin
2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin
2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin
2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin
2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin

Some files in TEMP:
====================
2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-01-18 07:16 - 2013-01-18 07:16 - 0559480 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 1028648 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 0354528 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll
2013-01-18 07:15 - 2013-01-18 07:15 - 0709920 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStInst.exe
2006-10-30 05:35 - 2006-10-30 05:35 - 0145184 ____R (Microsoft Corporation) C:\Users\Bob\AppData\Local\Temp\ose00000.exe
2015-12-02 10:05 - 2015-12-02 10:05 - 0120336 _____ (McAfee, Inc.) C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 11:31

==================== End of FRST.txt ============================

 

I also unistalled and reinstalled Malware bytes.  It is working right now.


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello, where's the fixlog.txt

Please review these instructions on providing the Fixlog.txt.

Click Format and ensure Wordwrap is unchecked.
*Save as Fixlist.txt to your Desktop (Must be in this location)
*Run FRST/FRST64 and press the Fix button just once and wait.
*If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
*The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

_____________________________________________________________________________________________________________________________________________
You already have the fixlist on the desktop. So you're good there :)
You need to put FRST64 on the desktop!
Currently FRST64 is here C:\Users\BB4xl\Downloads\FRST64.exe Get it out of the downloads folder and put it on the desktop, you have 3 copies of sitting in the downloads folder.

1.Go into your downloads folder C:\Users\BB4xl\Downloads, find FRST64
2.Right click on it
3.Choose cut
4.Go back to the desktop. On an empty space on the desktop, right click and choose paste. This will move FRST64 to the desktop.
________________________________________________________________________________________________________________________________________________
Now we have FRST64 and the fixlist in the same location (Desktop) So now the fix will work.
To do the fix and make a fixlog
1.Right click on FRST64
2.Choose "Run as Administrator"
3.FRST64 opens
4.Click Fix
5.The Fix will run in 2 mins and make a log on the desktop called Fixlog.txt

Post it please.
  • 0

#12
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Sorry

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Boss (15-02-2017 22:19:56) Run:1
Running from C:\Users\BB4xl\Desktop
Loaded Profiles: Bob & UpdatusUser & BB4xl & Boss (Available Profiles: Bob & UpdatusUser & BB4xl & Boss)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin
2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin
2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin
2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin
2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin
2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin
2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-01-18 07:16 - 2013-01-18 07:16 - 0559480 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 1028648 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 0354528 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll
2013-01-18 07:15 - 2013-01-18 07:15 - 0709920 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStInst.exe
2006-10-30 05:35 - 2006-10-30 05:35 - 0145184 ____R (Microsoft Corporation) C:\Users\Bob\AppData\Local\Temp\ose00000.exe
2015-12-02 10:05 - 2015-12-02 10:05 - 0120336 _____ (McAfee, Inc.) C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll
Task: {AADD9596-942C-45F2-8C05-45A6136DCBDE} - System32\Tasks\4456 => Wscript.exe C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {BA3B219A-C755-4ADA-ABBD-E6B64345E517} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender\bdproductdata.exe
C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B
C:\Program Files\Bitdefender
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012.exe:BDU [0]
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
C:\Program Files\Common Files\Bitdefender
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\System\CurrentControlSet\Services\MWAC => key removed successfully
MWAC => service removed successfully
C:\ProgramData\1376045637.bdinstall.bin => moved successfully
C:\ProgramData\1389613987.bdinstall.bin => moved successfully
C:\ProgramData\1389659456.bdinstall.bin => moved successfully
C:\ProgramData\1389659713.bdinstall.bin => moved successfully
C:\ProgramData\1389665944.bdinstall.bin => moved successfully
C:\ProgramData\1452991892.bdinstall.bin => moved successfully
C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe => moved successfully
C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => moved successfully
C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll => moved successfully
C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\Bob\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Bob\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AADD9596-942C-45F2-8C05-45A6136DCBDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADD9596-942C-45F2-8C05-45A6136DCBDE} => key removed successfully
C:\Windows\System32\Tasks\4456 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4456 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BA3B219A-C755-4ADA-ABBD-E6B64345E517} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA3B219A-C755-4ADA-ABBD-E6B64345E517} => key removed successfully
C:\Windows\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => key removed successfully
"C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B" => not found.
C:\Program Files\Bitdefender => moved successfully
C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\BB4xl\Downloads\BDSysLog_i.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe => ":BDU" ADS removed successfully.
C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Bob\Desktop\check dental 3-17.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Bob\Desktop\check dental 3-17.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Bob\Desktop\Dental Mar 17.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Bob\Desktop\Dental Mar 17.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Users\Bob\Downloads\CitrixOnlinePluginWeb (1).exe => ":BDU" ADS removed successfully.
C:\Users\Bob\Downloads\CitrixOnlinePluginWeb.exe => ":BDU" ADS removed successfully.
C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012(1).exe => ":BDU" ADS removed successfully.
C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012.exe => ":BDU" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => value removed successfully
C:\Program Files\Common Files\Bitdefender => moved successfully
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value removed successfully
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent => value removed successfully
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent => value removed successfully

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6887388 B
Java, Flash, Steam htmlcache => 1685 B
Windows/system/drivers => 1185396175 B
Edge => 0 B
Chrome => 883698 B
Firefox => 4568205 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42624407 B
systemprofile32 => 75696 B
LocalService => 66228 B
NetworkService => 70494 B
Bob => 766822563 B
UpdatusUser => 0 B
BB4xl => 518927351 B
Boss => 224790531 B

RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:23:23 ====


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Well done! No need to be sorry. This stuff can get absolutely confusing.

Does McAfee work ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#14
BB4xl

BB4xl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Boss (administrator) on BOB-PC (15-02-2017 22:51:33)
Running from C:\Users\Boss\Downloads
Loaded Profiles: UpdatusUser & BB4xl & Boss (Available Profiles: Bob & UpdatusUser & BB4xl & Boss)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_221_ActiveX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6A57956D-12C0-4890-9E00-104414C22D88}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3990082703-2204388882-176178493-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3990082703-2204388882-176178493-1004 -> {A8E90CBC-057E-4737-935C-900EF9969C32} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\yayhxogh.default [2017-02-15]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default [2017-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-08-08] (Intel Corporation)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-15] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 22:53 - 2017-02-15 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-15 22:51 - 2017-02-15 22:51 - 00000000 ____D C:\Users\Boss\Downloads\FRST-OlderVersion
2017-02-15 22:48 - 2017-02-15 22:48 - 00023823 _____ C:\Users\BB4xl\Desktop\FRST.txt
2017-02-15 22:48 - 2017-02-15 22:48 - 00016064 _____ C:\Users\BB4xl\Desktop\Addition.txt
2017-02-15 22:38 - 2017-02-15 22:39 - 00000000 ____D C:\Users\BB4xl\Desktop\FrST
2017-02-15 14:49 - 2017-02-15 22:49 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-15 14:46 - 2017-02-15 22:32 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-15 14:46 - 2017-02-15 22:32 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-15 14:46 - 2017-02-15 22:31 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-15 14:46 - 2017-02-15 14:46 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-15 14:46 - 2017-02-15 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-15 14:46 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-15 14:39 - 2017-02-15 14:39 - 00566128 _____ (Malwarebytes) C:\Users\Boss\Desktop\mbam-clean-2.3.0.1001.exe
2017-02-15 14:35 - 2017-02-15 14:39 - 00023111 _____ C:\Users\Boss\Downloads\Addition.txt
2017-02-15 14:34 - 2017-02-15 22:57 - 00015021 _____ C:\Users\Boss\Downloads\FRST.txt
2017-02-15 14:34 - 2017-02-15 14:34 - 00026196 _____ C:\Users\Boss\Documents\FRST.txt
2017-02-15 14:32 - 2017-02-15 22:51 - 02422272 _____ (Farbar) C:\Users\Boss\Downloads\FRST64.exe
2017-02-15 09:00 - 2017-02-15 09:00 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-14 23:36 - 2017-02-14 23:36 - 00019015 _____ C:\Users\BB4xl\Downloads\Addition.txt
2017-02-14 23:35 - 2017-02-14 23:36 - 00025700 _____ C:\Users\BB4xl\Downloads\FRST.txt
2017-02-14 23:29 - 2017-02-14 23:29 - 02422784 _____ (Farbar) C:\Users\BB4xl\Downloads\FRST64.exe
2017-02-13 08:54 - 2017-02-15 22:15 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-12 22:05 - 2017-02-15 22:51 - 00000000 ____D C:\FRST
2017-02-11 13:11 - 2017-02-11 13:11 - 00000000 _____ C:\Users\BB4xl\ipconfig
2017-02-07 23:11 - 2017-02-07 23:11 - 00002976 _____ C:\Windows\System32\Tasks\{27E78AB5-D2BD-411E-A94D-45325E4D248D}
2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-19 20:27 - 2017-01-19 20:27 - 00941192 _____ C:\Windows\Minidump\011917-17160-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 22:50 - 2013-10-08 21:00 - 00000000 ____D C:\Temp
2017-02-15 22:39 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-15 22:39 - 2009-07-13 23:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-15 22:36 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 22:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-15 22:31 - 2013-08-08 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-15 22:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-15 22:15 - 2014-03-31 20:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-15 14:39 - 2014-10-28 07:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-14 23:07 - 2014-03-31 20:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 23:07 - 2013-08-08 19:41 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 23:07 - 2013-08-08 19:41 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 23:07 - 2013-08-08 19:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 11:20 - 2017-01-01 08:18 - 00000000 ____D C:\Users\Bob\Desktop\things to organize
2017-02-14 11:18 - 2013-09-24 10:33 - 00000000 ___RD C:\Users\Bob\Documents\Scanned Documents
2017-02-13 16:59 - 2013-08-10 09:03 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 12:16 - 2016-01-16 20:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-13 12:13 - 2016-01-16 20:09 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-12 11:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-11 13:11 - 2013-09-12 19:43 - 00000000 ____D C:\Users\BB4xl
2017-02-08 10:47 - 2016-01-16 20:07 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-07 22:43 - 2009-07-14 00:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-05 11:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-02-04 17:53 - 2017-01-07 15:09 - 00000000 ____D C:\AdwCleaner
2017-02-04 17:01 - 2014-12-03 08:30 - 00583762 _____ C:\Windows\ntbtlog.txt
2017-02-04 16:35 - 2013-11-17 00:20 - 00000000 ____D C:\Users\Boss
2017-02-04 16:35 - 2013-08-08 18:32 - 00000000 ____D C:\Users\UpdatusUser
2017-02-04 16:34 - 2013-08-08 13:01 - 00000000 ____D C:\Users\Bob
2017-02-04 16:33 - 2016-01-16 20:09 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-04 16:33 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files\McAfee
2017-02-04 16:33 - 2015-02-23 23:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-04 16:33 - 2013-08-26 19:23 - 00000000 ____D C:\Windows\Minidump
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-04 16:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-02-04 16:30 - 2016-01-16 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-02 22:44 - 2014-09-02 17:45 - 00000000 ____D C:\Users\Boss\AppData\Local\Adobe
2017-02-02 22:44 - 2013-10-05 18:05 - 00000000 ____D C:\Users\BB4xl\AppData\Local\Adobe
2017-02-02 22:34 - 2013-08-09 19:19 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 15:43 - 2013-11-18 22:25 - 00000000 ___RD C:\Users\BB4xl\Documents\Scanned Documents
2017-02-02 12:36 - 2014-02-02 11:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 12:36 - 2014-02-02 11:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-19 21:14 - 2016-11-26 00:08 - 00000000 ____D C:\Users\BB4xl\Desktop\Recites
2017-01-19 20:27 - 2013-08-26 19:23 - 598985133 _____ C:\Windows\MEMORY.DMP
2017-01-19 09:27 - 2016-08-22 18:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-07-01 18:48 - 2014-07-01 18:48 - 0000041 _____ () C:\Users\Boss\AppData\Roaming\WB.CFG

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 11:31

==================== End of FRST.txt ============================

 

 

 

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Boss (15-02-2017 22:58:11)
Running from C:\Users\Boss\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-08-08 18:01:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3990082703-2204388882-176178493-500 - Administrator - Disabled)
BB4xl (S-1-5-21-3990082703-2204388882-176178493-1004 - Limited - Enabled) => C:\Users\BB4xl
Bob (S-1-5-21-3990082703-2204388882-176178493-1000 - Limited - Enabled) => C:\Users\Bob
Boss (S-1-5-21-3990082703-2204388882-176178493-1005 - Administrator - Enabled) => C:\Users\Boss
Guest (S-1-5-21-3990082703-2204388882-176178493-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3990082703-2204388882-176178493-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3990082703-2204388882-176178493-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E5BB2A-2FA4-45C9-AFAD-93D0936B67BC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {228B4E99-9224-4C0C-9D90-73D2B813559F} - System32\Tasks\{27E78AB5-D2BD-411E-A94D-45325E4D248D} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Task: {492E6906-03F4-4796-AC55-AB3DECE53230} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4F758B45-166B-438A-BC80-05969D48EC1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {510918BC-163A-45B8-A8AD-A9C4BD4651B8} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {641C2D40-67A9-448E-9A28-A28D8139EF02} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-13] (McAfee, Inc.)
Task: {67AACEF6-2B76-41DB-B899-67B11C894EC5} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {86C23044-5E5A-4403-BF70-5DBD6B941590} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {928D171A-FCC3-4969-9AD7-76C3A29B65C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {95523827-2D8A-4DF5-85D3-B5DBB7DBA827} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {BEE444A9-B8E4-40F9-A833-C8491258F901} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-13] (McAfee, Inc.)
Task: {FF432168-9800-4907-8B63-BDAB6AD2D174} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-08 18:32 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-15 14:46 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-15 14:46 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-15 14:46 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3990082703-2204388882-176178493-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BB4xl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3990082703-2204388882-176178493-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

02-02-2017 22:32:15 McAfee Vulnerability Scanner
02-02-2017 22:33:22 Windows Update
04-02-2017 12:56:40 Restore Operation
12-02-2017 11:38:21 Scheduled Checkpoint
15-02-2017 22:20:32 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2017 10:26:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651
Exception code: 0xc0000005
Fault offset: 0x0000000000026483
Faulting process id: 0xb70
Faulting application start time: 0x01d28804635ca524
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: b0481663-f3f7-11e6-a915-00248c4b30ab

System errors:
=============
Error: (02/15/2017 10:32:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (02/15/2017 10:29:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (02/15/2017 10:28:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 49%
Total physical RAM: 6143.29 MB
Available physical RAM: 3131.93 MB
Total Virtual: 12284.76 MB
Available Virtual: 9139.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:865.58 GB) NTFS
Drive d: (HP) (Fixed) (Total:687.44 GB) (Free:630.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.2 GB) (Free:1.03 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=687.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5C36D26B)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Does McAfee open now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP