Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Recently Has Gotten Very Slow


  • This topic is locked This topic is locked
36 replies to this topic

#1 malwarewritersbegone

malwarewritersbegone

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 February 2017 - 10:16 PM

Like title says, this had been fairly recent. Prior is was not anything like this, say 3 weeks ago (Good) vs 1-1/2 weeks ago up until now (Not good).

 

It will often use 100% CPU, and if not using 100, it will be typically at a very high %, even when little is being done. Firefox seems to exasperate the issue and will almost certainly guarantee it will be at or near 100% CPU when running, specially when actively browsing. I cannot say that this was the case before the slow down because I have only looked at the Task Manager since the slow down, but seems like it should not be consistently "redlining" at 100%.

 

My computer is not the best but not the worst either:

Windows 7

64-bit

8 GB Ram

2 TB HDD (1+1)

 

I did have a Chromium get on my computer as well as Bytefence. Neither on purpose, I think they got bundled in with something I installed; I am usually very conscious of that, but apparently they slipped by this time. I did try to remove them and appeared to do so, not sure if more needs to be done or if maybe they are harmless.

 

Thank you for the help,

Mike


Edited by malwarewritersbegone, 16 February 2017 - 06:26 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 16 February 2017 - 07:01 AM

Hello malwarewritersbegone and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

Chromium:

If you have not installed and are not using it, you can remove it.

https://www.chromium.org/

 

Bytefence:

https://www.bytefence.com/

Please Uninstall with RevoUninstaller Free:

 

PC restart now:

==================================================================

Please do the following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: Additional.txt
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 16 February 2017 - 08:33 PM

Hello Yılmaz, thank you very much.

 

The text from both FRST.txt is below.

 

The instructions for the Addition.txt file appeared to distinguish that I was to attach it, but I cannot see where I would do that, am I to attached or copy text into response.

 

Also, I had uninstalled Chromium and Bytefence prior to starting this thread. I looked for both using the Revouninstaller but they were not there, so it was not used.

 

Thank you again.

 

FRST.txt Contents

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Mike (administrator) on DELL2015 (16-02-2017 20:16:50)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Madalyn & Connor & Jennifer & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(MoRUN.net) C:\Program Files (x86)\MoRUN.net\StickerLite\sticker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(AVAST Software) C:\Users\Mike\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [MoRUN.net Sticker Lite] => C:\Program Files (x86)\MoRUN.net\StickerLite\sticker.exe [451072 2010-07-26] (MoRUN.net)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [Chromium] => c:\users\mike\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {2eb76c02-0213-11e6-a46f-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {fdd97f9e-32db-11e5-88ce-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-07-20]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-31]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{36004F02-9451-4A24-9142-924954657A20}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4219196489-842190279-1500163477-1000 -> DefaultScope {DBEBD116-E2B2-417F-B6EC-A96D60C44EA1} URL =
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zd2lxed9.default
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\zd2lxed9.default -> about:newtab
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\zd2lxed9.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\zd2lxed9.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\zd2lxed9.default -> user_pref("keyword.URL", true);
FF Extension: (Drag & DropZones) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\dendzones@captaincaveman.nl.xpi [2016-12-02]
FF Extension: (Firefox Hotfix) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Lightbeam) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-07-16]
FF Extension: (Tab Memory Usage) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2017-02-08]
FF Extension: (Shortcuts for Google™ Products) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-SVJwkBGCTt4PyQ@jetpack.xpi [2016-07-02]
FF Extension: (Tab Counter) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabcounter@morac.xpi [2016-03-12]
FF Extension: (Tab Groups) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-29]
FF Extension: (DownThemAll!) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-01]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-15]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\dictionarycom.xml [2015-08-11]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\McSiteAdvisor.xml [2016-02-26]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\youtube-video-search.xml [2015-08-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-07] [not signed]
FF HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-07-20] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-05]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-16] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:16 - 2017-02-16 20:17 - 00021753 _____ C:\Users\Mike\Desktop\FRST.txt
2017-02-16 20:16 - 2017-02-16 20:16 - 00000000 ____D C:\FRST
2017-02-16 20:16 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2017-02-16 20:15 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 20:08 - 2017-02-16 20:08 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-16 20:06 - 2017-02-16 20:06 - 07097928 _____ (VS Revo Group ) C:\Users\Mike\Downloads\revosetup.exe
2017-02-16 05:53 - 2017-02-16 05:53 - 00001254 _____ C:\Windows\system32\.crusader
2017-02-16 00:15 - 2017-02-16 05:55 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 00:15 - 2017-02-16 00:15 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 00:12 - 2017-02-16 05:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-16 00:12 - 2017-02-16 00:13 - 11581544 _____ (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro_x64.exe
2017-02-15 21:18 - 2017-02-16 20:10 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-15 06:48 - 1999-06-02 18:55 - 00074000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrclr40.dll
2017-02-15 06:48 - 1999-06-02 18:55 - 00028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrecr40.dll
2017-02-15 06:47 - 2017-02-15 06:47 - 00001409 _____ C:\Users\Public\Desktop\Service Information.lnk
2017-02-15 06:47 - 2017-02-15 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ford Motor Company
2017-02-15 06:46 - 2017-02-15 06:48 - 00000000 ____D C:\TSO
2017-02-15 06:46 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2017-02-15 06:35 - 2017-02-16 20:00 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-15 06:35 - 2017-02-15 06:35 - 00003030 _____ C:\Windows\System32\Tasks\{3EA46B16-A4BD-4256-B25C-057498D615F0}
2017-02-14 06:56 - 2017-02-15 22:45 - 00002510 _____ C:\Users\Mike\Desktop\Rkill.txt
2017-02-14 06:56 - 2017-02-14 06:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mike\Downloads\rkill.exe
2017-02-14 06:08 - 2017-02-15 23:56 - 00000000 ____D C:\AdwCleaner
2017-02-14 05:49 - 2017-02-16 20:12 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-14 05:48 - 2017-02-14 05:48 - 04015056 _____ C:\Users\Mike\Downloads\adwcleaner_6.043.exe
2017-02-14 05:48 - 2017-02-14 05:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-14 05:48 - 2017-02-14 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-14 05:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-14 05:47 - 2017-02-14 05:47 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-14 05:46 - 2017-02-14 05:47 - 55566792 _____ (Malwarebytes ) C:\Users\Mike\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-12 16:47 - 2017-02-12 16:47 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-12 16:47 - 2017-02-12 16:47 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-12 08:19 - 2017-02-12 08:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-12 08:18 - 2017-02-12 08:18 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-07 06:43 - 2016-08-01 19:39 - 00087928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-02-06 19:09 - 2017-02-15 23:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\VMware
2017-02-06 19:09 - 2017-02-07 06:14 - 00000000 ____D C:\Users\Mike\AppData\Local\VMware
2017-02-06 18:58 - 2017-02-16 00:01 - 00000000 ____D C:\ProgramData\VMware
2017-02-06 18:42 - 2017-02-15 06:32 - 00000000 ____D C:\FORD
2017-01-31 23:03 - 2017-01-31 23:03 - 00001199 _____ C:\Users\Mike\Desktop\Any Video Converter.lnk
2017-01-31 23:01 - 2017-02-06 19:08 - 00000000 ____D C:\Users\Mike\AppData\Local\{2F691935-0BC1-758D-6659-50654231ACFD}
2017-01-31 07:01 - 2017-01-31 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-21 12:19 - 2017-01-21 12:19 - 00018186 _____ C:\Users\Madalyn\Desktop\th.jpeg
2017-01-21 11:59 - 2017-01-21 11:59 - 00041838 _____ C:\Users\Madalyn\Desktop\Pressemitteilungscholl.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:17 - 2009-07-14 00:13 - 00848742 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-16 20:15 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:15 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:14 - 2016-11-19 09:19 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Mozilla
2017-02-16 20:12 - 2016-04-27 05:23 - 00000000 ____D C:\Temp
2017-02-16 20:12 - 2015-07-20 01:38 - 00000000 ____D C:\ProgramData\Kodak
2017-02-16 20:12 - 2015-07-20 00:44 - 00000000 ___HD C:\Users\Mike
2017-02-16 20:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-16 20:12 - 2009-07-13 23:45 - 00460176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-16 20:07 - 2015-07-20 02:38 - 00000000 ____D C:\Program Files (x86)\SolidWorks
2017-02-16 05:53 - 2015-08-03 20:38 - 00000000 ___HD C:\Users\Mike\AppData\Local\Amazon Music
2017-02-16 00:06 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-16 00:05 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 06:48 - 2016-03-12 08:19 - 00001144 _____ C:\Windows\ODBCINST.INI
2017-02-15 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 06:46 - 2016-04-27 05:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-15 06:30 - 2015-12-05 10:41 - 00004482 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4219196489-842190279-1500163477-1000
2017-02-14 06:26 - 2015-07-20 02:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\MediaMonkey
2017-02-14 05:47 - 2015-11-11 04:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-12 16:47 - 2016-11-19 08:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 16:47 - 2015-08-07 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 23:20 - 2016-04-10 07:52 - 00000000 ____D C:\Users\Mike\AppData\Local\tkdata
2017-02-07 19:48 - 2015-07-24 19:55 - 00000000 ____D C:\Windows\WindowsMobile
2017-02-07 18:36 - 2015-07-20 01:51 - 00000000 ____D C:\ProgramData\McAfee
2017-02-07 06:44 - 2015-07-20 01:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-07 06:40 - 2015-08-07 21:25 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-06 18:59 - 2015-07-24 20:57 - 00865836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-06 18:40 - 2016-07-30 17:22 - 00000000 ____D C:\Users\Madalyn\AppData\Roaming\MediaMonkey
2017-02-05 14:38 - 2015-07-20 02:50 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity
2017-02-03 06:30 - 2016-04-28 22:35 - 00000287 _____ C:\Users\Mike\AppData\Roaming\WB.CFG
2017-02-02 06:44 - 2015-07-24 21:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2017-01-31 23:04 - 2016-04-28 21:36 - 00000000 ____D C:\Users\Mike\AppData\Local\Chromium
2017-01-31 23:04 - 2016-04-28 21:35 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Anvsoft
2017-01-31 23:02 - 2016-04-28 21:35 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-01-31 07:01 - 2016-11-08 05:51 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-31 07:01 - 2015-11-10 20:20 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-28 16:26 - 2016-11-21 21:41 - 00000000 ____D C:\Users\Madalyn\AppData\LocalLow\Mozilla
2017-01-22 13:41 - 2015-07-20 02:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SolidWorks
2017-01-20 19:22 - 2015-07-24 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 06:31 - 2016-12-13 19:30 - 00003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 06:31 - 2015-11-12 05:50 - 00002153 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

==================== Files in the root of some directories =======

2015-07-20 01:57 - 2015-07-20 01:57 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-28 22:35 - 2017-02-03 06:30 - 0000287 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2016-07-02 14:27 - 2017-02-06 01:23 - 0043698 ____H () C:\Users\Mike\AppData\Local\installer.log

Some files in TEMP:
====================
2016-02-07 09:59 - 2016-02-07 10:00 - 0644704 _____ (Oracle Corporation) C:\Users\Connor\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-10-27 20:06 - 2015-10-27 20:06 - 2323632 _____ () C:\Users\Madalyn\AppData\Local\Temp\dsHostCheckerSetup.exe
2016-02-07 09:59 - 2016-02-07 09:59 - 0644704 _____ (Oracle Corporation) C:\Users\Madalyn\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 00:44

==================== End of FRST.txt ============================



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 17 February 2017 - 06:28 AM

Please FRST open and make sure the Addition.txt button is ticked.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 February 2017 - 06:29 AM

Hello again Yılmaz,

 

Regarding the Additional.txt file and attaching it, I wondered about the "Other Reply Options" and it possibly having attaching options and should have looked at it but for some reason I had not. But it was bothering me that I had not attached the file so I looked  and sure enough, an attach option.

 

For completeness of post, I have re-posted the contents of the FRST.txt file below and also attached the Addition.txt file.

 

Thank you again, and apologies for the delay,

Mike

 

FRST.txt Contents

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Mike (administrator) on DELL2015 (16-02-2017 20:16:50)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Madalyn & Connor & Jennifer & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(MoRUN.net) C:\Program Files (x86)\MoRUN.net\StickerLite\sticker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(AVAST Software) C:\Users\Mike\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [MoRUN.net Sticker Lite] => C:\Program Files (x86)\MoRUN.net\StickerLite\sticker.exe [451072 2010-07-26] (MoRUN.net)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [Chromium] => c:\users\mike\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {2eb76c02-0213-11e6-a46f-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {fdd97f9e-32db-11e5-88ce-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-07-20]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-31]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{36004F02-9451-4A24-9142-924954657A20}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4219196489-842190279-1500163477-1000 -> DefaultScope {DBEBD116-E2B2-417F-B6EC-A96D60C44EA1} URL =
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zd2lxed9.default
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\zd2lxed9.default -> about:newtab
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\zd2lxed9.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\zd2lxed9.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\zd2lxed9.default -> user_pref("keyword.URL", true);
FF Extension: (Drag & DropZones) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\dendzones@captaincaveman.nl.xpi [2016-12-02]
FF Extension: (Firefox Hotfix) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Lightbeam) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-07-16]
FF Extension: (Tab Memory Usage) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2017-02-08]
FF Extension: (Shortcuts for Google™ Products) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-SVJwkBGCTt4PyQ@jetpack.xpi [2016-07-02]
FF Extension: (Tab Counter) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabcounter@morac.xpi [2016-03-12]
FF Extension: (Tab Groups) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-29]
FF Extension: (DownThemAll!) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-01]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-15]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\dictionarycom.xml [2015-08-11]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\McSiteAdvisor.xml [2016-02-26]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\youtube-video-search.xml [2015-08-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-07] [not signed]
FF HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-07-20] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-05]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-16] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:16 - 2017-02-16 20:17 - 00021753 _____ C:\Users\Mike\Desktop\FRST.txt
2017-02-16 20:16 - 2017-02-16 20:16 - 00000000 ____D C:\FRST
2017-02-16 20:16 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2017-02-16 20:15 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 20:08 - 2017-02-16 20:08 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-16 20:06 - 2017-02-16 20:06 - 07097928 _____ (VS Revo Group ) C:\Users\Mike\Downloads\revosetup.exe
2017-02-16 05:53 - 2017-02-16 05:53 - 00001254 _____ C:\Windows\system32\.crusader
2017-02-16 00:15 - 2017-02-16 05:55 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 00:15 - 2017-02-16 00:15 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 00:12 - 2017-02-16 05:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-16 00:12 - 2017-02-16 00:13 - 11581544 _____ (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro_x64.exe
2017-02-15 21:18 - 2017-02-16 20:10 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-15 06:48 - 1999-06-02 18:55 - 00074000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrclr40.dll
2017-02-15 06:48 - 1999-06-02 18:55 - 00028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrecr40.dll
2017-02-15 06:47 - 2017-02-15 06:47 - 00001409 _____ C:\Users\Public\Desktop\Service Information.lnk
2017-02-15 06:47 - 2017-02-15 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ford Motor Company
2017-02-15 06:46 - 2017-02-15 06:48 - 00000000 ____D C:\TSO
2017-02-15 06:46 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2017-02-15 06:35 - 2017-02-16 20:00 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-15 06:35 - 2017-02-15 06:35 - 00003030 _____ C:\Windows\System32\Tasks\{3EA46B16-A4BD-4256-B25C-057498D615F0}
2017-02-14 06:56 - 2017-02-15 22:45 - 00002510 _____ C:\Users\Mike\Desktop\Rkill.txt
2017-02-14 06:56 - 2017-02-14 06:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mike\Downloads\rkill.exe
2017-02-14 06:08 - 2017-02-15 23:56 - 00000000 ____D C:\AdwCleaner
2017-02-14 05:49 - 2017-02-16 20:12 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-14 05:48 - 2017-02-14 05:48 - 04015056 _____ C:\Users\Mike\Downloads\adwcleaner_6.043.exe
2017-02-14 05:48 - 2017-02-14 05:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-14 05:48 - 2017-02-14 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-14 05:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-14 05:47 - 2017-02-14 05:47 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-14 05:46 - 2017-02-14 05:47 - 55566792 _____ (Malwarebytes ) C:\Users\Mike\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-12 16:47 - 2017-02-12 16:47 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-12 16:47 - 2017-02-12 16:47 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-12 08:19 - 2017-02-12 08:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-12 08:18 - 2017-02-12 08:18 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-07 06:43 - 2016-08-01 19:39 - 00087928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-02-06 19:09 - 2017-02-15 23:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\VMware
2017-02-06 19:09 - 2017-02-07 06:14 - 00000000 ____D C:\Users\Mike\AppData\Local\VMware
2017-02-06 18:58 - 2017-02-16 00:01 - 00000000 ____D C:\ProgramData\VMware
2017-02-06 18:42 - 2017-02-15 06:32 - 00000000 ____D C:\FORD
2017-01-31 23:03 - 2017-01-31 23:03 - 00001199 _____ C:\Users\Mike\Desktop\Any Video Converter.lnk
2017-01-31 23:01 - 2017-02-06 19:08 - 00000000 ____D C:\Users\Mike\AppData\Local\{2F691935-0BC1-758D-6659-50654231ACFD}
2017-01-31 07:01 - 2017-01-31 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-21 12:19 - 2017-01-21 12:19 - 00018186 _____ C:\Users\Madalyn\Desktop\th.jpeg
2017-01-21 11:59 - 2017-01-21 11:59 - 00041838 _____ C:\Users\Madalyn\Desktop\Pressemitteilungscholl.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:17 - 2009-07-14 00:13 - 00848742 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-16 20:15 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:15 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:14 - 2016-11-19 09:19 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Mozilla
2017-02-16 20:12 - 2016-04-27 05:23 - 00000000 ____D C:\Temp
2017-02-16 20:12 - 2015-07-20 01:38 - 00000000 ____D C:\ProgramData\Kodak
2017-02-16 20:12 - 2015-07-20 00:44 - 00000000 ___HD C:\Users\Mike
2017-02-16 20:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-16 20:12 - 2009-07-13 23:45 - 00460176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-16 20:07 - 2015-07-20 02:38 - 00000000 ____D C:\Program Files (x86)\SolidWorks
2017-02-16 05:53 - 2015-08-03 20:38 - 00000000 ___HD C:\Users\Mike\AppData\Local\Amazon Music
2017-02-16 00:06 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-16 00:05 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 06:48 - 2016-03-12 08:19 - 00001144 _____ C:\Windows\ODBCINST.INI
2017-02-15 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 06:46 - 2016-04-27 05:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-15 06:30 - 2015-12-05 10:41 - 00004482 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4219196489-842190279-1500163477-1000
2017-02-14 06:26 - 2015-07-20 02:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\MediaMonkey
2017-02-14 05:47 - 2015-11-11 04:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-12 16:47 - 2016-11-19 08:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 16:47 - 2015-08-07 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 23:20 - 2016-04-10 07:52 - 00000000 ____D C:\Users\Mike\AppData\Local\tkdata
2017-02-07 19:48 - 2015-07-24 19:55 - 00000000 ____D C:\Windows\WindowsMobile
2017-02-07 18:36 - 2015-07-20 01:51 - 00000000 ____D C:\ProgramData\McAfee
2017-02-07 06:44 - 2015-07-20 01:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-07 06:40 - 2015-08-07 21:25 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-06 18:59 - 2015-07-24 20:57 - 00865836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-06 18:40 - 2016-07-30 17:22 - 00000000 ____D C:\Users\Madalyn\AppData\Roaming\MediaMonkey
2017-02-05 14:38 - 2015-07-20 02:50 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity
2017-02-03 06:30 - 2016-04-28 22:35 - 00000287 _____ C:\Users\Mike\AppData\Roaming\WB.CFG
2017-02-02 06:44 - 2015-07-24 21:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2017-01-31 23:04 - 2016-04-28 21:36 - 00000000 ____D C:\Users\Mike\AppData\Local\Chromium
2017-01-31 23:04 - 2016-04-28 21:35 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Anvsoft
2017-01-31 23:02 - 2016-04-28 21:35 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-01-31 07:01 - 2016-11-08 05:51 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-31 07:01 - 2015-11-10 20:20 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-28 16:26 - 2016-11-21 21:41 - 00000000 ____D C:\Users\Madalyn\AppData\LocalLow\Mozilla
2017-01-22 13:41 - 2015-07-20 02:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SolidWorks
2017-01-20 19:22 - 2015-07-24 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 06:31 - 2016-12-13 19:30 - 00003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 06:31 - 2015-11-12 05:50 - 00002153 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

==================== Files in the root of some directories =======

2015-07-20 01:57 - 2015-07-20 01:57 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-28 22:35 - 2017-02-03 06:30 - 0000287 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2016-07-02 14:27 - 2017-02-06 01:23 - 0043698 ____H () C:\Users\Mike\AppData\Local\installer.log

Some files in TEMP:
====================
2016-02-07 09:59 - 2016-02-07 10:00 - 0644704 _____ (Oracle Corporation) C:\Users\Connor\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-10-27 20:06 - 2015-10-27 20:06 - 2323632 _____ () C:\Users\Madalyn\AppData\Local\Temp\dsHostCheckerSetup.exe
2016-02-07 09:59 - 2016-02-07 09:59 - 0644704 _____ (Oracle Corporation) C:\Users\Madalyn\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 00:44

==================== End of FRST.txt ============================



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 17 February 2017 - 06:49 AM

also attached the Addition.txt file.

Where is it ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 February 2017 - 08:07 AM

Apologies, I did not notice this site had the 2nd step of "Attach this file" after selecting it. I do not have with me right now and will have to send it later today. Again, apologies.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 17 February 2017 - 09:22 AM

This is not difficult. You can do a new scan


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 February 2017 - 09:30 AM

Apologies, the reason is that it is for my home computer and I am at work. I should be able to get the file uploaded between 6pm and 8pm ET.

 

Thank you again, I really appreciate your prompt actions to this thread.



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 17 February 2017 - 09:34 AM

I understand.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 February 2017 - 07:00 PM

Hello Yılmaz,

 

I hope this does not cause a problem, but I ran FRST again before pasting the results below, for FRST.txt, and attaching the Addition.txt file. So the are both from a run I just did.

 

 

 

FRST.txt Contents

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Mike (administrator) on DELL2015 (17-02-2017 18:51:42)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Madalyn & Connor & Jennifer & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ANDREA VACONDIO) C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(AVAST Software) C:\Users\Mike\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [MoRUN.net Sticker Lite] => C:\Program Files (x86)\MoRUN.net\StickerLite\sticker.exe [451072 2010-07-26] (MoRUN.net)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [Chromium] => c:\users\mike\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {2eb76c02-0213-11e6-a46f-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {fdd97f9e-32db-11e5-88ce-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-07-20]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-31]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{36004F02-9451-4A24-9142-924954657A20}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4219196489-842190279-1500163477-1000 -> DefaultScope {DBEBD116-E2B2-417F-B6EC-A96D60C44EA1} URL =
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-25] (McAfee)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-01] (Intel Security)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: zd2lxed9.default
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default [2017-02-17]
FF NewTab: Mozilla\Firefox\Profiles\zd2lxed9.default -> about:newtab
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\zd2lxed9.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\zd2lxed9.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\zd2lxed9.default -> user_pref("keyword.URL", true);
FF Extension: (Drag & DropZones) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\dendzones@captaincaveman.nl.xpi [2016-12-02]
FF Extension: (Firefox Hotfix) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Lightbeam) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-07-16]
FF Extension: (Tab Memory Usage) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2017-02-08]
FF Extension: (Shortcuts for Google™ Products) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\jid1-SVJwkBGCTt4PyQ@jetpack.xpi [2016-07-02]
FF Extension: (Tab Counter) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabcounter@morac.xpi [2016-03-12]
FF Extension: (Tab Groups) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\tabgroups@quicksaver.xpi [2017-01-29]
FF Extension: (DownThemAll!) - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-01]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-15]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\dictionarycom.xml [2015-08-11]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\McSiteAdvisor.xml [2016-02-26]
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\youtube-video-search.xml [2015-08-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-07] [not signed]
FF HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: (WordWeb one-click lookup) - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-07-20] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-05]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PDFsam Manager; C:\ProgramData\ANDREA VACONDIO\PDFsam Manager\PDFsam Enhanced\PDFsam Manager.exe [1050224 2015-11-13] (ANDREA VACONDIO)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-16] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:19 - 2017-02-16 20:22 - 00035269 _____ C:\Users\Mike\Desktop\Addition.txt
2017-02-16 20:16 - 2017-02-17 18:51 - 00021987 _____ C:\Users\Mike\Desktop\FRST.txt
2017-02-16 20:16 - 2017-02-17 18:51 - 00000000 ____D C:\FRST
2017-02-16 20:16 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2017-02-16 20:15 - 2017-02-16 20:15 - 02422272 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2017-02-16 20:13 - 2017-02-16 20:13 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 20:08 - 2017-02-16 20:08 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-16 20:08 - 2017-02-16 20:08 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-16 20:06 - 2017-02-16 20:06 - 07097928 _____ (VS Revo Group ) C:\Users\Mike\Downloads\revosetup.exe
2017-02-16 05:53 - 2017-02-16 05:53 - 00001254 _____ C:\Windows\system32\.crusader
2017-02-16 00:15 - 2017-02-16 05:55 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 00:15 - 2017-02-16 00:15 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 00:12 - 2017-02-16 05:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-16 00:12 - 2017-02-16 00:13 - 11581544 _____ (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro_x64.exe
2017-02-15 21:18 - 2017-02-16 22:24 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-15 06:48 - 1999-06-02 18:55 - 00074000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrclr40.dll
2017-02-15 06:48 - 1999-06-02 18:55 - 00028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrecr40.dll
2017-02-15 06:47 - 2017-02-15 06:47 - 00001409 _____ C:\Users\Public\Desktop\Service Information.lnk
2017-02-15 06:47 - 2017-02-15 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ford Motor Company
2017-02-15 06:46 - 2017-02-15 06:48 - 00000000 ____D C:\TSO
2017-02-15 06:46 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2017-02-15 06:35 - 2017-02-16 20:00 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-15 06:35 - 2017-02-15 06:35 - 00003030 _____ C:\Windows\System32\Tasks\{3EA46B16-A4BD-4256-B25C-057498D615F0}
2017-02-14 06:56 - 2017-02-15 22:45 - 00002510 _____ C:\Users\Mike\Desktop\Rkill.txt
2017-02-14 06:56 - 2017-02-14 06:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mike\Downloads\rkill.exe
2017-02-14 06:08 - 2017-02-15 23:56 - 00000000 ____D C:\AdwCleaner
2017-02-14 05:49 - 2017-02-16 20:12 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-14 05:48 - 2017-02-16 20:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-14 05:48 - 2017-02-14 05:48 - 04015056 _____ C:\Users\Mike\Downloads\adwcleaner_6.043.exe
2017-02-14 05:48 - 2017-02-14 05:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-14 05:48 - 2017-02-14 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-14 05:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-14 05:47 - 2017-02-14 05:47 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-14 05:46 - 2017-02-14 05:47 - 55566792 _____ (Malwarebytes ) C:\Users\Mike\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-12 16:47 - 2017-02-12 16:47 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-12 16:47 - 2017-02-12 16:47 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-12 08:19 - 2017-02-12 08:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-12 08:18 - 2017-02-12 08:18 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-12 08:18 - 2017-02-12 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-07 06:43 - 2016-08-01 19:39 - 00087928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-02-06 19:09 - 2017-02-15 23:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\VMware
2017-02-06 19:09 - 2017-02-07 06:14 - 00000000 ____D C:\Users\Mike\AppData\Local\VMware
2017-02-06 18:58 - 2017-02-16 00:01 - 00000000 ____D C:\ProgramData\VMware
2017-02-06 18:42 - 2017-02-15 06:32 - 00000000 ____D C:\FORD
2017-01-31 23:03 - 2017-01-31 23:03 - 00001199 _____ C:\Users\Mike\Desktop\Any Video Converter.lnk
2017-01-31 23:01 - 2017-02-06 19:08 - 00000000 ____D C:\Users\Mike\AppData\Local\{2F691935-0BC1-758D-6659-50654231ACFD}
2017-01-31 07:01 - 2017-01-31 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-21 12:19 - 2017-01-21 12:19 - 00018186 _____ C:\Users\Madalyn\Desktop\th.jpeg
2017-01-21 11:59 - 2017-01-21 11:59 - 00041838 _____ C:\Users\Madalyn\Desktop\Pressemitteilungscholl.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-17 06:54 - 2016-11-19 09:19 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Mozilla
2017-02-17 06:34 - 2016-01-03 14:58 - 00000000 ____D C:\Users\Mike\AppData\Local\CutePDF Writer
2017-02-16 20:20 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:20 - 2009-07-13 23:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-16 20:17 - 2009-07-14 00:13 - 00848742 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-16 20:12 - 2016-04-27 05:23 - 00000000 ____D C:\Temp
2017-02-16 20:12 - 2015-07-20 01:38 - 00000000 ____D C:\ProgramData\Kodak
2017-02-16 20:12 - 2015-07-20 00:44 - 00000000 ___HD C:\Users\Mike
2017-02-16 20:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-16 20:12 - 2009-07-13 23:45 - 00460176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-16 20:07 - 2015-07-20 02:38 - 00000000 ____D C:\Program Files (x86)\SolidWorks
2017-02-16 05:53 - 2015-08-03 20:38 - 00000000 ___HD C:\Users\Mike\AppData\Local\Amazon Music
2017-02-16 00:06 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-16 00:05 - 2015-07-20 02:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 06:48 - 2016-03-12 08:19 - 00001144 _____ C:\Windows\ODBCINST.INI
2017-02-15 06:48 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 06:46 - 2016-04-27 05:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-15 06:30 - 2015-12-05 10:41 - 00004482 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4219196489-842190279-1500163477-1000
2017-02-14 06:26 - 2015-07-20 02:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\MediaMonkey
2017-02-14 05:47 - 2015-11-11 04:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-12 16:47 - 2016-11-19 08:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 16:47 - 2015-08-07 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 23:20 - 2016-04-10 07:52 - 00000000 ____D C:\Users\Mike\AppData\Local\tkdata
2017-02-07 19:48 - 2015-07-24 19:55 - 00000000 ____D C:\Windows\WindowsMobile
2017-02-07 18:36 - 2015-07-20 01:51 - 00000000 ____D C:\ProgramData\McAfee
2017-02-07 06:44 - 2015-07-20 01:52 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-07 06:40 - 2015-08-07 21:25 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-06 18:59 - 2015-07-24 20:57 - 00865836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-06 18:40 - 2016-07-30 17:22 - 00000000 ____D C:\Users\Madalyn\AppData\Roaming\MediaMonkey
2017-02-05 14:38 - 2015-07-20 02:50 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity
2017-02-03 06:30 - 2016-04-28 22:35 - 00000287 _____ C:\Users\Mike\AppData\Roaming\WB.CFG
2017-02-02 06:44 - 2015-07-24 21:02 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2017-01-31 23:04 - 2016-04-28 21:36 - 00000000 ____D C:\Users\Mike\AppData\Local\Chromium
2017-01-31 23:04 - 2016-04-28 21:35 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Anvsoft
2017-01-31 23:02 - 2016-04-28 21:35 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-01-31 07:01 - 2016-11-08 05:51 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-31 07:01 - 2015-11-10 20:20 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-28 16:26 - 2016-11-21 21:41 - 00000000 ____D C:\Users\Madalyn\AppData\LocalLow\Mozilla
2017-01-22 13:41 - 2015-07-20 02:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SolidWorks
2017-01-20 19:22 - 2015-07-24 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 06:31 - 2016-12-13 19:30 - 00003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 06:31 - 2015-11-12 05:50 - 00002153 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

==================== Files in the root of some directories =======

2015-07-20 01:57 - 2015-07-20 01:57 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-28 22:35 - 2017-02-03 06:30 - 0000287 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2016-07-02 14:27 - 2017-02-06 01:23 - 0043698 ____H () C:\Users\Mike\AppData\Local\installer.log

Some files in TEMP:
====================
2016-02-07 09:59 - 2016-02-07 10:00 - 0644704 _____ (Oracle Corporation) C:\Users\Connor\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-10-27 20:06 - 2015-10-27 20:06 - 2323632 _____ () C:\Users\Madalyn\AppData\Local\Temp\dsHostCheckerSetup.exe
2016-02-07 09:59 - 2016-02-07 09:59 - 0644704 _____ (Oracle Corporation) C:\Users\Madalyn\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 00:44

==================== End of FRST.txt ============================

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 18 February 2017 - 05:23 AM

Hi malwarewritersbegone,
Thanks. No problem.
 
Do you use Chromium software and You ,do You uploaded it ?
==================================================================

Shortcut: C:\Users\Mike\Desktop\VolumeCtrl.bat - Shortcut.lnk -> C:\Users\Mike\Desktop\VolumeCtrl.bat ()

 

What is this ? Mike, can you ask


Edited by olgun52, 18 February 2017 - 05:58 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 February 2017 - 06:56 AM

Hello,

 

No I do not use Chromium, or Chrome, for that matter. I never intentionally installed Chromium.

 

VolumeCtrl.bat is a very simple batch file I made to launch volume control with keyboard. Its contents are just: "start sndvol.exe"


Edited by malwarewritersbegone, 18 February 2017 - 07:21 AM.


#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 PM

Posted 18 February 2017 - 07:19 AM

Hi
Thank you for informations.
==================================

Windows Firewall is enabled.
McAfee Firewall (Enabled) 

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.
It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

 

I couldnt disable windows firewall

http://www.eightforums.com/tutorials/21962-windows-defender-turn-off-windows-8-a.html

========================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Hitman Pro and Chromium

====================================================================

 

Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Run: [Chromium] => c:\users\mike\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {2eb76c02-0213-11e6-a46f-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4219196489-842190279-1500163477-1000\...\MountPoints2: {fdd97f9e-32db-11e5-88ce-001aa032ee55} - H:\MotorolaDeviceManagerSetup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4219196489-842190279-1500163477-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4219196489-842190279-1500163477-1000 -> DefaultScope {DBEBD116-E2B2-417F-B6EC-A96D60C44EA1} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF DefaultProfile: zd2lxed9.default
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\zd2lxed9.default -> about:newtab
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\zd2lxed9.default -> Secure Search
FF Keyword.URL: Mozilla\Firefox\Profiles\zd2lxed9.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\zd2lxed9.default\searchplugins\youtube-video-search.xml [2015-08-09]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-02-16] ()
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2017-02-16 00:15 - 2017-02-16 05:55 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-02-16 00:15 - 2017-02-16 00:15 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-16 00:15 - 2017-02-16 00:15 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 00:12 - 2017-02-16 05:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-16 00:12 - 2017-02-16 00:13 - 11581544 _____ (SurfRight B.V.) C:\Users\Mike\Downloads\HitmanPro_x64.exe
C:\Users\Mike\AppData\Local\Chromium
2016-02-07 09:59 - 2016-02-07 10:00 - 0644704 _____ (Oracle Corporation) C:\Users\Connor\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-10-27 20:06 - 2015-10-27 20:06 - 2323632 _____ () C:\Users\Madalyn\AppData\Local\Temp\dsHostCheckerSetup.exe
2016-02-07 09:59 - 2016-02-07 09:59 - 0644704 _____ (Oracle Corporation) C:\Users\Madalyn\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Program Files (x86)\SolidWorks
C:\Users\Mike\AppData\Roaming\SolidWorks
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
======================================================

Run ComboFix:

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 malwarewritersbegone

malwarewritersbegone
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 February 2017 - 09:26 AM

Hello Yilmaz,

This m message is through my phone, not the troubled computer. Combo fix has been running for 40 minutes now, showing "Completed Stage_4", for most of that time, is that OK?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users