Infected Dell Inspiron win7

mikehende · October 19, 2017

BTW, the removal process seems to be hanging at a point which is showing "Removing product VS", if that should be stuck there for another, what else can I try? I had told the owner he may need to reinstall OS but he says has some softwares on there which he can;t get back the license info for.

starbuck · October 19, 2017

If you have problems with the removal.... try the eset av removal tool.

It'll remove most av programmes.

https://support.eset.com/kb3527/?locale=en_US

We can clean up any leftovers with frst.

mikehende · October 19, 2017

McAfee is not showing up in the Remover list, only Mbam? Maybe I can try all of this safe mode?

starbuck · October 19, 2017

Try in safe mode.

If still no joy let me have a fresh set of frst reports and we'll do it manually.

mikehende · October 19, 2017

I tried it again this time the MCR tool worked and can now go to the net, anything else needed to do here?

starbuck · October 19, 2017

Just let me have a new set of frst reports and we'll see if there's any leftovers.

Won't be able to write a fix (If needed) until I'm home from work though.... a couple of hours.

mikehende · October 19, 2017

Sure thx but all is working fine.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01

Ran by Webb (administrator) on WEBB-PC (19-10-2017 11:07:13)

Running from E:\

Loaded Profiles: Webb (Available Profiles: Webb)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe

() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)

HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_14\TrayServer.exe

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-03] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [551488 2014-09-23] ()

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-08-11] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Amazon Music] => C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Chromium] => "c:\users\webb\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-18] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-03]

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-10-18]

ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{1BE97A3D-A7FB-498E-9B5F-075F5A5C3C67}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{7BAF68A2-5E5E-4630-A2D4-91496139CC0F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-207249110-600702845-166796750-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-09-26] (RealDownloader)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO-x32: Wondershare AllMyTube 4.3.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-08-11] (Wondershare)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-09-26] (RealDownloader)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:

========

FF ProfilePath: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default [2017-10-18]

FF NewTab: Mozilla\Firefox\Profiles\t8ym71sf.default -> about:newtab

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\t8ym71sf.default -> Bing

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF Homepage: Mozilla\Firefox\Profiles\t8ym71sf.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/

FF Extension: (Transit) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\@Transit.xpi [2017-09-12]

FF Extension: (Bing Extension) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\bingsearch.full@microsoft.com [2017-10-18] [not signed]

FF SearchPlugin: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\searchplugins\bing-.xml [2015-03-28]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-03] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{4642CD99-8FDF-4550-94E1-63360972C326}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com

FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2016-02-10] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-09] (Nero AG)

FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-03] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-03] (RealPlayer Cloud)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin ProgramFiles/Appdata: C:\Users\Webb\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

Chrome:

=======

CHR DefaultProfile: Default

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US1134D20170817&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR Profile: C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default [2017-10-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]

CHR Extension: (Chrome Media Router) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-19]

CHR HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)

R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-03] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()

S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [548864 2008-10-21] (Magix AG) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-19] (Malwarebytes)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )

S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-18 19:30 - 2017-10-18 19:30 - 000000000 ____D C:\Users\Webb\AppData\Roaming\TP-LINK

2017-10-18 19:29 - 2017-10-18 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK

2017-10-18 19:29 - 2017-10-18 19:29 - 000000000 ____D C:\Program Files (x86)\TP-LINK

2017-10-18 19:28 - 2015-06-19 02:54 - 003741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys

2017-10-18 19:28 - 2015-06-19 02:54 - 003741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys

2017-10-18 19:28 - 2015-06-19 02:54 - 000030472 _____ (Windows ® Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll

2017-10-18 19:28 - 2015-06-19 02:53 - 000028467 _____ C:\Windows\system32\netrtwlanu.cat

2017-10-18 19:28 - 2015-02-16 15:19 - 000008320 _____ C:\Windows\system32\rtlCoInst.dat

2017-10-18 19:27 - 2017-10-18 19:29 - 000000000 ____D C:\ProgramData\TP-LINK

2017-10-18 15:14 - 2017-10-18 15:14 - 000004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2017-10-18 12:23 - 2017-10-19 11:07 - 000000000 ____D C:\FRST

2017-10-18 11:54 - 2017-10-18 12:21 - 000000000 ____D C:\AdwCleaner

2017-10-18 11:09 - 2017-10-18 11:18 - 000000258 __RSH C:\ProgramData\ntuser.pol

2017-10-18 10:51 - 2017-10-19 07:34 - 000003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2017-10-18 10:36 - 2017-10-19 10:16 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-10-18 10:36 - 2017-10-18 11:17 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\Program Files\Malwarebytes

2017-10-18 10:36 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-10-09 16:03 - 2017-10-09 16:03 - 000000000 ____D C:\FixMeStick Quarantine

2017-10-09 15:02 - 2017-10-12 23:07 - 000000000 ____D C:\FixMeStick

2017-10-01 00:01 - 2017-10-01 00:01 - 000245712 _____ (Mozilla) C:\Users\Webb\Downloads\Firefox Installer (4).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 11:06 - 2014-03-31 21:02 - 053736246 _____ C:\Windows\ntbtlog.txt

2017-10-19 10:23 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-10-19 10:23 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-10-19 10:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-10-19 10:14 - 2009-07-14 00:45 - 000658640 _____ C:\Windows\system32\FNTCACHE.DAT

2017-10-19 09:47 - 2017-05-17 21:06 - 000000000 ____D C:\Program Files\Common Files\McAfee

2017-10-19 08:52 - 2017-08-17 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2017-10-19 08:48 - 2017-08-17 20:16 - 000000000 __RSD C:\Users\Webb\Documents\McAfee Vaults

2017-10-19 08:35 - 2017-08-16 16:27 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-10-19 08:35 - 2017-08-16 16:27 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-10-19 07:47 - 2013-07-17 00:37 - 000000000 ____D C:\Users\Webb\AppData\Local\Adobe

2017-10-18 19:29 - 2013-07-26 11:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-10-18 19:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf

2017-10-18 19:01 - 2013-07-16 23:39 - 000000000 ____D C:\Users\Webb\AppData\LocalLow\Temp

2017-10-18 12:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF

2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\ProgramData\iolo

2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\Program Files (x86)\iolo

2017-10-18 10:39 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI

2017-10-18 10:36 - 2013-08-29 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes

2017-10-12 15:35 - 2017-09-12 09:37 - 000003482 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Webb

2017-10-12 15:34 - 2013-07-28 15:18 - 000000576 _____ C:\Users\Webb\Desktop\Wintm.lnk

2017-10-12 12:38 - 2017-09-12 09:37 - 000003488 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Webb

2017-10-09 09:37 - 2009-07-14 01:08 - 000032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-10-05 21:24 - 2013-07-20 19:08 - 000000000 ____D C:\Users\Webb\AppData\Local\CrashDumps

2017-10-05 21:21 - 2017-08-18 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox

2017-10-05 21:08 - 2015-01-24 20:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-09-23 17:17 - 2017-06-04 15:39 - 000033280 _____ C:\Users\Webb\Desktop\jeans schedule octoberdec.xls

2017-09-23 17:09 - 2017-06-03 23:12 - 000033280 _____ C:\Users\Webb\Desktop\field service october to decenber.xls

==================== Files in the root of some directories =======

2014-10-07 20:18 - 2016-05-02 13:41 - 000000098 _____ () C:\Users\Webb\AppData\Roaming\WB.CFG

2014-12-21 16:06 - 2014-12-21 16:06 - 000001456 _____ () C:\Users\Webb\AppData\Local\Adobe Save for Web 12.0 Prefs

2013-07-26 19:36 - 2017-09-14 20:55 - 001592448 _____ () C:\Users\Webb\AppData\Local\rx_audio.Cache

2013-07-22 20:33 - 2017-09-14 20:55 - 000054072 _____ () C:\Users\Webb\AppData\Local\rx_image32.Cache

2013-07-16 17:13 - 2013-07-16 17:13 - 000000021 ____H () C:\ProgramData\.24554863501262644635642126105

2014-08-20 22:25 - 2014-09-08 15:45 - 000000848 ___SH () C:\ProgramData\KGyGaAvL.sys

2014-12-10 21:02 - 2014-12-10 21:02 - 000000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2012-07-30 20:51 - 2012-07-30 20:51 - 000002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-20 20:45

==================== End of FRST.txt ============================

mikehende · October 19, 2017