Infected Dell Inspiron win7

October 19, 20177 yr

Author

BTW, the removal process seems to be hanging at a point which is showing "Removing product VS", if that should be stuck there for another, what else can I try? I had told the owner he may need to reinstall OS but he says has some softwares on there which he can;t get back the license info for.

Quote

October 19, 20177 yr

If you have problems with the removal.... try the eset av removal tool.

It'll remove most av programmes.

https://support.eset.com/kb3527/?locale=en_US

We can clean up any leftovers with frst.

Quote

October 19, 20177 yr

Author

McAfee is not showing up in the Remover list, only Mbam? Maybe I can try all of this safe mode?

Quote

October 19, 20177 yr

Try in safe mode.

If still no joy let me have a fresh set of frst reports and we'll do it manually.

Quote

October 19, 20177 yr

Author

I tried it again this time the MCR tool worked and can now go to the net, anything else needed to do here?

Quote

October 19, 20177 yr

Just let me have a new set of frst reports and we'll see if there's any leftovers.

Won't be able to write a fix (If needed) until I'm home from work though.... a couple of hours.

Quote

October 19, 20177 yr

Author

Sure thx but all is working fine.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01

Ran by Webb (administrator) on WEBB-PC (19-10-2017 11:07:13)

Running from E:\

Loaded Profiles: Webb (Available Profiles: Webb)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe

() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)

HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_14\TrayServer.exe

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatchTray14.exe [294032 2012-07-18] (Corel Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-03] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [551488 2014-09-23] ()

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-08-11] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Amazon Music] => C:\Users\Webb\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [Chromium] => "c:\users\webb\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-207249110-600702845-166796750-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-18] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-03]

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-10-18]

ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{1BE97A3D-A7FB-498E-9B5F-075F5A5C3C67}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{7BAF68A2-5E5E-4630-A2D4-91496139CC0F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-207249110-600702845-166796750-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-09-26] (RealDownloader)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO-x32: Wondershare AllMyTube 4.3.0 -> {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} -> C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll [2015-08-11] (Wondershare)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-09-26] (RealDownloader)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

FireFox:

========

FF ProfilePath: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default [2017-10-18]

FF NewTab: Mozilla\Firefox\Profiles\t8ym71sf.default -> about:newtab

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\t8ym71sf.default -> Bing

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t8ym71sf.default -> Search Provided by Yahoo

FF Homepage: Mozilla\Firefox\Profiles\t8ym71sf.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/

FF Extension: (Transit) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\@Transit.xpi [2017-09-12]

FF Extension: (Bing Extension) - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\Extensions\bingsearch.full@microsoft.com [2017-10-18] [not signed]

FF SearchPlugin: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\t8ym71sf.default\searchplugins\bing-.xml [2015-03-28]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-03] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{4642CD99-8FDF-4550-94E1-63360972C326}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com

FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2016-02-10] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-09] (Nero AG)

FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-03] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-03] (RealPlayer Cloud)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin ProgramFiles/Appdata: C:\Users\Webb\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

Chrome:

=======

CHR DefaultProfile: Default

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US1134D20170817&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR Profile: C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default [2017-10-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-28]

CHR Extension: (Chrome Media Router) - C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-19]

CHR HKU\S-1-5-21-207249110-600702845-166796750-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)

R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-03] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()

S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [548864 2008-10-21] (Magix AG) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-10-19] (Malwarebytes)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )

S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-18 19:30 - 2017-10-18 19:30 - 000000000 ____D C:\Users\Webb\AppData\Roaming\TP-LINK

2017-10-18 19:29 - 2017-10-18 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK

2017-10-18 19:29 - 2017-10-18 19:29 - 000000000 ____D C:\Program Files (x86)\TP-LINK

2017-10-18 19:28 - 2015-06-19 02:54 - 003741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys

2017-10-18 19:28 - 2015-06-19 02:54 - 003741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys

2017-10-18 19:28 - 2015-06-19 02:54 - 000030472 _____ (Windows ® Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll

2017-10-18 19:28 - 2015-06-19 02:53 - 000028467 _____ C:\Windows\system32\netrtwlanu.cat

2017-10-18 19:28 - 2015-02-16 15:19 - 000008320 _____ C:\Windows\system32\rtlCoInst.dat

2017-10-18 19:27 - 2017-10-18 19:29 - 000000000 ____D C:\ProgramData\TP-LINK

2017-10-18 15:14 - 2017-10-18 15:14 - 000004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2017-10-18 12:23 - 2017-10-19 11:07 - 000000000 ____D C:\FRST

2017-10-18 11:54 - 2017-10-18 12:21 - 000000000 ____D C:\AdwCleaner

2017-10-18 11:09 - 2017-10-18 11:18 - 000000258 __RSH C:\ProgramData\ntuser.pol

2017-10-18 10:51 - 2017-10-19 07:34 - 000003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2017-10-18 10:36 - 2017-10-19 10:16 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-10-18 10:36 - 2017-10-18 11:17 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-10-18 10:36 - 2017-10-18 10:36 - 000000000 ____D C:\Program Files\Malwarebytes

2017-10-18 10:36 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-10-09 16:03 - 2017-10-09 16:03 - 000000000 ____D C:\FixMeStick Quarantine

2017-10-09 15:02 - 2017-10-12 23:07 - 000000000 ____D C:\FixMeStick

2017-10-01 00:01 - 2017-10-01 00:01 - 000245712 _____ (Mozilla) C:\Users\Webb\Downloads\Firefox Installer (4).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 11:06 - 2014-03-31 21:02 - 053736246 _____ C:\Windows\ntbtlog.txt

2017-10-19 10:23 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-10-19 10:23 - 2009-07-14 00:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-10-19 10:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-10-19 10:14 - 2009-07-14 00:45 - 000658640 _____ C:\Windows\system32\FNTCACHE.DAT

2017-10-19 09:47 - 2017-05-17 21:06 - 000000000 ____D C:\Program Files\Common Files\McAfee

2017-10-19 08:52 - 2017-08-17 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2017-10-19 08:48 - 2017-08-17 20:16 - 000000000 __RSD C:\Users\Webb\Documents\McAfee Vaults

2017-10-19 08:35 - 2017-08-16 16:27 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-10-19 08:35 - 2017-08-16 16:27 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-10-19 07:47 - 2013-07-17 00:37 - 000000000 ____D C:\Users\Webb\AppData\Local\Adobe

2017-10-18 19:29 - 2013-07-26 11:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-10-18 19:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf

2017-10-18 19:01 - 2013-07-16 23:39 - 000000000 ____D C:\Users\Webb\AppData\LocalLow\Temp

2017-10-18 12:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF

2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\ProgramData\iolo

2017-10-18 11:08 - 2013-08-29 13:05 - 000000000 ____D C:\Program Files (x86)\iolo

2017-10-18 10:39 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI

2017-10-18 10:36 - 2013-08-29 14:46 - 000000000 ____D C:\ProgramData\Malwarebytes

2017-10-12 15:35 - 2017-09-12 09:37 - 000003482 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Webb

2017-10-12 15:34 - 2013-07-28 15:18 - 000000576 _____ C:\Users\Webb\Desktop\Wintm.lnk

2017-10-12 12:38 - 2017-09-12 09:37 - 000003488 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Webb

2017-10-09 09:37 - 2009-07-14 01:08 - 000032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-10-05 21:24 - 2013-07-20 19:08 - 000000000 ____D C:\Users\Webb\AppData\Local\CrashDumps

2017-10-05 21:21 - 2017-08-18 10:48 - 000000000 ____D C:\Program Files\Mozilla Firefox

2017-10-05 21:08 - 2015-01-24 20:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-09-23 17:17 - 2017-06-04 15:39 - 000033280 _____ C:\Users\Webb\Desktop\jeans schedule octoberdec.xls

2017-09-23 17:09 - 2017-06-03 23:12 - 000033280 _____ C:\Users\Webb\Desktop\field service october to decenber.xls

==================== Files in the root of some directories =======

2014-10-07 20:18 - 2016-05-02 13:41 - 000000098 _____ () C:\Users\Webb\AppData\Roaming\WB.CFG

2014-12-21 16:06 - 2014-12-21 16:06 - 000001456 _____ () C:\Users\Webb\AppData\Local\Adobe Save for Web 12.0 Prefs

2013-07-26 19:36 - 2017-09-14 20:55 - 001592448 _____ () C:\Users\Webb\AppData\Local\rx_audio.Cache

2013-07-22 20:33 - 2017-09-14 20:55 - 000054072 _____ () C:\Users\Webb\AppData\Local\rx_image32.Cache

2013-07-16 17:13 - 2013-07-16 17:13 - 000000021 ____H () C:\ProgramData\.24554863501262644635642126105

2014-08-20 22:25 - 2014-09-08 15:45 - 000000848 ___SH () C:\ProgramData\KGyGaAvL.sys

2014-12-10 21:02 - 2014-12-10 21:02 - 000000085 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2012-07-30 20:51 - 2012-07-30 20:51 - 000002454 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-20 20:45

==================== End of FRST.txt ============================

Quote

October 19, 20177 yr

Author