Jump to content
Trumpet

Malware/adware not being removed

Recommended Posts

Hi,

For the last 3 or 4 days I have had random webpages appear when I am browsing and click on buttons/links on a website.

I have Malwarebytes Premium, Trend Micro Maximum Security and have run adwcleaner. None has detected the malware so I was hoping someone may be able to help me.

I have run FRST as suggested and I have attached the 2 .txt files. I've also attached the last scan log.

Thanks in anticipation.

 

Dick

Addition.txt

FRST.txt

Malwarebytes_scan_log_001.txt

Share this post


Link to post
Share on other sites

Hi ,

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being asked.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage.


  • Step # ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information. 
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.

    Note: Enable your security programs afterwards.


Share this post


Link to post
Share on other sites

Hi Valinorum,

Thank for your speedy response.

I'm on the case now and will let you know the outcome later.

All the best,

Dick

Share this post


Link to post
Share on other sites

Hi again,

I've run ESET online scanner. The resultant log.txt pasted below. I actually ran it twice as I had not read your instructions re. which boxes to check.

Dick

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# end=init
# utc_time=2017-09-09 09:25:30
# local_time=2017-09-09 10:25:30 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 34686
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# end=updated
# utc_time=2017-09-09 09:32:53
# local_time=2017-09-09 10:32:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# engine=34686
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-09-09 10:55:30
# local_time=2017-09-09 11:55:30 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Maximum Security'
# compatibility_mode=534 16777213 100 100 271582 35572504 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 333227 257419580 0 0
# scanned=253099
# found=1
# cleaned=0
# scan_time=4957
sh=4AB4907E1CF373D6A6B48AE93A47BD38B1FFEDCD ft=0 fh=0000000000000000 vn="JS/ProxyChanger.EJ trojan" ac=I fn="C:\Users\Dick Albin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM6U41RV\wpad[1].dat"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# end=init
# utc_time=2017-09-09 10:56:10
# local_time=2017-09-09 11:56:10 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 34686
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# end=updated
# utc_time=2017-09-09 10:56:53
# local_time=2017-09-09 11:56:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7d715c8e2a7f384393614492726041ee
# engine=34686
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-09-09 02:02:15
# local_time=2017-09-09 03:02:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Maximum Security'
# compatibility_mode=534 16777213 100 100 282787 35583709 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 344432 257430785 0 0
# scanned=374249
# found=4
# cleaned=3
# scan_time=11121
sh=255D3A2F1A585BEF21A2877A74C2224F4C3D190F ft=0 fh=0000000000000000 vn="JS/ProxyChanger.EJ trojan" ac=I fn="C:\Users\Dick Albin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM6U41RV\wpad[1].dat"
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Dick Albin\Downloads\ccsetup503.exe"
 

Share this post


Link to post
Share on other sites

  • Step # Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.


  • Step # Scan with Zemana Anti-malware
    Download and install Zemana anti-malware from here. .

    • Double-click to run the software;
    • Click on the gear-icon on the top right portion to navigate to Settings
      • Click on Scan > put a tick on Create System Restore
      • Click on Advanced > put a tick on Check for Suspicious (root CA) Certificates
    • Click the home icon on top left and click on Scan
    • After scan finishes click on the report tab on the top right corner;
    • Choose the latest report by clicking on it and click on Open Report afterward.
    • Copy and Paste the contents of the report in your next reply.

 

Post a fresh set of FRST scan logs please. 

Share this post


Link to post
Share on other sites

Hi Valinorum,

 

I've done as requested. Logs pasted below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by Dick Albin (Administrator) on 11/09/2017 at 15:13:39.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/09/2017 at 15:22:40.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/9/11
Operating System       : Windows 7 64-bit
Processor              : 8X Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 120F339BA3EBDECC808195
Scan Type              : System Scan
Duration               : 37m 46s
Scanned Objects        : 218410
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : MSHOME,0,2

Detected Objects
-------------------------------------------------------

accesswebquick.net
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E99B2B0B5036B547B296FA11260E9A64BC8778E2\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E99B2B0B5036B547B296FA11260E9A64BC8778E2\Blob = 5C0000000100000004000000000800001900000001000000100000008F0B217CF610FD36ECE3A9F540723973140000000100000014000000369FC5FFEA832593627363215B9056C694D1632D0F0000000100000020000000F81D7DDC92621C1907A9A670A2488D71C75E65AE7A022FE77E81DED3F625B225030000000100000014000000E99B2B0B5036B547B296FA11260E9A64BC8778E2040000000100000010000000FD46F200EF851F9108F6EEE4C34D853320000000010000004B030000308203473082022FA0030201020209009ADC5E49599E4C91300D06092A864886F70D01010B0500303A311B301906035504030C12616363657373776562717569636B2E6E6574311B3019060355040A0C12616363657373776562717569636B2E6E6574301E170D3137303830343038353234305A170D3237303830323038353234305A303A311B301906035504030C12616363657373776562717569636B2E6E6574311B3019060355040A0C12616363657373776562717569636B2E6E657430820122300D06092A864886F70D01010105000382010F003082010A0282010100AF41A4D0E4130E50FB78161B533CD3B7C34EFA02B6A1C3A9B3FA5AE2D41E6984434E39358F81919F5B6E6831A73FA87263B0E2165AD6D1F00624B1589FC8BA60FF0113C93BBE608CC5B4D075C372F6A2A4052AC8F8979AEA92693E04B90CB32E6B51C0DAE8DC375BB7A4C552FA6FB140F2FA39D1D821B8C830122AF3F43A718828764642822A381B7F6555199EE29A72C85EF7C0401979558CE848574F340DFC6D55A4BFEFF31F54E1B33059AE79EDE527892889E2B6927AD9A2E920CD9172FA9A8B397A4A0FEF4D7CA75A2F502A08A16F294D2C9520FCD11F24EBF46EC5DB050DA814D00A93F73C420C7C158CB417DBE19C13144D3C6E6A88CCAEAD18E642F10203010001A350304E301D0603551D0E04160414369FC5FFEA832593627363215B9056C694D1632D301F0603551D23041830168014369FC5FFEA832593627363215B9056C694D1632D300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101002C4C731BB2188F1B169CC3E4F33E54FEEA4CFAB5519EC5BF35F8B442B63F731811935974BAE0DCB11B4EEC80BDE4988491853A2C4B4F0FD806C82A251CAC4BD19573D13BD8FD9E04222EAB7539CAB50A1EA74DC97694D81FFC7BE8295FC104722BDE2F2B1DEECF9F637BD9897EBF09C4DAA5990B0F76C2C92A018AD0E3D49EB3EF0FE32E7A4DEC6400656798C4CA12E09EE0D02F02CD205576C7AFF16826CE34B65D5C465D91BFB937509CCB7D0908BE301DD34A49704807985523EB141F008BDAD4DFA89D778D3B6C106C46B0FCFC071AA8D2134B956C59048071B2EFCFD583A72C022CDD48322AA10D3DB2B0946DE3D799147A0F9BD8AE645ECC8CB121CE1B

Password Manager Root
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A058E65189988FD2002D038C8050299ED4E9196E\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A058E65189988FD2002D038C8050299ED4E9196E\Blob = 5C00000001000000040000000010000019000000010000001000000015DEA11646C43229B044128098C630810F0000000100000020000000A51CAE2DC25B8A7F4441C6156F57BC1ADFF75F25EEB80CED4C653641EE4F309D030000000100000014000000A058E65189988FD2002D038C8050299ED4E9196E1400000001000000140000003A69ACCA85E6155B7521805FEBA02A4CD45196F90400000001000000100000002DD7CC7CBD36E1E692E66FC2A3FE7CB92000000001000000B4050000308205B030820398A003020102020900C58951132FE16AD9300D06092A864886F70D01010B05003065310B3009060355040613025457310F300D06035504080C0654616977616E310F300D06035504070C0654616970656931143012060355040A0C0B5472656E64204D6963726F311E301C06035504030C1550617373776F7264204D616E6167657220526F6F74301E170D3137303732323030303732305A170D3437303731353030303732305A3065310B3009060355040613025457310F300D06035504080C0654616977616E310F300D06035504070C0654616970656931143012060355040A0C0B5472656E64204D6963726F311E301C06035504030C1550617373776F7264204D616E6167657220526F6F7430820222300D06092A864886F70D01010105000382020F003082020A0282020100EDC7AE34A18D4A885AD353F8571A58F8AC3CCD0C6CCC82C21F58984A5EBD0F2FCCF9A0EBB6FEE1A9CF6A08FE23046F48D19A052B693C9A1851CC9705B28DD38B8FCD7F4BE1C8911C73BBDCEEDDB35C42683B8B064CF70C9608CFB6C95BE381BD24700E355800CFBC862B70ACBBEF8A228729CCC329ABD10796D5ED6C6AE46E2FE9BFAE1C6F3A578F9745B6C33EA6273AA2E8F9707BEB209B6A469757F546201E21F57F095A1E9FAD0E96B02320023911EF628C1994E0411CAEDE6D702BB27A070E2B798B067E6863C33EC1EF22710D1FA3A2DB49E4D5BD8EA4785FDAD9C667735B8E51FAF9797F99A953DF01B5598984646689DBC029A19F74E1CA2F251F18C03ECFD7AAC4E90625E53BAC3A663333965E02F64855449C5FAFD7BB20CAF807AD7EDEB30530E3C15C2159EF721A6F11EFFB408361B1A078FDE68E1A337F16927018DFA4C34929DB520A52271A9662891AB5493D781939D1DBA9866F02A09AA5CAF81ADC35F98A54747A7450C94B010A3D60B345BCD081AC6B7526DEE44C7DD0457981522FC5A9F725304BF343635C86D506ADC6A793729D77398C28EE2C3BB7C13D07DD1D0462DDDAB618C36819F602C20D8AD3681665D5ACA7850A6316265753FB1DC739EF60F56121AB53B2C1B10854B2EFDD6556778776C7449C9A6695B647701807C9854FC9495424CDF122156F495054806341D34037112F9A88803A54330203010001A3633061301D0603551D0E041604143A69ACCA85E6155B7521805FEBA02A4CD45196F9301F0603551D230418301680143A69ACCA85E6155B7521805FEBA02A4CD45196F9300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186300D06092A864886F70D01010B050003820201009373D53E64C673DD625B05B1583C08C28BC64107E4B5BB4C1B62050A005667A8248E145B0716C3FB72BAC932A888925CC4CA4E7C980C8FE3341E366002200162E29373F54BE26C9C20F2424F7FEAF55CFFA10A4F085E6B6FD1CA592EE258D0BA740C7F0FB6E8E4C811F43C29A364111F1E76BD38523C3A546FAD2C5495714856850BBC0117C3B58123FFE3C3604A10DE3A2B5468CC3A2B30E68D01A5A7D1807251C35A253855FAF504DA84788FFDC98F3A2D1F0CC2AA5495BA8993980798F25C0161081829352A821E9E4D6374CFCF0833FF42BA1581388F63E31C05954C6BB715D7000ED53E250758CC27F3B7360234447BBA9196D9BFEC7B49E2983DB0B694D70B9CFA566A23AE451C9CADC429BA477CFAE25B1084238DEFD922FCE1F808050F7058E7EB30ACD4D1FEE71184074BBDCA9844360424064E6E0B5FE98988F3144628452A1837BBC0DA8B7F8FD92E1D49607F325D09D6B160F7420986F9A1FCA2A600A8BF54AAE30E1B6DFE3E0F819B7CF86DD70FE2927079BF51A4273518D7DD48AACFF91DB0AF41A51F68B476813B3A462C6DF4FDE7630D51966D27734067EF0FE4FD9C5C57CFE58D489B56BFEAC3770C2983F2FD2982F1FC3A8F4487A40821E8DAD23E3AC42C54E27B43CFB7ACB0D7DB7D7B42F424F6DC0C941F9CE420B536328DC320D869EA682AE219807E2F983103D67F427C5D8BEAF07FCE3D05597C87

GlobalSign CodeSigning CA - G2
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692

hotspot
Status             : Scanned
Object             : NE->c:\programdata\microsoft\windows\start menu\programs\hotspot
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA:Win32/Free WiFi.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0

 

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by Dick Albin (administrator) on DESKTOP02 (11-09-2017 16:11:23)
Running from C:\Users\Dick Albin\Desktop
Loaded Profiles: Dick Albin (Available Profiles: Dick Albin & Linda & Farm & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\PasswordManager\PwmSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe
() C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe
() C:\Program Files\Trend Micro\PasswordManager\tower\PwmTower.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-16] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-12-02] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [NETGEAR USB Control Center] => C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4139008 2012-09-20] ()
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-12-15] (NETGEAR Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [Spotify Web Helper] => C:\Users\Dick Albin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-14] (Spotify Ltd)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\RunOnce: [Uninstall C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dick Albin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\MountPoints2: {6f0b270e-c927-11e3-9af1-08edb92422fa} - I:\AutoRun.exe
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\...\MountPoints2: {fb50aa2b-99fc-11e1-94b9-08edb92422fa} - L:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2012-05-31]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2012-05-31]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2012-05-19]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-10-28]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-10-28]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BFAFD3A-0D34-4970-A189-1C57170E6170}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7298F93E-5BC6-4940-9638-548C9D3E506E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FF322152-F8AC-4B68-BE2B-2FC01D8B4E0A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-004-752
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
HKU\S-1-5-21-2377353217-2488679963-1038452676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.virginmedia.com/
SearchScopes: HKLM -> {47ABDE33-6A25-4C19-BFA8-B1075CACCFD0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
SearchScopes: HKLM-x32 -> {47ABDE33-6A25-4C19-BFA8-B1075CACCFD0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-08-16] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\PasswordManager\bhoDirectPass64.dll [2017-07-14] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-16] (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-18] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.)
Toolbar: HKLM - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\PasswordManager\bhoDirectPass64.dll [2017-07-14] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-18] (Google Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2377353217-2488679963-1038452676-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-10] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default [2017-09-09]
FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.7.901.9181@tomtom.com [2012-07-17] [not signed]
FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.430.890926@tomtom.com [2012-10-07] [not signed]
FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.465.1074274@tomtom.com [2013-04-18] [not signed]
FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.500.1161701@tomtom.com [2016-04-25] [not signed]
FF Extension: (Emulator) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\Navcore.9.510.1234792@tomtom.com [2016-03-23] [not signed]
FF Extension: (Tyre) - C:\Users\Dick Albin\AppData\Roaming\TomTom\HOME\Profiles\n7owkkwe.default\Extensions\tyre@tyre.tk [2016-07-31] [not signed]
FF ProfilePath: C:\Users\Dick Albin\AppData\Roaming\Mozilla\Firefox\Profiles\a00a15lm.default [2017-09-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\a00a15lm.default -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.yahoo.com/?fr=hp-avast&type=752
FF Keyword.URL: Mozilla\Firefox\Profiles\a00a15lm.default -> hxxps://uk.search.yahoo.com/yhs/search
FF NetworkProxy: Mozilla\Firefox\Profiles\a00a15lm.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF SearchPlugin: C:\Users\Dick Albin\AppData\Roaming\Mozilla\Firefox\Profiles\a00a15lm.default\searchplugins\yahoo-avast.xml [2017-09-08]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2017-09-05]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (No Name) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2017-09-05] [not signed]
FF HKLM\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi [2017-01-24]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-09-06]
FF HKLM-x32\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-08]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-10-08]
CHR Extension: (Gmail) - C:\Users\Dick Albin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-08]
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-05-31] (Macrovision Europe Ltd.) [File not signed]
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-06-04] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-15] (NETGEAR)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-12-02] (Trend Micro Inc.)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 PwmSvc; C:\Program Files\Trend Micro\PasswordManager\PwmSvc.exe [2679232 2017-07-14] (Trend Micro Inc.)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-10] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-14] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-09-20] (Acronis International GmbH)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-11] (Malwarebytes)
R3 NetgearUDSMBus; C:\Windows\System32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R3 NetgearUDSTcpBus; C:\Windows\System32\drivers\NetgearUDSTcpBus.sys [183584 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
R3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys [153600 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-01-28] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-11-11] ()
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-27] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-27] (Acronis International GmbH)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [142544 2017-04-06] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [434896 2017-04-06] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\SysWOW64\DRIVERS\tmcomm.sys [256904 2012-06-05] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-01-05] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [143648 2016-06-21] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [118992 2017-04-06] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [113880 2017-04-13] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [131800 2017-02-08] (Trend Micro Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-09-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-09-11] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 16:11 - 2017-09-11 16:11 - 000041044 _____ C:\Users\Dick Albin\Desktop\FRST.txt
2017-09-11 16:11 - 2017-09-11 16:11 - 000000000 ____D C:\Users\Dick Albin\Desktop\FRST-OlderVersion
2017-09-11 16:09 - 2017-09-11 16:09 - 000010933 _____ C:\Users\Dick Albin\Desktop\2017.09.11-15.29.57-i0-t92-d4.txt
2017-09-11 15:56 - 2017-09-11 15:56 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-09-11 15:29 - 2017-09-11 16:11 - 000994444 _____ C:\Windows\ZAM.krnl.trace
2017-09-11 15:28 - 2017-09-11 16:11 - 000148352 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-09-11 15:28 - 2017-09-11 15:28 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-09-11 15:28 - 2017-09-11 15:28 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-09-11 15:28 - 2017-09-11 15:28 - 000001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-11 15:28 - 2017-09-11 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-11 15:28 - 2017-09-11 15:28 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-11 15:27 - 2017-09-11 15:27 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\Zemana
2017-09-11 15:26 - 2017-09-11 15:27 - 006625600 _____ (Zemana Ltd. ) C:\Users\Dick Albin\Desktop\Zemana.AntiMalware.Setup.exe
2017-09-11 15:08 - 2017-09-11 15:08 - 000000000 ___RD C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-09-11 14:31 - 2017-09-11 15:22 - 000000559 _____ C:\Users\Dick Albin\Desktop\JRT.txt
2017-09-11 14:15 - 2017-09-11 14:15 - 001790024 _____ (Malwarebytes) C:\Users\Dick Albin\Desktop\JRT.exe
2017-09-11 11:01 - 2017-09-11 11:01 - 000003053 _____ C:\Users\Dick Albin\Desktop\Malwarebytes_scan_log_002.txt
2017-09-09 10:25 - 2017-09-09 10:25 - 000000000 ____D C:\Program Files (x86)\ESET
2017-09-09 10:23 - 2017-09-09 10:23 - 002870984 _____ (ESET) C:\Users\Dick Albin\Desktop\esetsmartinstaller_enu.exe
2017-09-08 21:00 - 2017-09-08 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-08 18:24 - 2017-09-08 18:24 - 000001227 _____ C:\Users\Dick Albin\Desktop\Malwarebytes_scan_log_001.txt
2017-09-08 17:55 - 2017-09-08 17:56 - 000077770 _____ C:\Users\Dick Albin\Desktop\Addition.txt
2017-09-08 17:53 - 2017-09-11 16:11 - 000000000 ____D C:\FRST
2017-09-08 17:53 - 2017-09-08 17:56 - 000087686 _____ C:\Users\Dick Albin\Desktop\FRST1.txt
2017-09-08 17:49 - 2017-09-11 16:11 - 002396672 _____ (Farbar) C:\Users\Dick Albin\Desktop\FRST64.exe
2017-09-08 10:41 - 2017-09-08 10:41 - 000004266 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-2377353217-2488679963-1038452676-1000
2017-09-08 10:41 - 2017-09-08 10:41 - 000003326 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-2377353217-2488679963-1038452676-1000
2017-09-08 10:41 - 2017-09-08 10:41 - 000001113 _____ C:\Users\Dick Albin\Desktop\Avast Browser Cleanup.lnk
2017-09-08 10:41 - 2017-09-08 10:41 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2017-09-08 10:41 - 2017-09-08 10:41 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\AVAST Software
2017-09-08 09:57 - 2017-09-08 09:57 - 000001280 _____ C:\Users\Dick Albin\Desktop\adwcleaner_7.0.2.1.exe - Shortcut.lnk
2017-09-08 09:56 - 2017-09-08 09:56 - 008182736 _____ (Malwarebytes) C:\Users\Dick Albin\Downloads\adwcleaner_7.0.2.1.exe
2017-09-07 17:05 - 2017-09-08 10:00 - 000000000 ____D C:\AdwCleaner
2017-09-07 14:50 - 2017-09-07 14:50 - 001093942 _____ C:\Windows\system32\cc_20170907_144946.reg
2017-09-06 17:45 - 2017-09-11 15:08 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-06 17:45 - 2017-09-09 10:24 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-06 17:44 - 2017-09-11 15:07 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-06 17:44 - 2017-09-11 15:06 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-06 17:44 - 2017-09-06 17:44 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-06 17:44 - 2017-09-06 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-06 17:44 - 2017-09-06 17:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-06 17:44 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-06 11:29 - 2017-09-06 11:29 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-09-06 11:29 - 2017-09-06 11:29 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-09-06 11:29 - 2017-09-06 11:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-09-06 11:29 - 2017-09-06 11:29 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-09-05 15:27 - 2017-09-05 15:27 - 000000000 ___HD C:\TMRescueDisk
2017-09-05 15:24 - 2017-09-05 15:24 - 000001447 _____ C:\Users\Dick Albin\Desktop\Trend Micro Maximum Security.lnk
2017-09-05 15:24 - 2017-09-05 15:24 - 000000000 ____D C:\Users\Dick Albin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2017-09-05 15:23 - 2017-04-13 01:26 - 000113880 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMUMH.sys
2017-09-05 15:23 - 2017-04-06 18:40 - 000434896 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-09-05 15:23 - 2017-04-06 18:40 - 000142544 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2017-09-05 15:23 - 2017-04-06 18:40 - 000118992 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2017-09-05 15:23 - 2017-02-08 22:37 - 000131800 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys
2017-09-05 15:23 - 2016-06-24 07:58 - 000561952 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2017-09-05 15:23 - 2016-06-21 04:23 - 000143648 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2017-09-05 15:23 - 2016-01-05 04:35 - 000072504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2017-09-05 15:21 - 2017-09-05 15:21 - 000000059 _____ C:\Windows\system32\SupportTool.exe.bat
2017-09-05 15:20 - 2017-09-05 15:20 - 000003312 _____ C:\Windows\System32\Tasks\AirSupport Update
2017-09-05 15:20 - 2017-09-05 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2017-09-05 15:02 - 2017-09-05 15:13 - 215984640 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TrendMicro_Download.exe
2017-08-19 09:24 - 2017-08-19 09:24 - 000000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-08-13 08:29 - 2017-08-13 08:29 - 000000000 ____D C:\Users\Linda\AppData\Roaming\Sun

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 16:07 - 2017-07-22 00:52 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\DP_Tower_3.7
2017-09-11 15:30 - 2012-05-08 21:00 - 000000000 ____D C:\Users\Dick Albin
2017-09-11 15:25 - 2016-09-06 21:01 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-11 15:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-11 15:17 - 2009-07-14 05:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 15:11 - 2012-05-01 13:42 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-09-11 15:08 - 2016-10-11 13:43 - 000000000 ___RD C:\Users\Dick Albin\iCloudDrive
2017-09-11 15:05 - 2016-09-06 21:01 - 000000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-11 15:05 - 2012-05-01 13:37 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-09-11 15:05 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-11 15:04 - 2016-11-05 07:44 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-09-11 14:24 - 2012-05-01 13:37 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-09-11 14:09 - 2016-10-11 13:44 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\64CA713B-2076-4408-97DD-09D1A105EC9D.aplzod
2017-09-11 14:09 - 2015-04-06 10:11 - 000000000 ____D C:\Users\Dick Albin\Documents\Outlook Files
2017-09-11 07:08 - 2015-06-17 23:37 - 000000010 _____ C:\Users\Dick Albin\AppData\Local\sponge.last.runtime.cache
2017-09-09 15:36 - 2015-08-13 07:03 - 000000000 ____D C:\ProgramData\TMDP_Log
2017-09-08 21:01 - 2016-09-06 21:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-07 18:28 - 2015-01-22 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITN Converter
2017-09-07 16:59 - 2014-11-19 16:18 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 16:48 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-07 16:46 - 2014-10-19 13:32 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-06 18:16 - 2016-04-30 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-06 17:44 - 2015-09-26 17:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 21:09 - 2012-05-15 23:08 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\CrashDumps
2017-09-05 17:22 - 2012-11-01 04:32 - 000000000 ____D C:\Users\Dick Albin\AppData\Local\Trend Micro
2017-09-05 15:25 - 2015-06-17 00:33 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2017-09-05 15:24 - 2012-05-01 13:52 - 000000000 ____D C:\ProgramData\Trend Micro
2017-09-05 15:21 - 2012-05-01 13:51 - 000000000 ____D C:\Program Files\Trend Micro
2017-09-05 15:14 - 2012-11-01 04:19 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2017-09-05 10:04 - 2010-03-18 23:30 - 000000000 ____D C:\Users\Dick Albin\Documents\Business
2017-09-04 01:23 - 2013-10-30 01:56 - 000007622 _____ C:\Users\Dick Albin\AppData\Local\Resmon.ResmonCfg
2017-09-03 09:42 - 2009-02-15 06:49 - 000000000 ____D C:\Users\Dick Albin\Documents\Maps
2017-09-01 17:27 - 2017-07-01 18:01 - 000000111 _____ C:\Windows\SysWOW64\SmartFlow.txt
2017-08-31 18:51 - 2017-03-26 17:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-30 19:02 - 2015-12-01 08:33 - 000014799 _____ C:\Users\Dick Albin\Documents\sudoku square.xlsx
2017-08-30 15:02 - 2009-02-15 06:48 - 000000000 ____D C:\Users\Farm\Grazing agreements
2017-08-29 21:49 - 2014-07-03 16:41 - 000000000 ____D C:\Users\Dick Albin\Documents\Triumph Tiger 1050
2017-08-28 23:12 - 2012-08-26 09:14 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 23:12 - 2012-08-26 09:14 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-27 09:00 - 2011-02-13 12:11 - 000000000 ____D C:\Users\Dick Albin\Documents\Job lists
2017-08-26 15:08 - 2010-04-11 08:29 - 000000000 ____D C:\Users\Farm\Land for Events
2017-08-25 11:37 - 2010-03-19 18:07 - 000000000 ____D C:\Users\Farm\Events
2017-08-21 19:07 - 2009-07-14 06:13 - 000802430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-19 22:30 - 2012-08-22 11:59 - 000000000 ____D C:\Windows\Minidump
2017-08-19 09:24 - 2012-05-12 09:29 - 000000000 ____D C:\Users\Linda\Documents\Bluetooth Folder
2017-08-19 08:06 - 2016-08-29 10:05 - 000000000 ____D C:\Users\Farm\AppData\Local\DP_Tower_3.7
2017-08-19 08:06 - 2012-05-15 07:33 - 000000000 ____D C:\Users\Farm\Documents\Bluetooth Folder
2017-08-19 08:05 - 2016-10-07 07:58 - 000000000 ____D C:\Users\Farm\AppData\Local\Dropbox
2017-08-19 08:05 - 2012-05-15 07:33 - 000000000 ___RD C:\Users\Farm\Virtual Machines
2017-08-17 10:51 - 2013-10-20 22:35 - 000000000 ____D C:\ProgramData\Oracle
2017-08-16 09:27 - 2015-04-10 10:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-16 09:26 - 2015-04-10 10:15 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-16 00:04 - 2015-02-27 18:57 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-13 08:45 - 2017-06-30 15:08 - 000000000 ____D C:\Users\Linda\AppData\Local\DP_Tower_3.7
2017-08-13 08:41 - 2009-02-15 08:15 - 000000000 ____D C:\Users\Public\Documents\addresses

==================== Files in the root of some directories =======

2014-07-04 11:33 - 2014-07-04 11:35 - 000044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2012-10-26 18:39 - 2012-10-26 18:39 - 000000000 _____ () C:\Users\Dick Albin\AppData\Roaming\tmcef.log
2012-10-28 18:24 - 2012-10-28 18:24 - 000115436 _____ () C:\Users\Dick Albin\AppData\Local\ars.cache
2012-10-28 18:24 - 2012-10-28 18:24 - 000236002 _____ () C:\Users\Dick Albin\AppData\Local\census.cache
2012-10-28 17:31 - 2012-10-28 18:18 - 000000036 _____ () C:\Users\Dick Albin\AppData\Local\housecall.guid.cache
2013-10-30 01:56 - 2017-09-04 01:23 - 000007622 _____ () C:\Users\Dick Albin\AppData\Local\Resmon.ResmonCfg
2015-06-17 23:37 - 2017-09-11 07:08 - 000000010 _____ () C:\Users\Dick Albin\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-11 07:24

==================== End of FRST.txt ============================

 

Share this post


Link to post
Share on other sites

Another odd thing that may be unrelated is that Trend Micro keeps hanging at 11%. I reinstalled it [before you started looking at it] but it's doing it again.

Share this post


Link to post
Share on other sites

  • Step # Run Malwarebytes' Anti-Rootkit
    Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop.
    • Update the program if asked.
    • In the Scan System option check all the boxes and click on Scan.
    • Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked.
    • After the clean-up process; locate two logs in the mbar folder namely--
      • mbar-log-scan-date.txt; and
      • system-log.txt
    • Copy and paste the contents of the log in your next reply.


 
 

Share this post


Link to post
Share on other sites

Hi Valinorum,

 

Run as suggested; logs below.

I was going to post on here that for the last few days I haven't had a reoccurrence of odd webpages being loaded but Trend Micro still hangs at 11% despite reinstalling it. It's not the same file it hangs on each time.

 

Thanks and regards

 

Trumpet

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.09.19.11
  rootkit: v2017.09.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18792
Dick Albin :: DESKTOP02 [administrator]

20/09/2017 01:50:31
mbar-log-2017-09-20 (01-50-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 431026
Time elapsed: 45 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18792

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.395000 GHz
Memory total: 8548982784, free: 4632027136

Downloaded database version: v2017.09.19.11
Downloaded database version: v2017.09.13.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
------------ Kernel report ------------
     09/20/2017 01:50:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\TMEBC64.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\TMUMH.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\drivers\DDDriver64Dcsa.sys
\SystemRoot\system32\drivers\DellProf.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\NetgearUDSMBus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmusa.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\tmnciesc.sys
\SystemRoot\system32\DRIVERS\tmeevw.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\system32\drivers\NetgearUDSTcpBus.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.09.19.11
  rootkit: v2017.09.13.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009bc9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009bc9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009bc9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007433200, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800743a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40511AD1

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
    Partition is not bootable

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 31776768
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31858688  Numsec = 1921662976
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800ba7a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b88eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ba7a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b888b60, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800ba86060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b890b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ba86060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b886b60, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800ba0f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b891b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ba0f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b87fb60, DeviceName: \Device\000000ac\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800ba15790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b892b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ba15790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b889b60, DeviceName: \Device\000000ad\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800ba2a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b8aeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ba2a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b84cb60, DeviceName: \Device\000000b2\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31858688-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Share this post


Link to post
Share on other sites

Hi Valinorum,

No I haven't had a reoccurrence for a week now.

Many thanks for your help in removing this stuff from my machine.

I'll be a bit more careful in future!!!

All the best

Trumpet

Share this post


Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.