I'm helping my kindly old prof out with his computer and I have a funny feeling that malware is involved, but I'm not sure how to get rid of it.
* His USB was lent to a colleague for class and returned. I have feeling the issue came from there but I am not sure.
* When that returned USB (USB 1) was plugged back into the computer it wound up with
* almost all the files being hidden. Since I have the option to show all files, they were shaded in gray.
* the following suspicious file: chrome.exe
* the following suspicious shortcuts, all targeting "chrome.exe": backup, Directory, Documents, Downloads (see attached screenshot)
* Chrome is not used on the computer, which is suspicious
* A second USB (USB 2) was plugged in, and it seemed fine at first. But when when checked a second time, it looked like USB 1 (chrome.exe, shortcuts, etc)
* I searched online for solutions to this and couldn't find any
* I ran Endpoint, Spybot S&D, MalwareBytes & MBR
* the antivirus box to scan the USB drives are grayed out
* MalwareBytes found the following, but under C:/, not any of the USBs: PUP.Optional.SearchProtect.A, PUP.Optional.Trovi, PUP.Optional.InstallCore.A, Malware.Trace & Trojan.Agent
* none of the other ones found anything else
* When I checked this morning, the shortcuts seem to "remodify" (for lack of a better word) themselves (see Date Modified in pic attached)
* I don't know if it's related at all but I found something called "vctray.exe" in the appdata. I looked it up and supposedly it is something Sony-related, but there are no Sony products either on the computer or gadgets. It also seems to start up with Windows and I shut that down.
* About a week ago, I manually deleted something called "Search Protect." I don't know if that's related. I also don't know if I got it all out.
* Privacy is a concern so I've changed personally identifying info (proxy, etc)
* Windows 64-bit, Windows 7 but it is sloowwwwww
* I don't have 24/7 access to the computer, so please give me some time to respond