Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that keeps disconnecting me from the internet?


  • This topic is locked This topic is locked
18 replies to this topic

#1 dchen1086

dchen1086

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 13 February 2017 - 02:49 PM

Hello

 

So I had an issue today. Was browsing websites and checking email. All of a sudden my internet disconnects.

 

I start diagnosing the problem, checking everything, and updating my drivers. So I found that...

 

1). My internet is working on other computers/cell phones

2). I deleted my mcafee (maybe it was that problem?) and downaloded norton (I have subscription for)

3). Did a full scan and quick scan but it didnt solve the connection problem

4). Downloaded malwarebyte, and quaranted over 328 problems. Still did not solve my internet issue.

5). I have to manually disconnect and connect on my computer screen

6). Internet lasts for about 3-10 minutes (not very consistent with the connections

 

So my last option, I've resorted myself to here... Hopefully ya'll can fix it for me

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by OFFICE (administrator) on PC-A (13-02-2017 11:32:10)
Running from C:\Users\OFFICE\Downloads
Loaded Profiles: OFFICE (Available Profiles: OFFICE)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Octoshape ApS) C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coNatHst.exe
(Sage Software, Inc.) C:\Program Files (x86)\Sage\Peachtree\peachw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-06-10] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe [30024 2011-10-25] (Sage Software, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] => C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [PCShowServer] => C:\Users\OFFICE\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [Octoshape Streaming Services] => C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\RunOnce: [Uninstall C:\Users\OFFICE\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OFFICE\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\...\MountPoints2: {48840189-4d22-11e5-9bd7-acd1b8d8e134} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-02-13]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-07-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-08-28]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-08-28]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cd7a2d1b-6275-416e-b4d4-288565f5983a}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1903804430-1065299906-2840497480-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> DefaultScope {DC812CCC-89AC-4FA9-A5FC-2373FB7FE492} URL = 
SearchScopes: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> {DC812CCC-89AC-4FA9-A5FC-2373FB7FE492} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1903804430-1065299906-2840497480-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: i2kbwxcd.default
FF ProfilePath: C:\Users\OFFICE\AppData\Roaming\Mozilla\Firefox\Profiles\i2kbwxcd.default [2017-02-13]
FF Extension: (Firefox Hotfix) - C:\Users\OFFICE\AppData\Roaming\Mozilla\Firefox\Profiles\i2kbwxcd.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon [2017-02-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.1.14\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1903804430-1065299906-2840497480-1001: @citrixonline.com/appdetectorplugin -> C:\Users\OFFICE\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1903804430-1065299906-2840497480-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\OFFICE\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\OFFICE\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-11-05] (Octoshape ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Slides) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Docs) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Google Search) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Google Sheets) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-02-13]
CHR Extension: (EasyDocMerge) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2017-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Instagram (Unofficial)) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhinecjpcncdkchdidimohngcbkjalb [2016-06-03]
CHR Extension: (Gmail) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-07-23] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-07-02] ()
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-08-11] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$UPSWSDBINSTANCE; c:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Peachtree SmartPosting 2012; C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe [43848 2011-10-25] (Sage Software, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-11-05] (Pervasive Software Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
S4 SQLAgent$UPSWSDBINSTANCE; c:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL10.UPSWSDBINSTANCE\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-07-23] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11776264 2015-12-03] (Broadcom Corp)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\BASHDefs\20161005.001\BHDrvx64.sys [1854712 2016-11-11] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-11-11] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation)
U3 EraserUtilDrv11620; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11620.sys [156824 2017-01-05] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\IPSDefs\20161104.100\IDSVia64.sys [1012952 2016-11-11] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_39d8ca1ac617325e\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-24] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\1608010.00E\SymELAM.sys [24192 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-02-13] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 cfwids; system32\drivers\cfwids.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 11:32 - 2017-02-13 11:32 - 00035568 _____ C:\Users\OFFICE\Downloads\FRST.txt
2017-02-13 11:30 - 2017-02-13 11:32 - 00000000 ____D C:\FRST
2017-02-13 11:30 - 2017-02-13 11:30 - 02421248 _____ (Farbar) C:\Users\OFFICE\Downloads\FRST64.exe
2017-02-13 11:12 - 2017-02-13 11:12 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-13 11:12 - 2017-02-13 11:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 11:11 - 2017-02-13 11:11 - 00001952 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 11:11 - 2017-02-13 11:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 11:11 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-13 11:10 - 2017-02-13 11:10 - 55566792 _____ (Malwarebytes ) C:\Users\OFFICE\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-13 10:54 - 2017-02-13 10:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-02-13 10:44 - 2017-02-13 10:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-02-13 10:40 - 2017-02-13 10:40 - 00003386 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-13 10:39 - 2017-02-13 10:39 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-02-13 10:39 - 2017-02-13 10:39 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-02-13 10:39 - 2017-02-13 10:39 - 00002497 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-02-13 10:39 - 2017-02-13 10:39 - 00000000 ____D C:\Program Files (x86)\Norton Security
2017-02-13 10:38 - 2017-02-13 10:44 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 10:38 - 2017-02-13 10:38 - 01101120 _____ (Symantec Corporation) C:\Users\OFFICE\Downloads\NortonNSDownloader.exe
2017-02-13 10:38 - 2017-02-13 10:38 - 00001373 _____ C:\Users\OFFICE\Desktop\Norton Installation Files.lnk
2017-02-13 10:38 - 2017-02-13 10:38 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-02-13 10:22 - 2017-02-13 10:26 - 00000000 ____D C:\Users\OFFICE\Desktop\Social Media
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957
2017-02-10 17:36 - 2017-02-13 10:38 - 00000000 ____D C:\Users\OFFICE\AppData\Local\CrashDumps
2017-02-10 17:17 - 2017-02-10 17:17 - 00044696 _____ C:\Users\OFFICE\Downloads\Ampere Creations Feb 10, 2017 (1).pdf
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6
2017-02-10 16:03 - 2017-02-10 16:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce
2017-02-10 15:49 - 2017-02-10 15:49 - 00044696 _____ C:\Users\OFFICE\Downloads\Ampere Creations Feb 10, 2017.pdf
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0
2017-02-08 11:47 - 2017-02-08 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 11:46 - 2017-01-04 15:32 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 11:46 - 2017-01-04 15:32 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 11:46 - 2016-12-29 05:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 11:46 - 2016-12-29 04:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-08 11:46 - 2016-12-29 04:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-08 11:46 - 2016-12-29 04:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 11:45 - 2017-02-08 11:47 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 09:47 - 2017-02-08 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 20:38 - 2017-02-06 20:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 10:03 - 2017-02-06 10:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87
2017-02-06 09:30 - 2017-02-06 09:56 - 243322136 _____ C:\Users\OFFICE\Downloads\1-1.rar
2017-02-01 16:05 - 2017-02-01 16:05 - 00115761 _____ C:\Users\OFFICE\Desktop\Signed 2.pdf
2017-02-01 15:52 - 2017-02-01 15:52 - 00117347 _____ C:\Users\OFFICE\Desktop\Signed.pdf
2017-01-31 17:00 - 2017-02-01 15:54 - 00000000 ____D C:\Users\OFFICE\AppData\Local\HP
2017-01-31 16:56 - 2017-02-08 16:42 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\HpUpdate
2017-01-31 16:55 - 2017-01-31 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-31 16:55 - 2017-01-31 16:55 - 00000195 _____ C:\WINDOWS\system32\AddPort.ini
2017-01-31 16:55 - 2017-01-31 16:55 - 00000000 ____D C:\Users\OFFICE\Desktop\HP
2017-01-31 16:54 - 2015-05-13 13:21 - 00311296 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpbcoinsx64.dll
2017-01-31 12:08 - 2017-01-31 12:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac
2017-01-31 11:38 - 2017-01-31 11:38 - 04881620 _____ C:\Users\OFFICE\Desktop\W9-1 signed.pdf
2017-01-31 11:11 - 2017-01-31 11:11 - 00350731 _____ C:\Users\OFFICE\Desktop\JLM 2017 STATEMENT.pdf
2017-01-25 17:05 - 2017-01-25 17:05 - 05271014 _____ C:\Users\OFFICE\Desktop\website banner 3.psd
2017-01-25 16:59 - 2017-01-25 16:59 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa
2017-01-25 16:45 - 2017-01-25 16:45 - 05766702 _____ C:\Users\OFFICE\Desktop\website banner 2.psd
2017-01-25 16:40 - 2017-01-25 16:40 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052
2017-01-25 13:04 - 2017-01-25 13:04 - 04686699 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017 NP.pdf
2017-01-25 10:14 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:14 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 15:04 - 2017-01-24 15:04 - 22179840 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017 NP.indd
2017-01-24 13:49 - 2017-01-24 13:49 - 00025284 _____ C:\Users\OFFICE\Downloads\4047937556017190.xlsx
2017-01-24 13:15 - 2017-01-24 13:15 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_ (2).xls
2017-01-24 12:26 - 2017-01-24 12:26 - 02325160 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (5).xlsm
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344
2017-01-24 08:55 - 2017-02-13 11:02 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-24 08:55 - 2017-01-24 08:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-20 17:26 - 2017-01-20 17:26 - 00306055 _____ C:\Users\OFFICE\Downloads\search-term-report-2016-11-21-55954017187.txt
2017-01-20 17:21 - 2017-01-20 17:22 - 00306055 _____ C:\Users\OFFICE\Downloads\search-term-report-2016-11-21-55953017187.txt
2017-01-20 15:19 - 2017-01-20 15:19 - 00027635 _____ C:\Users\OFFICE\Downloads\4009296736017186.xlsx
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725
2017-01-20 14:43 - 2017-01-20 14:43 - 02325160 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (4).xlsm
2017-01-20 12:37 - 2017-01-20 12:37 - 00000000 ____D C:\Users\OFFICE\Desktop\9368MA
2017-01-20 11:53 - 2017-01-20 11:53 - 00029042 _____ C:\Users\OFFICE\Downloads\4008522277017186.xlsx
2017-01-20 11:45 - 2017-01-20 11:45 - 00029139 _____ C:\Users\OFFICE\Downloads\4006177668017186.xlsx
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82
2017-01-20 11:22 - 2017-01-20 11:39 - 02362383 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (3).xlsm
2017-01-20 11:18 - 2017-01-20 11:18 - 00029120 _____ C:\Users\OFFICE\Downloads\4012451845017186.xlsx
2017-01-20 11:03 - 2017-01-20 11:03 - 00027380 _____ C:\Users\OFFICE\Downloads\4009118403017186.xlsx
2017-01-20 10:27 - 2017-01-20 17:24 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_ (1).xls
2017-01-20 10:24 - 2017-01-20 10:24 - 02797056 _____ C:\Users\OFFICE\Downloads\shoes_browse_tree_guide._TTH_.xls
2017-01-20 10:14 - 2017-01-20 11:10 - 02365573 _____ C:\Users\OFFICE\Downloads\Flat.File.Shoes_b2b (2).xlsm
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-19 10:15 - 2017-01-19 10:15 - 00000000 ____D C:\Program Files\WinRAR
2017-01-19 10:14 - 2017-01-19 10:14 - 02179856 _____ C:\Users\OFFICE\Downloads\winrar-x64-540.exe
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 11:09 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-13 11:02 - 2015-07-23 09:30 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2017-02-13 10:59 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 10:54 - 2015-08-26 10:10 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 10:46 - 2016-07-15 22:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-13 10:45 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-13 10:45 - 2015-08-25 20:28 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Packages
2017-02-13 10:45 - 2015-07-23 09:32 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 10:44 - 2016-02-20 13:36 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-13 10:43 - 2015-10-29 22:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-13 10:38 - 2015-09-03 16:47 - 01355264 ___SH C:\Users\OFFICE\Desktop\Thumbs.db
2017-02-13 10:32 - 2016-12-06 12:12 - 00000000 ____D C:\Users\OFFICE\AppData\LocalLow\Mozilla
2017-02-13 10:31 - 2015-08-25 20:50 - 00000000 ___RD C:\Users\OFFICE\Dropbox
2017-02-13 10:21 - 2015-07-23 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-13 10:19 - 2015-08-25 20:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Adobe
2017-02-13 10:19 - 2015-07-23 09:19 - 01736006 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 10:18 - 2015-08-25 20:51 - 00000000 ___RD C:\Users\OFFICE\Creative Cloud Files
2017-02-13 10:13 - 2016-08-19 15:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 10:13 - 2016-08-19 15:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 10:12 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 08:59 - 2016-08-19 15:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-08 11:47 - 2016-08-19 15:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 11:46 - 2016-08-19 15:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 11:46 - 2016-08-19 15:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 09:48 - 2015-07-23 09:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 13:52 - 2015-09-12 13:47 - 00000000 ____D C:\Users\OFFICE\Documents\EBAGS
2017-02-06 10:36 - 2016-11-21 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-06 10:36 - 2015-08-25 20:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 15:19 - 2015-08-25 20:33 - 00002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 17:36 - 2017-01-06 10:28 - 24031232 _____ C:\Users\OFFICE\Desktop\Ampere Catalog Spring 2017.indd
2017-01-31 16:56 - 2016-04-13 08:01 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-31 11:01 - 2015-08-27 17:17 - 00000000 _____ C:\Users\OFFICE\Documents\dd3349ee-5016-4ca5-9e1e-afac500c835f
2017-01-25 14:37 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 09:34 - 2016-12-15 14:08 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 09:34 - 2015-08-25 20:33 - 00002412 _____ C:\Users\OFFICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-24 09:34 - 2015-08-25 20:33 - 00000000 ___RD C:\Users\OFFICE\OneDrive
2017-01-20 17:16 - 2016-05-11 08:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 13:49 - 2015-08-25 21:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-20 11:41 - 2015-10-31 14:21 - 01969152 ___SH C:\Users\OFFICE\Downloads\Thumbs.db
2017-01-19 10:22 - 2015-08-25 21:05 - 00000000 ____D C:\Users\OFFICE\Documents\Adobe
2017-01-19 10:22 - 2015-08-25 20:28 - 00000000 ____D C:\Users\OFFICE\AppData\Roaming\Adobe
2017-01-19 10:16 - 2016-12-20 11:53 - 00000000 ____D C:\Users\OFFICE\Desktop\Ampere 2017 Photography
2017-01-17 15:36 - 2017-01-12 15:56 - 00013660 _____ C:\Users\OFFICE\Desktop\Wedding List and Stuff.xlsx
2017-01-17 11:33 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 11:32 - 2015-08-25 20:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-17 10:00 - 2016-08-19 15:38 - 00000000 ____D C:\Users\OFFICE
2017-01-16 10:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2016-10-05 15:16 - 2016-10-05 15:16 - 0007160 _____ () C:\Users\OFFICE\AppData\Roaming\DellFaxOptions.xml
2017-01-04 15:04 - 2017-01-13 16:23 - 0001456 _____ () C:\Users\OFFICE\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-08 11:39 - 2016-08-08 11:39 - 0000000 _____ () C:\Users\OFFICE\AppData\Local\{2FC64FEE-9F15-4E1C-A39A-AF55C44E966D}
2015-11-24 09:24 - 2015-11-24 09:24 - 0000000 _____ () C:\Users\OFFICE\AppData\Local\{5B0B41A2-9F5C-458F-A6FE-50F868509B90}
2016-08-19 15:35 - 2016-08-19 15:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-27 15:16 - 2015-08-27 15:16 - 3856932 _____ () C:\ProgramData\SamPCFax000011E40000
2016-10-10 11:21 - 2016-10-10 11:21 - 3856932 _____ () C:\ProgramData\SamPCFax000014EC0000
2016-02-08 12:13 - 2016-02-08 12:13 - 3856932 _____ () C:\ProgramData\SamPCFax000026780000
2016-10-05 15:54 - 2016-10-05 15:54 - 3856932 _____ () C:\ProgramData\SamPCFax000041DC0000
2015-07-23 09:26 - 2015-07-23 09:26 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-07-23 09:23 - 2015-07-23 09:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-07-23 09:24 - 2015-07-23 09:26 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-07-23 09:23 - 2015-07-23 09:24 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
 
Some files in TEMP:
====================
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
2016-10-05 15:16 - 2008-08-14 13:51 - 0222448 ____N () C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE
2016-10-24 09:53 - 2016-10-24 09:54 - 16826944 ____T (Geek Software GmbH                                          ) C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-13 09:11
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 13 February 2017 - 08:22 PM

Welcome. :)

Download the attached file [attachment=190391:fixlist.txt] and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Edited by JSntgRvr, 13 February 2017 - 08:27 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 12:12 PM

Hi JSNTGRVR

 

Thank you for taking my response. Here is the fixlog from Farbar:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by OFFICE (13-02-2017 17:27:43) Run:1
Running from C:\Users\OFFICE\Downloads
Loaded Profiles: OFFICE (Available Profiles: OFFICE)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6
2017-02-10 16:03 - 2017-02-10 16:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0
2017-02-06 10:03 - 2017-02-06 10:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87
2017-01-31 12:08 - 2017-01-31 12:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac
2017-01-25 16:59 - 2017-01-25 16:59 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa
2017-01-25 16:40 - 2017-01-25 16:40 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855
2017-01-25 14:37 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
2016-10-05 15:16 - 2008-08-14 13:51 - 0222448 ____N () C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE
2016-10-24 09:53 - 2016-10-24 09:54 - 16826944 ____T (Geek Software GmbH                                          ) C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
2017-02-13 10:45 - 2015-07-23 09:32 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
*****************
 
0308901487011402mcinstcleanup => service not found.
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File) => not found.
0308901487011402mcinstcleanup => service not found.
C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21 => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d => moved successfully
C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855 => moved successfully
C:\WINDOWS\CbsTemp => moved successfully
"C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe" => not found.
C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE => moved successfully
C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe => moved successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
0308901487011402mcinstcleanup => service not found.
mfefire => service not found.
mfemms => service not found.
C:\ProgramData\McAfee => moved successfully
"C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe" => not found.
mfeaack => service not found.
mfeavfk => service not found.
mfeelamk => service not found.
mfefirek => service not found.
mfehidk => service not found.
mfewfpk => service not found.
cfwids => service not found.
mfevtp => service not found.
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 354304653 B
Java, Flash, Steam htmlcache => 6247 B
Windows/system/drivers => 472741508 B
Edge => 3403284 B
Chrome => 852827930 B
Firefox => 379389935 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 323084 B
NetworkService => 565292 B
OFFICE => 2709346911 B
 
RecycleBin => 8322924834 B
EmptyTemp: => 12.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:09:50 ====


#4 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 12:18 PM

Here is the JRT.txt text

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by OFFICE (Administrator) on Tue 02/14/2017 at  9:13:47.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC812CCC-89AC-4FA9-A5FC-2373FB7FE492} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/14/2017 at  9:17:37.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 12:27 PM

# AdwCleaner v6.043 - Logfile created 14/02/2017 at 09:22:13
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : OFFICE - PC-A
# Running from : C:\Users\OFFICE\Downloads\adwcleaner_6.043.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\OFFICE\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mabloidgodmbnmnhoenmhlcjkfelomgp
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [873 Bytes] - [14/02/2017 09:22:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1232 Bytes] - [14/02/2017 09:20:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1018 Bytes] ##########


#6 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 12:31 PM

Also I wanted to note that the internet still constantly disconnects!



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 14 February 2017 - 01:47 PM

Lets reset the TCP:

Download the attached file [attachment=190391:fixlist.txt] and save it in the same directory FRST64 is saved.
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

If the computer is not restarted by FRST, please restart the computer.

Once back online, lets try a Virus Scan

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 02:03 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by OFFICE (14-02-2017 10:52:42) Run:2
Running from C:\Users\OFFICE\Downloads\New folder
Loaded Profiles: OFFICE (Available Profiles: OFFICE)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20
2017-02-13 09:18 - 2017-02-13 09:18 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02
2017-02-10 16:30 - 2017-02-10 16:30 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6
2017-02-10 16:03 - 2017-02-10 16:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290
2017-02-10 16:00 - 2017-02-10 16:00 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0
2017-02-06 10:03 - 2017-02-06 10:03 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa
2017-02-06 10:02 - 2017-02-06 10:02 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87
2017-01-31 12:08 - 2017-01-31 12:08 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50
2017-01-31 12:07 - 2017-01-31 12:07 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac
2017-01-25 16:59 - 2017-01-25 16:59 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa
2017-01-25 16:40 - 2017-01-25 16:40 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5
2017-01-25 15:42 - 2017-01-25 15:42 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535
2017-01-24 09:36 - 2017-01-24 09:36 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4
2017-01-20 14:44 - 2017-01-20 14:44 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1
2017-01-20 11:45 - 2017-01-20 11:45 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40
2017-01-19 11:22 - 2017-01-19 11:22 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d
2017-01-17 13:16 - 2017-01-17 13:16 - 00000000 ____D C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855
2017-01-25 14:37 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
2016-10-05 15:16 - 2008-08-14 13:51 - 0222448 ____N () C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE
2016-10-24 09:53 - 2016-10-24 09:54 - 16826944 ____T (Geek Software GmbH                                          ) C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
S2 0308901487011402mcinstcleanup; C:\Users\OFFICE\AppData\Local\Temp\030890~1.EXE [961888 2016-05-16] (McAfee, Inc.) <==== ATTENTION
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
2017-02-13 10:45 - 2015-07-23 09:32 - 00000000 ____D C:\ProgramData\McAfee
2017-02-13 10:43 - 2016-05-16 12:50 - 0961888 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe
2016-05-31 01:13 - 2016-05-31 01:13 - 0219264 _____ (McAfee, Inc.) C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll
2017-02-13 10:45 - 2016-05-31 01:13 - 0190272 _____ (McAfee Inc.) C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
*****************
 
0308901487011402mcinstcleanup => service not found.
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File) => not found.
0308901487011402mcinstcleanup => service not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignee93234fa8654511" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign68256097050d7c20" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign048d6c50add28957" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignaa29df6228994080" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign80ecca3a421e8b02" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign41223d1a0c3079d6" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign22b1aefe4e345f4e" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign63b2786197633c62" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign51208e7013f62290" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign3c10fd09a23431ce" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign2e66feeb84302c16" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignd817c04e53e60c96" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignb786b9ec13dd3526" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign10a0306e7192acd0" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignd45cd3db6c48971a" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignd3574df23b6d84fa" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignaf46b1f394463c87" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignd06e6593a5f3d450" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignc85b363ca70a9f50" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign4bb60763162afcac" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignbe9161a137f2f8fa" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign68923b434712b071" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignb8a663adc6617ac5" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign4834222c0673f052" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignfa5ee88bbfa44535" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignb57f34755328a344" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsignd7f0730c544c90c4" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsigna75f1c8ffe832725" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign145f2a338cd0b8e1" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign12aa40036bfffa82" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign723a804e54e63b40" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign673e8a86f0093c21" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign9ca47b1571480e8d" => not found.
"C:\Users\OFFICE\AppData\Local\Tempzxpsign674fca5e3f94f855" => not found.
"C:\WINDOWS\CbsTemp" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\MFPTIME.EXE" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\pdf24-creator-update.exe" => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found.
0308901487011402mcinstcleanup => service not found.
mfefire => service not found.
mfemms => service not found.
"C:\ProgramData\McAfee" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\0308901487011402mcinst.exe" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\McCSPInstall.dll" => not found.
"C:\Users\OFFICE\AppData\Local\Temp\mccspuninstall.exe" => not found.
mfeaack => service not found.
mfeavfk => service not found.
mfeelamk => service not found.
mfefirek => service not found.
mfehidk => service not found.
mfewfpk => service not found.
cfwids => service not found.
mfevtp => service not found.
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17510548 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 311996 B
Edge => 0 B
Chrome => 135523407 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 76583 B
systemprofile32 => 0 B
LocalService => 9962 B
NetworkService => 1878 B
OFFICE => 124695459 B
 
RecycleBin => 1663144 B
EmptyTemp: => 266.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:53:08 ====


#9 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 02:08 PM

My Internet still disconnects  :dance:

 

So the scanning might take awhile. Will update you soon.

 

Daniel



#10 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 05:48 PM

Just an update. I finished scanning and there were no threats found and i dont see where you can save the txt file. http://i1116.photobucket.com/albums/k565/Dchen1086/1.png



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 14 February 2017 - 05:49 PM

Somehow the fixlist.txt submitted above is not the one I wanted you to run. Here is the one I needed you to run to reset the TCP. [attachment=190417:fixlist.txt]

Post back the resultant Fixlog.txt and retry Eset after a restart.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 14 February 2017 - 05:59 PM

Acknowledge.

1.png

Then the issue is not due to Malware. Run the Fixlist.txt above to reset the TCP. If you still have issues afterwards, it could be your Windows' Network or Ethernet Card, as your Mobil seems fine.

I would recommend you check with the manufacturer for an updated Ethernet Card driver.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 dchen1086

dchen1086
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 14 February 2017 - 08:01 PM

Hmm, still doesn;t work.

 

I tried your fix log and it didnt do anything. 

 

I also tried manually resetting the TCP and it didnt work. I looked at my driver and it's all updated. It's very strange...

 

Do you have any other recommendations? I would hate to wipe everything and start from scratch.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 14 February 2017 - 08:53 PM

The commands didn't work? The TCP was not reset?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 PM

Posted 14 February 2017 - 09:02 PM

The problem could be hardware related. So re-installing the OS may not resolve the problem. The only thing I can think of is to refresh the Ethernet Adapter. You can go to the Device Manager and remove the Network Adapter. Restart the computer and allow Windows to re-detect and install the device.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users