Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Followed STICKY Steps, DDS Won't Run

This is a discussion on Followed STICKY Steps, DDS Won't Run within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, First, thanks for being willing to provide this kind of support. I followed all your steps, but when I


 
 
Thread Tools Search this Thread
Old 09-12-2015, 08:10 PM   #1
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi,
First, thanks for being willing to provide this kind of support.

I followed all your steps, but when I double-click DDS, I get a message that it is not meant to run in compatibility mode.

I do not have any Windows discs, and I do not have an optical drive on my computer.

You asked for details, so here's my novel! I've also attached the details of my problem in a TXT file, which I used to copy/paste here, but lines seem to disappear, duplicate, or overwrite when I scroll through this box.

The things most worrisome to me: McAfee continues to do erratic things, the mysterious timestamp file in C:/USERS/MARLENE, the huge system files with the same timestamp, the skipped drive letter, and the remote support software is denied access to my computer.

So many things have gone wrong in the past week, it's hard to know where to start, but since McAfee is still doing erratic things, I'll start there.


I have a Dell Inspiron 15 5547 laptop, Windows 8.1, but I run on the Desktop about 99% of the time. I bought it Jan 2015, it came with McAfee installed and I am now VERY SORRY to say I never did anything about that to install better security software.

First possible problem: Thurs 9/3 McAfee update download hung at 75%. I waited awhile, cancelled and restarted it, hung at 0%. I bought Dell Concierge 3-year support service with the computer so I called them. They took remote control, uninstalled and reinstalled McAfee and the new downloads and updates worked.

Sat-Mon 9/5-7 (Labor Day weekend) we were having technical problems with cable service in my area. Service was up and down a lot so I wasn't on my computer much, but I am connected via WiFI, so just because I wasn't on my computer doesn't mean it wasn't connected some of the time. When I started working Tuesday 9/8, I had 80+ new emails. I use Microsoft Outlook 2007 email, desktop POP3 client, so my email is downloaded to my hard drive. The Send/Receive seemed to hang on the 4th email, but a friend sometime sends large video files so I just went online to do something else.

Internet Explorer started up with a very legitimate looking red McAfee Web Advisor banner that my firewall was not up and gave an option to start it or proceed without it. There was no way around this without making a choice, so I closed (X) Internet Explorer.

Then I got a very legitimate looking Windows Security popup on my desktop that indicated I had no firewall running and to choose to start either the Windows firewall or the McAfee firewall. I closed the dialog box
without choosing. I decided to call Dell to determine if they did something wrong when they reinstalled McAfee. Meanwhile, I checked and my email was still hung, so I closed MS Office Outlook.

Dell wanted me to try connecting with Google Chrome, but I don't have it installed. I do have Mozilla Firefox but it came up with the same red McAfee Web Advisor banner. They had me do a shutdown with the power button. When I started back up I was able to start IE. (And my email downloaded
ok.) However, when they tried to install their remote control software, it failed with an "access denied" error. We cleaned out temp files, reset IE, and got the same error. At that point they said all they could do was give me instructions to reset to factory setup and reinstall all my software. I said no, thank you, until I did some backups and attempted to determine if it was malware that could be removed.

All of this occurred between 11:45AM and 12:15PM Tuesday 9/8/15. Of course this is all happening in the middle of a project deadline, so I got my backup done and have been working offline as much as possible, just connecting once a day for 15-20 minutes to get my email and print anything I need, and keeping fingers crossed my computer doesn't completely crash.

Some odd things happened when I did my backup:
When I connected the external drive (USB) it connected as drive E instead of D. I disconnected it and put in a thumb drive, same thing, drive E. I don't know what's going on there.

I use NovaBackup to an external drive and typically backup C:/Users/Marlene. When I selected that folder for backup, at the top of Users/Marlene there was a folder I had never seen before named .oracle_je_usage and it had a Timestamp file in it dated 9/8/2015 11:55am. Since it was at the time I was having all the problems, I thought it was very suspicious, so (before reading your instructions) I copied it to an old thumb drive, deleted it and deleted it from the recycle bin. Then I did my data backup. Today the folder is back with a Timestamp file of 9/9 2:21pm.

Then, just because ... I don't necessarily know why, I decided to do a full C drive backup. I noticed 3 system files on C:\ with that 9/8 11:55am timestamp: hiberfil.sys 6.6GB, pagefile.sys 1.3GB, swapfile.sys 2.6MB.
Today, those files still have the 9/8 11:55am timestamp.

Now here I am on Saturday, ready to get this submitted to you. I wanted to do a quick backup of my changed documents and mail to a thumb drive and put in a couple to try to find one with space. I put in one I have used many times before. It "dinged" and a popup said it was installing "Ultra". I don't have a CLUE what that is about! "Ultra" does not show up on Control Panel as a program I can Uninstall. I opened a brand new thumb drive, did my current file backup, followed your instructions, and here I am.

Bottom line, I do not know if I was running without a firewall for days or not.

Since DDS won't run, what do I do now?
Attached Files
File Type: txt sept 8 problem.txt (4.7 KB, 41 views)
mapste is offline  
Sponsored Links
Advertisement
 
Old 09-12-2015, 11:14 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-13-2015, 10:39 PM   #3
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi,

Thank you for the quick attention. I realized I missed giving you a key piece of information. While all this "you have no firewall up, start one" craziness was going on, I brought up the McAfee Home screen and it showed that my Firewall was on.

The contents of C:\AdwCleaner\AdwCleaner[S1].txt are below.

When I tried to run FRST, Windows Security stopped me with a banner across the screen:
"Windows Protected Your PC"
Windows SmartScreen protected an unrecognized app from starting. Running this app might put your PC at risk.
When I click on "More info" it gives me the option of Run Anyway or Don't Run. Is this normal? I just wanted to check with you before I clicked "Run Anyway". The FRST64.exe icon is currently on my desktop with a Windows
security shield on top of it.

Adwcleaner[s1].txt
# AdwCleaner v5.007 - Logfile created 13/09/2015 at 22:05:22
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Marlene - MARLENE-LT
# Running from : C:\Users\Marlene\AppData\Local\Microsoft\Windows\INetCache\IE\X7XAULIV\AdwCleaner.exe
# Option : Scan
# Support : Forum - ToolsLib
***** [ Services ] *****

***** [ Folders ] *****
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
Folder Found : C:\Users\Marlene\AppData\LocalLow\iac
***** [ Files ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [GamingWonderland AppIntegrator 32-bit]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [GamingWonderland AppIntegrator 64-bit]
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{896C118B-E30E-4079-A1D8-620D5C451BD1}
Key Found : HKCU\Software\Trymedia Systems
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKCU\Software\Trymedia Systems
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
***** [ Web browsers ] *****
[C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2081 bytes] ##########
mapste is offline  
Sponsored Links
Advertisement
 
Old 09-14-2015, 10:30 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mapste. Yes, FRST64.exe is totally safe. Some antiviruses flag it, but it is harmless.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-14-2015, 08:24 PM   #5
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi chemist,

Here are the results of FRST64. FRST.txt is copy/pasted below and Addition.txt is attached.

Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by Marlene (administrator) on MARLENE-LT (14-09-2015 20:02:43)
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk [2015-04-07]
ShortcutTarget: NovaBACKUP Tray Control.lnk -> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
Startup: C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A94707D1-B9C5-4C78-90A0-30C27B08E810}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2046743383-725950789-427083996-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.coastaccess.com/
HKU\S-1-5-21-2046743383-725950789-427083996-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://theanimalrescuesite.greatergood.com/clickToGive/ars/home
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2046743383-725950789-427083996-1001 -> {F56FDF1D-5422-4885-ACF1-CF7A367676F0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1866628936
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2046743383-725950789-427083996-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Marlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Extension: McAfee WebAdvisor - C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-09-03]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-02]
Chrome:
=======
CHR Profile: C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-12]
CHR Extension: (Google Docs) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-12]
CHR Extension: (Google Drive) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-12]
CHR Extension: (YouTube) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-12]
CHR Extension: (Google Search) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-12]
CHR Extension: (Google Sheets) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-12]
CHR Extension: (SiteAdvisor) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
CHR Extension: (Gmail) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [1063176 2014-12-16] (NovaStor Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [7702792 2014-12-16] (NovaStor Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-10] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [703088 2014-12-16] (NovaStor Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-02-06] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
R2 vstor2-mntapi10-shared; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\vmware\vstor2\vstor2-mntapi10-shared.sys [33392 2014-12-15] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-14 20:02 - 2015-09-14 20:03 - 00022965 _____ C:\Users\Marlene\Desktop\FRST.txt
2015-09-14 20:02 - 2015-09-14 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-14 20:02 - 2015-09-14 20:02 - 00000000 ____D C:\FRST
2015-09-13 22:42 - 2015-09-13 22:42 - 01694208 _____ (Farbar) C:\Users\Marlene\Desktop\FRST.exe
2015-09-13 22:15 - 2015-09-13 22:15 - 02190848 _____ (Farbar) C:\Users\Marlene\Desktop\FRST64.exe
2015-09-13 22:10 - 2015-09-13 22:10 - 00002344 _____ C:\Users\Marlene\Desktop\AdwCleaner[C1].txt
2015-09-13 22:05 - 2015-09-13 22:06 - 00000000 ____D C:\AdwCleaner
2015-09-12 22:25 - 2015-09-12 22:25 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-12 22:25 - 2015-09-12 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-12 18:48 - 2015-09-12 18:48 - 00688992 _____ (Swearware) C:\Users\Marlene\Desktop\dds.scr
2015-09-12 14:32 - 2015-09-12 16:27 - 00004812 _____ C:\Users\Marlene\Desktop\sept 8 problem.txt
2015-09-11 22:33 - 2015-09-11 22:33 - 00271360 _____ C:\Users\Marlene\Desktop\20150911_exportbackup.pst
2015-09-11 22:02 - 2015-09-11 22:02 - 00307278 _____ C:\Users\Marlene\Documents\IEfavorites.htm
2015-09-09 14:21 - 2015-09-09 14:21 - 00000000 ____D C:\Users\Marlene\.oracle_jre_usage
2015-09-02 13:47 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-09-02 13:46 - 2015-09-02 13:46 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-02 13:46 - 2015-09-02 13:46 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-09-02 13:43 - 2015-09-02 13:48 - 00000000 ____D C:\Program Files\McAfee
2015-09-02 13:43 - 2015-09-02 13:43 - 00000000 ____D C:\Program Files\McAfee.com
2015-09-02 13:42 - 2015-09-13 22:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-02 13:42 - 2015-09-02 13:42 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-02 13:42 - 2015-09-02 13:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-02 13:34 - 2015-09-12 19:00 - 00000000 ____D C:\ProgramData\McAfee
2015-09-02 13:34 - 2015-09-02 13:47 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-02 13:34 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-28 20:42 - 2015-08-28 20:42 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Sun
2015-08-28 20:42 - 2015-08-28 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 20:42 - 2015-08-28 20:41 - 00097888 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-28 20:41 - 2015-08-28 20:42 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 20:41 - 2015-08-28 20:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-28 19:02 - 2015-08-28 19:02 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\URSE Games
2015-08-28 18:57 - 2015-08-28 18:58 - 00000000 ____D C:\Program Files (x86)\Season Match
2015-08-28 18:57 - 2015-08-28 18:57 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Season Match
2015-08-28 18:57 - 2015-08-28 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Season Match
2015-08-27 16:54 - 2015-08-27 16:54 - 11851433 ____N C:\Users\Marlene\Documents\ancientstones.htm
2015-08-23 15:36 - 2015-08-23 15:38 - 00271360 _____ C:\Users\Marlene\Desktop\20150823_exportbackup.pst
2015-08-21 20:03 - 2015-08-21 20:03 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\AlawarEntertainment
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New Yankee in King Arthur's Court 2
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Yankee in King Arthur's Court 2
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\Program Files (x86)\New Yankee in King Arthur's Court 2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-14 20:00 - 2015-08-11 17:50 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 20:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-14 19:54 - 2015-01-24 01:32 - 00000000 ____D C:\ProgramData\TEMP
2015-09-14 18:08 - 2014-09-13 04:07 - 01236481 _____ C:\Windows\WindowsUpdate.log
2015-09-14 14:53 - 2015-01-09 15:56 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2046743383-725950789-427083996-1001
2015-09-14 10:00 - 2015-08-11 17:50 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 09:47 - 2015-01-09 15:52 - 00000000 __RDO C:\Users\Marlene\OneDrive
2015-09-13 23:44 - 2015-02-22 20:37 - 00055280 _____ C:\Windows\BRRBCOM.INI
2015-09-13 22:16 - 2014-09-13 04:18 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-13 22:08 - 2013-08-22 07:46 - 00034306 _____ C:\Windows\setupact.log
2015-09-13 22:08 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
Attached Files
File Type: txt Addition.txt (33.8 KB, 40 views)
mapste is offline  
Old 09-15-2015, 09:57 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mapste. It appears you didn't post the entire FRST.txt log. The bottom part is missing.

Please repost the FRST.txt log in your next reply. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-15-2015, 03:39 PM   #7
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Sorry about that. It is below. I've got another symptom, don't remember exactly when it started, but within the last month I'm sure. DOS windows are regularly popping up with text (or code?) in them but go away so fast I can't read them. Maybe 1/6 screen size. It just happened on my desktop when I was copying this.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by Marlene (administrator) on MARLENE-LT (14-09-2015 20:02:43)
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NovaStor Corporation) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk [2015-04-07]
ShortcutTarget: NovaBACKUP Tray Control.lnk -> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
Startup: C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A94707D1-B9C5-4C78-90A0-30C27B08E810}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2046743383-725950789-427083996-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.coastaccess.com/
HKU\S-1-5-21-2046743383-725950789-427083996-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://theanimalrescuesite.greatergood.com/clickToGive/ars/home
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2046743383-725950789-427083996-1001 -> {F56FDF1D-5422-4885-ACF1-CF7A367676F0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1866628936
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-09-10] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2046743383-725950789-427083996-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Marlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Extension: McAfee WebAdvisor - C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-09-03]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-09-02]
Chrome:
=======
CHR Profile: C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-12]
CHR Extension: (Google Docs) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-12]
CHR Extension: (Google Drive) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-12]
CHR Extension: (YouTube) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-12]
CHR Extension: (Google Search) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-12]
CHR Extension: (Google Sheets) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-12]
CHR Extension: (SiteAdvisor) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
CHR Extension: (Gmail) - C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Backup Client Agent Service; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [1063176 2014-12-16] (NovaStor Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 Disaster Recovery Imaging; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe [7702792 2014-12-16] (NovaStor Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-10] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [703088 2014-12-16] (NovaStor Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3610592 2014-02-06] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
R2 vstor2-mntapi10-shared; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\vmware\vstor2\vstor2-mntapi10-shared.sys [33392 2014-12-15] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-14 20:02 - 2015-09-14 20:03 - 00022965 _____ C:\Users\Marlene\Desktop\FRST.txt
2015-09-14 20:02 - 2015-09-14 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-14 20:02 - 2015-09-14 20:02 - 00000000 ____D C:\FRST
2015-09-13 22:42 - 2015-09-13 22:42 - 01694208 _____ (Farbar) C:\Users\Marlene\Desktop\FRST.exe
2015-09-13 22:15 - 2015-09-13 22:15 - 02190848 _____ (Farbar) C:\Users\Marlene\Desktop\FRST64.exe
2015-09-13 22:10 - 2015-09-13 22:10 - 00002344 _____ C:\Users\Marlene\Desktop\AdwCleaner[C1].txt
2015-09-13 22:05 - 2015-09-13 22:06 - 00000000 ____D C:\AdwCleaner
2015-09-12 22:25 - 2015-09-12 22:25 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-12 22:25 - 2015-09-12 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-12 18:48 - 2015-09-12 18:48 - 00688992 _____ (Swearware) C:\Users\Marlene\Desktop\dds.scr
2015-09-12 14:32 - 2015-09-12 16:27 - 00004812 _____ C:\Users\Marlene\Desktop\sept 8 problem.txt
2015-09-11 22:33 - 2015-09-11 22:33 - 00271360 _____ C:\Users\Marlene\Desktop\20150911_exportbackup.pst
2015-09-11 22:02 - 2015-09-11 22:02 - 00307278 _____ C:\Users\Marlene\Documents\IEfavorites.htm
2015-09-09 14:21 - 2015-09-09 14:21 - 00000000 ____D C:\Users\Marlene\.oracle_jre_usage
2015-09-02 13:47 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-09-02 13:46 - 2015-09-02 13:46 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-02 13:46 - 2015-09-02 13:46 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-09-02 13:43 - 2015-09-02 13:48 - 00000000 ____D C:\Program Files\McAfee
2015-09-02 13:43 - 2015-09-02 13:43 - 00000000 ____D C:\Program Files\McAfee.com
2015-09-02 13:42 - 2015-09-13 22:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-02 13:42 - 2015-09-02 13:42 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-02 13:42 - 2015-09-02 13:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-02 13:34 - 2015-09-12 19:00 - 00000000 ____D C:\ProgramData\McAfee
2015-09-02 13:34 - 2015-09-02 13:47 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-02 13:34 - 2015-06-29 10:03 - 00254792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-08-28 20:42 - 2015-08-28 20:42 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Sun
2015-08-28 20:42 - 2015-08-28 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 20:42 - 2015-08-28 20:41 - 00097888 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-28 20:41 - 2015-08-28 20:42 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 20:41 - 2015-08-28 20:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-28 19:02 - 2015-08-28 19:02 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\URSE Games
2015-08-28 18:57 - 2015-08-28 18:58 - 00000000 ____D C:\Program Files (x86)\Season Match
2015-08-28 18:57 - 2015-08-28 18:57 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Season Match
2015-08-28 18:57 - 2015-08-28 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Season Match
2015-08-27 16:54 - 2015-08-27 16:54 - 11851433 ____N C:\Users\Marlene\Documents\ancientstones.htm
2015-08-23 15:36 - 2015-08-23 15:38 - 00271360 _____ C:\Users\Marlene\Desktop\20150823_exportbackup.pst
2015-08-21 20:03 - 2015-08-21 20:03 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\AlawarEntertainment
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New Yankee in King Arthur's Court 2
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Yankee in King Arthur's Court 2
2015-08-21 20:02 - 2015-08-21 20:02 - 00000000 ____D C:\Program Files (x86)\New Yankee in King Arthur's Court 2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-14 20:00 - 2015-08-11 17:50 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 20:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-14 19:54 - 2015-01-24 01:32 - 00000000 ____D C:\ProgramData\TEMP
2015-09-14 18:08 - 2014-09-13 04:07 - 01236481 _____ C:\Windows\WindowsUpdate.log
2015-09-14 14:53 - 2015-01-09 15:56 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2046743383-725950789-427083996-1001
2015-09-14 10:00 - 2015-08-11 17:50 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 09:47 - 2015-01-09 15:52 - 00000000 __RDO C:\Users\Marlene\OneDrive
2015-09-13 23:44 - 2015-02-22 20:37 - 00055280 _____ C:\Windows\BRRBCOM.INI
2015-09-13 22:16 - 2014-09-13 04:18 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-13 22:08 - 2013-08-22 07:46 - 00034306 _____ C:\Windows\setupact.log
2015-09-13 22:08 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-13 22:07 - 2014-03-18 02:44 - 00087916 _____ C:\Windows\PFRO.log
2015-09-13 22:07 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-09-12 22:25 - 2015-06-02 18:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-12 22:25 - 2015-06-02 18:10 - 00000000 ____D C:\Users\Marlene\AppData\Local\Google
2015-09-12 19:12 - 2015-04-07 22:33 - 00004736 ____H C:\ProgramData\nsActivation.act
2015-09-12 13:42 - 2014-03-18 02:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 22:01 - 2015-01-23 14:27 - 00003104 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2046743383-725950789-427083996-1001
2015-09-09 16:01 - 2015-01-25 20:18 - 00000000 ___RD C:\Users\Marlene\Documents\MAP
2015-09-09 14:21 - 2015-01-09 15:50 - 00000000 ____D C:\Users\Marlene
2015-09-08 13:37 - 2015-02-13 16:29 - 00000000 ____D C:\Users\Marlene\AppData\Local\Citrix
2015-09-08 12:31 - 2015-01-15 02:28 - 00000000 ____D C:\ProgramData\softthinks
2015-09-08 11:36 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-06 14:51 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-02 13:46 - 2015-07-01 21:13 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-02 13:46 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-02 13:09 - 2015-02-13 16:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-02 13:02 - 2015-02-13 17:16 - 00000269 ____N C:\Users\Marlene\Desktop\Dell Contact Number.txt
2015-08-31 12:18 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-08-28 19:00 - 2015-04-11 13:44 - 00220672 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2015-08-28 19:00 - 2015-04-11 13:44 - 00046592 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2015-08-28 19:00 - 2015-04-11 13:42 - 00030720 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2015-08-28 19:00 - 2015-04-11 13:42 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2015-08-28 19:00 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-28 19:00 - 2013-08-22 04:22 - 00461312 ____N (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-08-28 19:00 - 2013-08-22 04:22 - 00034304 ____N (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-08-28 19:00 - 2013-08-22 04:17 - 00066560 ____N (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2015-08-28 19:00 - 2013-08-22 04:17 - 00009216 ____N (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2015-08-28 19:00 - 2013-08-22 04:17 - 00009216 ____N (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2015-08-28 19:00 - 2013-08-21 20:56 - 00377856 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-08-28 19:00 - 2013-08-21 20:56 - 00033792 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2015-08-28 19:00 - 2013-08-21 20:51 - 00059904 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2015-08-28 19:00 - 2013-08-21 20:51 - 00009216 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2015-08-28 19:00 - 2013-08-21 20:51 - 00009216 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2015-08-28 18:59 - 2015-01-24 02:28 - 00000000 ____D C:\Users\Marlene\Desktop\My Games
2015-08-28 18:57 - 2015-01-24 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 09:55 - 2015-08-11 17:50 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 09:55 - 2015-08-11 17:50 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2015-02-24 19:14 - 2015-02-24 19:14 - 0026946 ____N () C:\Users\Marlene\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-04-07 22:34 - 2015-04-07 22:34 - 0000053 __RSH () C:\ProgramData\1.16.5.lic
2014-09-13 03:58 - 2014-09-13 03:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-07 22:33 - 2015-09-12 19:12 - 0004736 ____H () C:\ProgramData\nsActivation.act
Some files in TEMP:
====================
C:\Users\Marlene\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-05 17:43
==================== End of FRST.txt ============================
mapste is offline  
Old 09-15-2015, 07:20 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mapste. Not seeing much in your logs. We'll do a couple of other scans later.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

What happened to Backup and Restore? - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {0F9C0818-E740-4529-B164-7ACA625F59EF} - System32\Tasks\PocketCloudUpdater => C:\Program
    AlternateDataStreams: C:\ProgramData\TEMP:29C0641D
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:366B74CA
    AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
    AlternateDataStreams: C:\ProgramData\TEMP:52329B88
    AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
    AlternateDataStreams: C:\ProgramData\TEMP:67396145
    AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
    AlternateDataStreams: C:\ProgramData\TEMP:80114837
    AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7
    AlternateDataStreams: C:\ProgramData\TEMP:9D91E651
    AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
    AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
    AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80
    AlternateDataStreams: C:\ProgramData\TEMP:C9B27A06
    AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6
    AlternateDataStreams: C:\ProgramData\TEMP:CE707633
    AlternateDataStreams: C:\ProgramData\TEMP:D2397415
    AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
    AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
    AlternateDataStreams: C:\ProgramData\TEMP:F4362715
    AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2046743383-725950789-427083996-1001 -> {F56FDF1D-5422-4885-ACF1-CF7A367676F0} URL = 
    FF Extension: McAfee WebAdvisor - C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-09-03]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-15-2015, 08:45 PM   #9
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



OK, don't know why I noticed this because I don't have a clue what this code means, but should 6th line from bottom be Searchscopes?

Marlene
mapste is offline  
Old 09-16-2015, 05:18 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hi Marlene. Yes, that was a typo and I have edited in the missing S. Thanks.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-16-2015, 09:32 PM   #11
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi chemist,

Here's fixlog.txt. Fixlst.txt disappeared from the desktop. Is that normal?

I noticed this deleted a lot of temp files. I'm continuing to use my computer, so have already created some more. Is that going to be a problem?

Also, I just did a VERY STUPID thing -- a financial transaction online -- a donation to a trusted place I use a lot, but it hung during processing. I'll watch my bank account. I changed all passwords from another computer before we started. This donation site does not require a password, but I entered my card number on its https webpage.

Thank you!

Fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Marlene (2015-09-16 21:07:13) Run:1
Running from C:\Users\Marlene\Desktop
Loaded Profiles: Marlene (Available Profiles: Marlene)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
createrestorepoint:
Task: {0F9C0818-E740-4529-B164-7ACA625F59EF} - System32\Tasks\PocketCloudUpdater => C:\Program
AlternateDataStreams: C:\ProgramData\TEMP:29C0641D
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:366B74CA
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:52329B88
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:67396145
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:80114837
AlternateDataStreams: C:\ProgramData\TEMP:84FA02E7
AlternateDataStreams: C:\ProgramData\TEMP:9D91E651
AlternateDataStreams: C:\ProgramData\TEMP:9E4F05ED
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80
AlternateDataStreams: C:\ProgramData\TEMP:C9B27A06
AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6
AlternateDataStreams: C:\ProgramData\TEMP:CE707633
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:DCA79AB3
AlternateDataStreams: C:\ProgramData\TEMP:F4362715
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2046743383-725950789-427083996-1001 -> {F56FDF1D-5422-4885-ACF1-CF7A367676F0} URL =
FF Extension: McAfee WebAdvisor - C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-09-03]
EmptyTemp:
end
*****************
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F9C0818-E740-4529-B164-7ACA625F59EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F9C0818-E740-4529-B164-7ACA625F59EF}" => key removed successfully
C:\Windows\System32\Tasks\PocketCloudUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudUpdater" => key removed successfully
C:\ProgramData\TEMP => ":29C0641D" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":366B74CA" ADS removed successfully.
C:\ProgramData\TEMP => ":38FF076E" ADS removed successfully.
C:\ProgramData\TEMP => ":52329B88" ADS removed successfully.
C:\ProgramData\TEMP => ":5E209A50" ADS removed successfully.
C:\ProgramData\TEMP => ":67396145" ADS removed successfully.
C:\ProgramData\TEMP => ":7BB584AA" ADS removed successfully.
C:\ProgramData\TEMP => ":80114837" ADS removed successfully.
C:\ProgramData\TEMP => ":84FA02E7" ADS removed successfully.
C:\ProgramData\TEMP => ":9D91E651" ADS removed successfully.
C:\ProgramData\TEMP => ":9E4F05ED" ADS removed successfully.
C:\ProgramData\TEMP => ":A1D3FEF0" ADS removed successfully.
C:\ProgramData\TEMP => ":A6A65B80" ADS removed successfully.
C:\ProgramData\TEMP => ":C9B27A06" ADS removed successfully.
C:\ProgramData\TEMP => ":CC7382F6" ADS removed successfully.
C:\ProgramData\TEMP => ":CE707633" ADS removed successfully.
C:\ProgramData\TEMP => ":D2397415" ADS removed successfully.
C:\ProgramData\TEMP => ":D3A82449" ADS removed successfully.
C:\ProgramData\TEMP => ":DCA79AB3" ADS removed successfully.
C:\ProgramData\TEMP => ":F4362715" ADS removed successfully.
C:\ProgramData\TEMP => ":F98E6C67" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2046743383-725950789-427083996-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F56FDF1D-5422-4885-ACF1-CF7A367676F0}" => key removed successfully
HKCR\CLSID\{F56FDF1D-5422-4885-ACF1-CF7A367676F0} => key not found.
C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi => moved successfully
C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\7ivj3nqa.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi => path removed successfully
EmptyTemp: => 5 GB temporary data Removed.

The system needed a reboot..
==== End of Fixlog 21:08:54 ====
mapste is offline  
Old 09-17-2015, 06:39 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mapste. You're very welcome.

Yes, it's normal for fixlist.txt to disappear. And it's OK to use the machine. How is it behaving?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7/Win8, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-18-2015, 09:15 PM   #13
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi chemist,

Quick question on MBAM. When the scan completed, it had detected 4 PUP Mindspark registry entries. It did not require a reboot, just a Finish button. When I look at history logs, it shows the four files as quarantined and asks if I want to permanently delete them. I assume yes?

I'll run ESET next. I'm a little confused on right-click Run as Administrator. Is that something I do after I install it and click Run, or just something I don't know how to do, in which case I need further instructions, please.

This is an unbelievably incredible service you are providing and you are very patient! Thank you.

Marlene
mapste is offline  
Old 09-18-2015, 09:35 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Marlene . You're very welcome.

Yes, you can delete those MBAM entries.

As far as ESET, you can just download and run ESET as normal without right-clicking your web browser.

If you have trouble, let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-21-2015, 12:11 AM   #15
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi chemist,

Sorry for the delay, it's been a bad weekend all around. When I tried to run Eset it said I had antivirus software running that could interfere with it -- McAfee. I have McAfee LiveSafe Internet Security, and although its disable instructions aren't the same as those on your link, I did disable real-time scanning, the firewall, and when Eset still wasn't happy I turned off everything -- scheduled scanning, automatic updates, even anti-spam. It still wasn't happy. Unfortunately, McAfee doesn't seem to give me a way to just shut down the program (I am DEFINITELY getting new AV/NIS software when this is over.) I went to Task Manager to see if I could just close it but there are 11 processes running.

Should I go ahead with Eset anyway?

Re. the state of my PC, some things are better, some might have just been suspicious because they had the same date/time stamp. I'll fill you in more once I run eset.

Meanwhile, is there a way I can run MBAM against my external drive and thumb drives? I didn't see a way to choose a drive letter. I'd like to know my backup drive is clean, and I definitely have one thumb drive with a problem.

Marlene
mapste is offline  
Old 09-21-2015, 02:00 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Marlene. You're very welcome.

As far as MBAM, click the Scan tab > Custom Scan > Configure Scan, then select the drives you want to scan.

Did you try ending those 11 McAfee processes in Task Manager?

If not, first disable real-time scanning, firewall, then end process on all 11 McAfee processes.

Try ESET now. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-21-2015, 08:33 PM   #17
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Cripes!

Most of the McAfee tasks I try to close with Task Manager won't stop. Those that do start right back up within seconds. I called McAfee support and they said there is no way to close it down. All I can do is uninstall it!

Is that where we are? Is that what I will need to do to run ESET?

Re. MBAM, no option to Custom Scan, possibly because of trial period version?

Just to at least give you SOME information, following is my MBAM log and current state of my PC.

MBAM scan log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/18/2015
Scan Time: 8:47 PM
Logfile: MBAMlog.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.09.18.08
Rootkit Database: v2015.09.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Marlene
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438419
Time Elapsed: 12 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82BACDC9-AFCE-41EE-92F5-B54F6DB45A1C}, Quarantined, [fa6689a8a8e31f17fd192187cd37e11f],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5CE0D8E-0300-4A17-A89C-6CC8078348AD}, Quarantined, [ca9669c8a9e23ef873a3e6c233d1817f],
Registry Values: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82bacdc9-afce-41ee-92f5-b54f6db45a1c}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [fa6689a8a8e31f17fd192187cd37e11f]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c5ce0d8e-0300-4a17-a89c-6cc8078348ad}|AppPath, C:\Program Files (x86)\GamingWonderland\bar\1.bin, Quarantined, [ca9669c8a9e23ef873a3e6c233d1817f]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)


State of my PC 9/21/2015
Original problems:
McAfee update download hung twice -- Dell support uninstalled/reinstalled McAfee, hasn't happened since.

Few days later MS Office Outlook email download hung, Windows and McAfee red alerts that I had no firewall running, opened McAfee UI, said it was running. Rebooted, hasn't happened since.

Also at this time, McAfee erratic behavior: "last scan date" changing before my eyes, scheduled scans not always running, notifications sometimes happening, sometimes not. Still having McAfee erratic behavior, however, I am beginning to think I've never paid much attention to this before and it might always have been happening, and the software is a piece of crap (sorry.)

Dell tried to install their remote control software to look at above and got Access Denied, said I had to reset to factory settings. (Said no, so here I am.) Haven't tried with them again yet, but there are pieces of their Citrix
software that our process has cleaned off my system, but some are still hanging around that I can't delete and would like to.


Suspicious .oracle_jre file in C:\USERS\MARLENE at exact timestamp that Outlook hung and red alerts happened. Has since changed dates.
Researched, is a java tracking file that wasn't there before. Don't appreciate they are tracking me, seem to have no option.


Huge .sys files at exact timestamp of problem I'd never seen before. Have now changed dates. Have researched. Valid Windows 8.1 files. When I started having problems I had clicked on the "Show Hidden Files" option so they looked like something new to me.

Inserted USB drive comes up as E drive, should be D. It's back to D. Yay!

Inserted thumb drive, said it was installing "Ultra". Now when I insert it, something, Windows? says "this drive has a problem." I've set this aside for now until we've finished the C drive cleanup process.

DOS box popups. Random, has happened during this process once or twice. Don't know how to troubleshoot. Don't think it's happened in the last couple of days. Will keep closer track.

That's it for now! Several things are fixed, several are crossed off the list, a few to go.

Again, thank you for all your help.

Marlene
mapste is offline  
Old 09-22-2015, 12:39 PM   #18
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1


Red Faced

Hi chemist,

After cooling off this morning, I thought I should explain that I wrote that last post right after I got off the phone with McAfee. I was ticked off with THEM, not with you! I read it and realized it could have sounded either way. Sorry!

Marlene
mapste is offline  
Old 09-23-2015, 06:18 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Marlene. You're very welcome. Even the free version of MBAM allows a Custom Scan.

Are you sure you selected the 'Scan' tab at the top, instead of 'Start Scan'?

Once you select 'Custom Scan' under the 'Scan' tab, you should see 'Selected' under 'Custom Scan', then you can click 'Configure Scan' and choose the drives you want to scan.

------------------------------------------------------

You can try ESET with McAfee still installed, but it may make the scan take a very long time.

One option is to uninstall McAfee, run ESET, then reinstall McAfee, or install another of your choice. I would try Microsoft's Security Essentials:

Microsoft Security Essentials - Microsoft Windows

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2015, 01:19 AM   #20
Registered Member
 
Join Date: Feb 2012
Posts: 120
OS: Windows 8.1



Hi chemist,

For Eset, I uninstalled McAfee. When I was done, for the moment I've just turned on Windows Defender. I'll have to check with Dell if changing security software has any effect on my support contract.

Nothing exciting with Eset on my C drive and external drive. The latter was clean. The C drive report had only:

C:\Users\Marlene\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\14C8F2A8.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application

Do I remove it? How?

State of PC 9/24, update from 9/21:
1. Have removed all but one file from Dell's remote software, Citrix. Says I need administrator permission. I'm the only user, thus administrator. Need help clearing this off the system.

2. Ran Eset on current thumb drives. The one with the "installing Ultra" message which now comes up with "This drive has a problem, scan and fix it." Neither Eset nor Windows Defender finds any malware on it. I can see the contents, opened a Word doc. Don't know what to do with this one other than toss the drive.

3. Random DOS window popups are continuing. However, if I were describing them for the first time today, I might not call them DOS windows, because they are just black box windows that are now flashing so quickly I can't even see the text in them. Don't know how to troubleshoot this one.

4. Discovered late today that my ISP homepage is getting a 404 prohibited, domain suspended error. Happens in all browsers. I'll check with my ISP tomorrow to see if it's their problem or a new problem on my end.

5. Another new(?) problem. All the games from one specific website aren't working -- say I don't have a license. Somehow I lost all my licenses from this site. Don't know exactly when it happened. (As much as I was glad to get off Vista, I miss the "last played" function of "My Games"!) Will check in with vendor.

Marlene
mapste is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspected malware after Minecraft mods - dds.scr won't run.
Hi, My son downloaded and installed Minecraft mods including unwittingly some other nasties. I have uninstalled what I could find but I now suspect malware. I downloaded dds.scr but it opens in Notepad. I don't know what a script blocker is. Please advise. Thanks.
happydaze29 Virus/Trojan/Spyware Help 32 08-01-2015 11:40 AM
Urgent help needed to remove multiple virus :win64/patched.A and Trojan.
Dear tech guru, I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected. Here are the details of my computer and the viruses. I have already backed up my system, and ran the tdsskiller and otl. I would like to completely get rid of the viruses. Your help is...
deesw8 Resolved HJT Threads 52 11-05-2012 09:56 AM
Rogue XP Antispyware 2012
Hi, My computer has apparently gotten the XP Antispyware 2012 virus. There are constant pop-ups that tell me that my computer is infected or that my privacy is being intruded. I always x out of these pop-ups but they keep coming back. In addition, there seems to be a fake Windows security center...
12Pineapple34 Resolved HJT Threads 20 01-19-2012 05:50 AM
bad image error and norton 360
Hi, My initial problem was trying to get rid of the "Bad Image" error message that has been popping up on literally every file and folder on my PC (Windows XP). Situation has gone from bad to worse as i installed norton 360 5.0. Now nothing works, unable to connect to the internet, unable to...
royalmc Resolved HJT Threads 25 04-07-2011 07:36 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:00 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts