Author Topic: [In Progress] Must I pay to "Keep my computer protected" ?  (Read 2327 times)

Offline Kevan57

  • Bronze Member
  • Posts: 93
[In Progress] Must I pay to "Keep my computer protected" ?
« on: April 23, 2016, 10:08:41 AM »
A family computer was running TeamViewer ready to allow remote access when I arrived.  This was after they received a phone call saying they had to pay another $200 (last time was in March, they paid $200)

Thank You for your assistance..

Kevan

Here are the log files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18283  BrowserJavaVersion: 10.60.2
Run by Sandra at 11:52:25 on 2016-04-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.819 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\Sandra\AppData\Local\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Users\Sandra\AppData\Local\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Sandra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - <orphaned>
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: &Discuss: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} -
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [Google Update] "C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
dRunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90120000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{D5187FCD-D5D1-4E6D-9384-7463153E0C32} : DHCPNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{D5187FCD-D5D1-4E6D-9384-7463153E0C32}\255637964656E647 : DHCPNameServer = 65.32.1.65 65.32.1.70
TCP: Interfaces\{D5187FCD-D5D1-4E6D-9384-7463153E0C32}\B495353565 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 0.0.0.1   mssplus.mcafee.com
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-3-17 847608]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-4-3 245096]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-29 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-27 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-27 202752]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-3-10 2572024]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-3-10 202488]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 dldo_device;dldo_device;C:\Windows\System32\dldocoms.exe -service --> C:\Windows\System32\dldocoms.exe -service [?]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2011-2-19 45224]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2015-10-28 5906088]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-7-30 363128]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-4-23 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-4-23 1136608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-4-21 163592]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-6-18 889704]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-7-1 517632]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [2016-3-14 1709096]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-6-18 453520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-7-16 382456]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-6-18 279488]
R2 ModuleCoreService;McAfee Module Core Service;C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [2016-4-18 1037048]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-4-4 896456]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-3-14 31928]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-3-25 6942480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-29 2320920]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-4-3 79248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-4-29 172704]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2016-1-5 32464]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2016-1-5 24240]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-27 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-4-23 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-4-23 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-4-23 64896]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-4-8 422184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-4-3 351656]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-6-18 234192]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-4-3 496368]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2016-2-10 543488]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-4-21 45728]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-8 136048]
S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2015-8-10 135824]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-1-29 327296]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-8 136048]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-16 207208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-4-13 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [2016-3-11 293128]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2016-2-10 109480]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-27 220672]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
.
=============== Created Last 30 ================
.
2016-04-23 15:44:11   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-04-23 15:43:14   140672   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2016-04-23 15:43:13   64896   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2016-04-23 15:43:13   27008   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2016-04-23 15:43:08   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 19:06:16   --------   d-----w-   C:\Windows\rescache
2016-04-13 22:38:03   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2016-04-13 22:38:03   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2016-04-13 22:38:03   1885696   ----a-w-   C:\Windows\System32\msxml3.dll
2016-04-13 22:38:03   1240576   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2016-04-13 22:38:02   511488   ----a-w-   C:\Windows\System32\rpcss.dll
2016-04-09 12:44:49   --------   dc-h--w-   C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-04 23:08:11   --------   d-----w-   C:\ProgramData\Intel Security
2016-04-04 23:06:24   --------   d-----w-   C:\Program Files\Common Files\Intel Security
2016-03-29 19:04:56   --------   d-----w-   C:\ProgramData\PC-Doctor for Windows
2016-03-29 19:04:51   --------   d-----w-   C:\Program Files\Dell Support Center
2016-03-25 23:20:07   --------   d-----w-   C:\Program Files\Adblock Plus for IE
2016-03-25 21:30:10   --------   d-----w-   C:\Users\Sandra\AppData\Roaming\TeamViewer
2016-03-25 21:29:59   --------   d-----w-   C:\Program Files (x86)\TeamViewer
2016-03-25 20:20:43   --------   d-----w-   C:\Users\Sandra\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M  ====================
.
2016-04-07 21:33:10   797376   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2016-04-07 21:33:10   142528   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-04 18:14:06   38120   ----a-w-   C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17   1169408   ----a-w-   C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13   1386496   ----a-w-   C:\Windows\System32\appraiser.dll
2016-03-31 00:40:36   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2016-03-31 00:40:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2016-03-31 00:28:08   571904   ----a-w-   C:\Windows\System32\vbscript.dll
2016-03-31 00:28:00   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2016-03-31 00:27:35   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2016-03-31 00:27:33   417792   ----a-w-   C:\Windows\System32\html.iec
2016-03-31 00:27:19   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2016-03-31 00:25:33   6052352   ----a-w-   C:\Windows\System32\jscript9.dll
2016-03-31 00:17:56   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2016-03-31 00:17:56   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2016-03-31 00:17:39   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2016-03-31 00:11:12   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2016-03-31 00:02:57   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2016-03-31 00:00:50   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-03-30 23:53:52   496640   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2016-03-30 23:52:58   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2016-03-30 23:52:36   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2016-03-30 23:52:30   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2016-03-30 23:52:15   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2016-03-30 23:45:41   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2016-03-30 23:45:24   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2016-03-30 23:42:16   2131968   ----a-w-   C:\Windows\System32\inetcpl.cpl
2016-03-30 23:42:11   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2016-03-30 23:34:28   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-03-30 23:30:51   2596864   ----a-w-   C:\Windows\System32\wininet.dll
2016-03-30 23:30:42   4611072   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2016-03-30 23:23:09   2056192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2016-03-30 23:22:53   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2016-03-30 23:05:23   2121216   ----a-w-   C:\Windows\SysWow64\wininet.dll
2016-03-29 17:53:59   3216896   ----a-w-   C:\Windows\System32\win32k.sys
2016-03-23 14:02:01   215040   ----a-w-   C:\Windows\System32\aepic.dll
2016-03-17 23:04:04   706280   ----a-w-   C:\Windows\System32\winload.efi
2016-03-17 23:04:04   5551336   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2016-03-17 23:04:03   95464   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2016-03-17 23:04:03   154344   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2016-03-17 23:01:15   631176   ----a-w-   C:\Windows\System32\winresume.efi
2016-03-17 23:01:02   1732864   ----a-w-   C:\Windows\System32\ntdll.dll
2016-03-17 22:58:51   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2016-03-17 22:58:51   243712   ----a-w-   C:\Windows\System32\wow64.dll
2016-03-17 22:58:51   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2016-03-17 22:58:32   215552   ----a-w-   C:\Windows\System32\winsrv.dll
2016-03-17 22:58:26   210432   ----a-w-   C:\Windows\System32\wdigest.dll
2016-03-17 22:58:14   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2016-03-17 22:58:05   28672   ----a-w-   C:\Windows\System32\sspisrv.dll
2016-03-17 22:58:05   135680   ----a-w-   C:\Windows\System32\sspicli.dll
2016-03-17 22:58:04   503808   ----a-w-   C:\Windows\System32\srcore.dll
2016-03-17 22:58:04   50176   ----a-w-   C:\Windows\System32\srclient.dll
2016-03-17 22:57:31   63488   ----a-w-   C:\Windows\System32\setbcdlocale.dll
2016-03-17 22:57:26   28160   ----a-w-   C:\Windows\System32\secur32.dll
2016-03-17 22:57:24   344064   ----a-w-   C:\Windows\System32\schannel.dll
2016-03-17 22:57:21   190464   ----a-w-   C:\Windows\System32\rpchttp.dll
2016-03-17 22:57:21   1212928   ----a-w-   C:\Windows\System32\rpcrt4.dll
2016-03-17 22:56:24   2084864   ----a-w-   C:\Windows\System32\ole32.dll
2016-03-17 22:56:19   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2016-03-17 22:54:55   312320   ----a-w-   C:\Windows\System32\ncrypt.dll
2016-03-17 22:54:51   316416   ----a-w-   C:\Windows\System32\msv1_0.dll
2016-03-17 22:54:47   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2016-03-17 22:54:27   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2016-03-17 22:53:23   1464320   ----a-w-   C:\Windows\System32\lsasrv.dll
2016-03-17 22:53:15   731136   ----a-w-   C:\Windows\System32\kerberos.dll
2016-03-17 22:53:15   419840   ----a-w-   C:\Windows\System32\KernelBase.dll
2016-03-17 22:36:28   3998952   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2016-03-17 22:36:28   3943144   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2016-03-17 22:33:29   1314112   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2016-03-17 22:31:09   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2016-03-17 22:31:09   666112   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2016-03-17 22:31:09   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2016-03-17 22:31:09   275456   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2016-03-17 22:30:43   171520   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2016-03-17 22:30:35   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2016-03-17 22:30:00   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2016-03-17 22:29:26   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2016-03-17 22:29:24   251392   ----a-w-   C:\Windows\SysWow64\schannel.dll
2016-03-17 22:29:22   141312   ----a-w-   C:\Windows\SysWow64\rpchttp.dll
2016-03-17 22:28:21   1414144   ----a-w-   C:\Windows\SysWow64\ole32.dll
2016-03-17 22:27:53   223232   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2016-03-17 22:27:50   260608   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2016-03-17 22:27:46   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2016-03-17 22:27:31   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2016-03-17 22:26:26   553984   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2016-03-17 22:25:00   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2016-03-17 21:53:08   148480   ----a-w-   C:\Windows\System32\appidpolicyconverter.exe
2016-03-17 21:52:51   62464   ----a-w-   C:\Windows\System32\drivers\appid.sys
2016-03-17 21:52:48   17920   ----a-w-   C:\Windows\System32\appidcertstorecheck.exe
2016-03-17 21:51:25   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2016-03-17 21:44:54   338432   ----a-w-   C:\Windows\System32\conhost.exe
2016-03-17 21:43:20   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2016-03-17 21:41:01   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2016-03-17 21:38:06   159744   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2016-03-17 21:37:14   291328   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2016-03-17 21:37:11   129536   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2016-03-17 21:35:42   30720   ----a-w-   C:\Windows\System32\lsass.exe
2016-03-17 21:35:33   112640   ----a-w-   C:\Windows\System32\smss.exe
2016-03-17 21:30:55   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2016-03-17 21:30:53   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
.
============= FINISH: 11:57:10.44 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/5/2010 1:22:06 PM
System Uptime: 4/23/2016 11:26:48 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0H4K11
Processor: Intel(R) Core(TM) i3 CPU       M 330  @ 2.13GHz | U2E1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 9.767 GiB free.
D: is FIXED (NTFS) - 230 GiB total, 18.71 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP484: 4/20/2016 12:39:06 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Adblock Plus for IE (32-bit and 64-bit)
Adobe Acrobat Reader DC
Adobe Flash Player 21 ActiveX
Adobe Flash Player 21 NPAPI
Adobe Refresh Manager
Advanced Audio FX Engine
ATI Catalyst Control Center
Banctec Service Agreement
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Catalyst Control Center InstallProxy
Cisco EAP-FAST Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Dell Data Vault
Dell Dock
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell SupportAssist
Dell SupportAssistAgent
Dell Toolbar
Dell Touchpad
Dell Update
Dell V310-V510 Series
Dell Webcam Central
Dell Wireless WLAN Card Utility
DesignPro 5
Dropbox
Dropbox Update Helper
EasyBits GO
Epson E-Web Print
EPSON Scan
EPSON XP-400 Series Printer Uninstall
Facebook Video Calling 3.1.0.521
Fitbit Connect
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 1010 series Basic Device Software
HP Deskjet 1010 series Help
HP FWUpdateEDO2
HP Photo Creations
HP Update
HPDiagnosticAlert
IHA_MessageCenter
Intel(R) Management Engine Components
Internet TV for Windows Media Center
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
KODAK Share Button App
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 2.2.1.1043
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee WebAdvisor
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
PokerStars
PokerStars.net
PowerDVD DX
Premium Service Agreement
Product Improvement Study for HP Deskjet 1010 series
QualxServ Service Agreement
Quickset64
Realtek High Definition Audio Driver
Roxio Burn
Secunia PSI (3.0.0.9016)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft .NET Framework 4.5.2 (KB3122656)
Security Update for Microsoft .NET Framework 4.5.2 (KB3127229)
Security Update for Microsoft .NET Framework 4.5.2 (KB3135996)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3114542) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3114742) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114895) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114982) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3114892) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3114983) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
Skype™ 7.21
Software Updater
TeamViewer 11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Help and Support Tool
Vz In-Home Agent
Vz In Home Agent
WD SmartWare
WildTangent Games
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPatrol
Wrapper
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
4/23/2016 11:50:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home, version 1511, 10586.
4/23/2016 11:43:52 AM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
4/19/2016 9:20:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
4/19/2016 9:20:17 PM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/19/2016 9:20:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
4/19/2016 9:14:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
4/19/2016 9:14:39 PM, Error: Service Control Manager [7000]  - The McAfee Boot Delay Start Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/18/2016 9:06:56 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/18/2016 8:26:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service dbupdate with arguments "/comsvc" in order to run the server: {96D1EED3-701E-4FE5-B996-A543A8465897}
4/18/2016 8:26:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dropbox Update Service (dbupdate) service to connect.
4/18/2016 8:26:29 AM, Error: Service Control Manager [7000]  - The Dropbox Update Service (dbupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
« Last Edit: April 23, 2016, 01:35:52 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #1 on: April 23, 2016, 01:38:45 PM »
Hello, it is me again. Can you tell me what kind of problems you are having? Just getting a phone call can happen to anyone. I have gotten around a dozen myself.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #2 on: April 23, 2016, 07:10:44 PM »
Hello again Hoov!  It has been a couple of years.

When they told me they let people into the computer in March I assumed the system had unwanted files on it.
When I arrived today I was not able to download and install MalwareBytes nor RKill.

I shut the laptop down to move it to my home (battery was low anyway). I was then able to install MalwareBytes which found very little.

Now I am still not able to download or run RKill.  When I downloaded RKill to a USB drive using a different PC, the file was deleted as soon as I opened the USB drive on this machine. Saw it for a few seconds, tried to start it and received an "not found" error.

The user told me there were several times where a screen popped up that gave a phone number and name of a person to call to "fix" the computer.  I have NOT see any such screen so far.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #3 on: April 23, 2016, 08:27:28 PM »
First thing to do is to make sure the user knows that if the computer tells to call someone, don't do it. If you get a popup telling you are infected, and it is not your Anti-Virus scanner, to close the browser, do not click on the box. After either of those conditions contact your tech guy (in this case I assume that is you) to make sure there is no problem.

As to the problem you are having now, McAfee and several other Anti-Virus scanners, do not like RKill. They delete it as soon as it is detected. So if you want to run it you will need to temporarily turn McAfee off.

Now at first blush, there are tons of orphaned entries in the log above, so lets do some basic cleaning that will also get rod of any easier malware. Please follow the instructions and do not clean prematurely.

Please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.
  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on the Scan button..
  •   Please be patient as this can take a while to complete.
  •   You will get a prompt asking to close all programs. Click OK.
  •   Click OK again to reboot your computer. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[Sn].txt.
2.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.
3.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #4 on: April 24, 2016, 11:47:06 AM »
Here is the Adware log file:

# AdwCleaner v5.112 - Logfile created 23/04/2016 at 14:28:54
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Sandra - SANDRA-PC
# Running from : C:\Users\Sandra\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : YahooAUService

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Ascentive
Folder Found : C:\Program Files (x86)\Inbox Toolbar
Folder Found : C:\Program Files (x86)\Inbox.com
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\Users\Charlie\AppData\LocalLow\AppGraffiti
Folder Found : C:\Users\Charlie\AppData\LocalLow\RebateInformer
Folder Found : C:\Users\Sandra\AppData\Local\PackageAware
Folder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfofellfkldcddminajkgcgocndgkip
Folder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdfofellfkldcddminajkgcgocndgkip
Folder Found : C:\Users\Sandra\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Sandra\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Sandra\AppData\LocalLow\RebateInformer
Folder Found : C:\Users\Sandra\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Sandra\AppData\Roaming\Uniblue

***** [ Files ] *****

File Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdfofellfkldcddminajkgcgocndgkip_0.localstorage
File Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdfofellfkldcddminajkgcgocndgkip_0.localstorage
File Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_happytango.com_0.localstorage
File Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_happytango.com_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\CToolbar
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.net
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Ask.com
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\CToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Zugo
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\AppDataLow\AskToolbarInfo
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\AppDataLow\Software\AskToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Ask.com
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\CToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Zugo
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\AskToolbarInfo
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\AskToolbar
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2850924120-2830383278-3096853516-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [7516 bytes] - [23/04/2016 14:28:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7589 bytes] ##########

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #5 on: April 24, 2016, 11:51:27 AM »
Here is a JRT log file


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Home Premium x64
Ran by Sandra (Administrator) on Sun 04/24/2016 at 13:35:03.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 22

Successfully deleted: C:\Users\Sandra\Appdata\LocalLow\whitesmoketoolbar (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Program Files (x86)\GUTE65A.tmp (File)
Successfully deleted: C:\ProgramData\SPLB00.tmp (File)
Successfully deleted: C:\ProgramData\SPLD150.tmp (File)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48KTOVL5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUWYM8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTTZB8M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6K3911Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48KTOVL5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUWYM8Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFTTZB8M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6K3911Q (Temporary Internet Files Folder)



Registry: 6

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{732217C1-6AA2-4977-A914-027800CF03EE} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA74E0F8-797E-4A6A-9A5F-DD59F39A89EC} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/24/2016 at 13:41:35.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #6 on: April 24, 2016, 12:28:40 PM »
Here is the RogueKiller txt file.

Note that 3 items are checked to "Remove" but I have not removed them as I was not instructed to.

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sandra [Administrator]
Started from : C:\Users\Sandra\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/24/2016 14:21:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9} -> Found
[PUP][Folder] C:\ProgramData\{A0559A84-0A11-425F-BFFC-532378694B25} -> Found
[PUP][Folder] C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 ATA Device +++++
--- User ---
[MBR] 466a21840cbab346619ccf7faa58e48b
[BSP] 2e25f30cf43b8b3703aec4536b7894da : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20686848 | Size: 60000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 143566848 | Size: 235143 MB
User = LL1 ... OK
User = LL2 ... OK


Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #7 on: April 24, 2016, 03:18:27 PM »
Go ahead and run Roguekiller again and select all five of these entries

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2850924120-2830383278-3096853516-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

[PUP][Folder] C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9} -> Found
[PUP][Folder] C:\ProgramData\{A0559A84-0A11-425F-BFFC-532378694B25} -> Found
[PUP][Folder] C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204} -> Found

and then click on the remove button.

Then Run AdwCleaner again without removing anything, and post the log. JRT removed a lot and I would like to see a new log from it before going forward with its repair.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #8 on: April 24, 2016, 07:09:18 PM »
Well, I tried a couple of times to run RogueKill.  The last time I rebooted, disconnected WFi and Turned OFF McAfee Real Time scanning for 1 hour.  The RK program ran for two hours then I saw the Blue Screen of Reboot.

I will start scan again but I have to go back to work this week (14 hour days, going to sleep now) so my replies will be spotty and long in-between this week.

Thank You for your assistance and patience.

Kevan

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #9 on: April 24, 2016, 08:23:51 PM »
RogueKiller completed and I deleted the 5 entries.

I must have done something wrong much earlier (hit clean by mistake?) as AdwCleaner found NO malicious entries this time and did not ask to reboot.
« Last Edit: April 24, 2016, 08:29:07 PM by Kevan57 »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #10 on: April 25, 2016, 06:28:24 AM »
About work, I fully understand. When I was working my work days varied from 4 hrs to 8 and a half days (that happened once) with most days falling between 8 and 16 hrs, and I never knew in advance what it would be.

There was some possible malware on the system, how is it running? If you do not see anything wrong, then it would be a good idea to get the owners involved here so we can get this tuned up and running, and they can learn what they need to so this does not happen again.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #11 on: April 30, 2016, 12:00:32 PM »
I have been working with it as much as I can and it seems mostly alright.

I will let them work with the machine this week.  I plan to get with them again May 8th (after another long work week)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #12 on: April 30, 2016, 02:26:10 PM »
OK, let me know how it goes when you can.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Kevan57

  • Bronze Member
  • Posts: 93
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #13 on: May 03, 2016, 08:43:40 PM »
I took the unit back on Sunday and told them to call me as soon as anything strange happens.

While there, I noticed a folder that contained CCLeaner and a few other files...including a "hosts" file that pointed many websites to 127.1.1.0 (I think that is the local machine, maybe it was 127.0.0.1)

I checked the actual hosts file and it seemed normal.

Please see a related PM.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Must I pay to "Keep my computer protected" ?
« Reply #14 on: May 04, 2016, 06:41:19 AM »
I did respond to your PM. In short I think you should encourage the users to come here and ask questions and get help. Or one of the other free sites.

As for the files you are talking about, that could have been that repair companies effort to look legitimate. If you can give me the name of the folder and what files are in there, and paste up the contents of the Hosts file I can give you better information. But for now, unless you installed the programs, I would delete the contents of the folder.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!