ConnorW Posted January 13, 2016 ID:1012322 Share Posted January 13, 2016 Hi- Upon opening my email yesterday, I discovered that someone had hijacked my e-mail address to send out spam e-mails in my name, under my account, to my LinkedIn contact list as well as all of my other contacts. The e-mail contained a link and some text about weight loss. What I'd like to know is: 1) How do I clear the malware/virus from my computer?2) Are there steps I can take to prevent from happening again? I ran anti-malware and anti-virus software scans and neither one showed the threat. Thanks in advance for your help with this! Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2016 ID:1012325 Share Posted January 13, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.Let me see those logs in your next reply...Thank you,Kevin... Link to post Share on other sites More sharing options...
ConnorW Posted January 13, 2016 Author ID:1012332 Share Posted January 13, 2016 As requested, I ran the scans and have pasted the logs here as well as attaching the Addition and Shortcut logs. Malwarebytes Anti-MalwareScan Date: 1/12/2016Scan Time: 8:27 PMLogfile:Administrator: YesVersion: 2.2.0.1024Malware Database: v2016.01.13.01Rootkit Database: v2016.01.09.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: DeniseScan Type: Threat ScanResult: CompletedObjects Scanned: 352175Time Elapsed: 28 min, 33 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)--------------------------------------------------------------------------------------------------------------------------------AdWCleaner# AdwCleaner v5.029 - Logfile created 12/01/2016 at 20:14:15# Updated 11/01/2016 by Xplode# Database : 2016-01-12.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Denise - DAVID# Running from : C:\Users\Denise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KZ5VDAK\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\ProgramData\apn[-] Folder Deleted : C:\ProgramData\speedypc software[-] Folder Deleted : C:\Users\Denise\AppData\LocalLow\iac[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\DriverCure[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\speedypc software[-] Folder Deleted : C:\Users\Denise\AppData\Roaming\YourFileDownloader***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahlfahldnilidgnlikdckbfehhca[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf[-] Key Deleted : HKCU\Software\speedypc software[-] Key Deleted : HKCU\Software\YourFileDownloader[-] Key Deleted : HKLM\SOFTWARE\speedypc software[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader[-] Key Deleted : HKU\S-1-5-21-1446522629-2901331746-3063338447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\speedypcsoftware[-] Key Deleted : HKU\S-1-5-21-1446522629-2901331746-3063338447-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\YourFileDownloader[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF***** [ Web browsers ] *****[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask search[-] [C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted :aaaaahaeginbdcckocjkhbciadcafnep*************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6611 bytes] ##########---------------------------------------------------------------------------------------------------------------------------FRSTScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01Ran by Denise (administrator) on DAVID (12-01-2016 20:19:37)Running from C:\Users\Denise\DesktopLoaded Profiles: Denise (Available Profiles: Denise)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.190.0\McCSPServiceHost.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25](Dell, Inc.)HKLM-x32\...\Run: [soundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe[1134080 2015-08-21] (Bose Corporation)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09](Oracle Corporation)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723392 2015-12-03] (McAfee, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -schedulerHKU\S-1-5-21-1446522629-2901331746-3063338447-1000\...\MountPoints2: {9ec7d34b-2575-11e3-bcf1-4ceb4293a8c2} - E:\VZW_Software_upgrade_assistant_installer.exeHKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-0015-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-0019-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HHKU\S-1-5-18\...\RunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\MicrosoftHelp\Rgstrtn.lck" /Q /A:HShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-07]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: 0.0.0.1 mssplus.mcafee.comTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{953EF274-7293-43BB-9404-D5B30CA48B34}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{D686E1DE-36AA-42E4-AE47-D2BDC9FAE19C}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1446522629-2901331746-3063338447-1000\Software\Microsoft\Internet Explorer\Main,Start Page =hxxp://xfinity.comcast.net/?cid=mtmh06262014HKU\S-1-5-21-1446522629-2901331746-3063338447-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =hxxp://g.msn.com/USCON/1SearchScopes: HKLM -> DefaultScope {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> DefaultScope {4D06E187-16B0-4906-BFC5-06D75670B27D} URL =hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20120511&p={searchTerms}SearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> {4789F578-A8D6-4E2B-A05F-A0A8E079AEE5} URL =SearchScopes: HKU\S-1-5-21-1446522629-2901331746-3063338447-1000 -> {4D06E187-16B0-4906-BFC5-06D75670B27D} URL =hxxps://search.yahoo.com/search?fr=mcafee&type=B011US105D20120511&p={searchTerms}BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\PROGRA~2\Nuance\NATURA~1\Program\ieShim.dll => No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\MicrosoftShared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02](McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02](McAfee, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03](McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)FireFox:========FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] (Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (MicrosoftCorporation)FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANONINC.)FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21](Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (MicrosoftCorporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (MicrosoftCorporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-09-13] ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll[2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll[2015-12-04] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1446522629-2901331746-3063338447-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Denise\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-23] (Citrix Online)FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpiFF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpiFF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-13] [not signed]Chrome:=======CHR HomePage: Default -> hxxp://www.google.com/CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US105D20120511&p={searchTerms}CHR DefaultSearchKeyword: Default -> mcafeeCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll => NoFileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No FileCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => NoFileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No FileCHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()CHR Profile: C:\Users\Denise\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (YouTube) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]CHR Extension: (Google Search) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]CHR Extension: (SiteAdvisor) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-04]CHR Extension: (Chrome Web Store Payments) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]CHR Extension: (Gmail) - C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia[2015-04-01]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-06]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[2015-12-06]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listedseparately.)S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.)[File not signed]R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2293922012-09-13] (Nitro PDF Software)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listedseparately.)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2013-06-14] (support.com, Inc)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listedseparately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-12 20:19 - 2016-01-12 20:20 - 00024477 _____ C:\Users\Denise\Desktop\FRST.txt2016-01-12 20:19 - 2016-01-12 20:19 - 02370560 _____ (Farbar) C:\Users\Denise\Desktop\FRST64.exe2016-01-12 20:19 - 2016-01-12 20:19 - 00000000 ___DC C:\FRST2016-01-12 20:11 - 2016-01-12 20:14 - 00000000 ___DC C:\AdwCleaner2016-01-10 22:35 - 2016-01-10 22:35 - 00000000 ____D C:\Users\Denise\Documents\Outlook Files2016-01-10 15:51 - 2016-01-10 15:51 - 01473201 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Archives.pdf2016-01-10 15:50 - 2016-01-10 15:50 - 00391650 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Scrapbook of Seven Years.pdf2016-01-10 15:49 - 2016-01-10 15:49 - 00136120 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons -Michael Tidemann.pdf2016-01-10 15:48 - 2016-01-10 15:48 - 00130598 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons - MarkBarkawitz.pdf2016-01-10 15:48 - 2016-01-10 15:48 - 00117479 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons -Anita Oswald.pdf2016-01-10 15:47 - 2016-01-10 15:47 - 00121149 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Literary Arts Patrons HomePage.pdf2016-01-10 15:46 - 2016-01-10 15:46 - 01057528 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Indie Bookstores.pdf2016-01-10 15:45 - 2016-01-10 15:45 - 00263915 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Artists Gallery.pdf2016-01-10 15:44 - 2016-01-10 15:44 - 00143293 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Feedback and Questions.pdf2016-01-10 15:43 - 2016-01-10 15:43 - 00226753 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Submission Guidelines.pdf2016-01-10 15:42 - 2016-01-10 15:42 - 00336217 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Book Reviews.pdf2016-01-10 15:41 - 2016-01-11 19:43 - 00685444 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Writers Craft Box.pdf2016-01-10 15:40 - 2016-01-10 15:40 - 00957322 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Our Stories - Non-Fiction.pdf2016-01-10 15:39 - 2016-01-10 15:39 - 00990428 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Poetry.pdf2016-01-10 15:38 - 2016-01-10 15:38 - 01123736 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Fiction.pdf2016-01-10 15:37 - 2016-01-10 15:37 - 00774472 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Interviews.pdf2016-01-10 15:35 - 2016-01-10 15:35 - 00290815 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - About Us.pdf2016-01-10 15:30 - 2016-01-10 15:30 - 00236650 _____ C:\Users\Denise\Documents\Fall 2015-Winter 2016 - Home.pdf2016-01-06 22:47 - 2016-01-12 06:48 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodicendpoint safety pulse2015-12-31 12:13 - 2015-12-31 12:13 - 00791792 _____ C:\Windows\Minidump\123115-20872-01.dmp2015-12-30 14:28 - 2015-12-30 14:28 - 00014636 _____ C:\Users\Denise\Downloads\David J.Bouchard, PMP.pdf2015-12-30 07:23 - 2015-12-30 07:23 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Brain Workshop2015-12-13 18:49 - 2015-12-13 18:49 - 00000000 ____D C:\Windows\System32\Tasks\McAfee==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-12 20:19 - 2014-10-12 20:10 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1446522629-2901331746-3063338447-1000.job2016-01-12 20:19 - 2013-06-24 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2016-01-12 20:19 - 2012-05-09 18:52 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job2016-01-12 20:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows2016-01-12 20:15 - 2014-11-14 18:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0005f55ae9614.job2016-01-12 20:15 - 2014-11-09 21:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-12 20:15 - 2014-03-30 12:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c3fb8bbdc4c.job2016-01-12 20:15 - 2012-05-04 06:53 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2016-01-12 20:15 - 2012-05-04 06:53 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2016-01-12 20:15 - 2012-05-04 06:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2016-01-12 20:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-01-12 20:14 - 2015-06-06 19:34 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1446522629-2901331746-3063338447-1000.job2016-01-12 20:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-01-12 20:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-01-12 20:00 - 2012-05-04 06:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-01-12 19:33 - 2012-08-25 16:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-01-12 18:49 - 2009-07-14 00:13 - 00006218 _____ C:\Windows\system32\PerfStringBackup.INI2016-01-12 18:48 - 2012-06-08 08:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher2016-01-11 19:43 - 2012-10-19 21:03 - 00000000 ____D C:\Users\Denise\AppData\Roaming\PrimoPDF2016-01-11 19:37 - 2012-05-04 07:11 - 00000000 ____D C:\Program Files (x86)\McAfee2016-01-10 16:36 - 2014-03-10 16:07 - 00000000 ____D C:\Users\Denise\Documents\Personal Success Archive2016-01-10 15:52 - 2015-06-26 19:29 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon2016-01-10 13:17 - 2013-01-10 12:31 - 00000000 ____D C:\Users\Denise\Documents\Personal Reference Documents2016-01-09 09:14 - 2015-10-28 11:53 - 00000000 ____D C:\Users\Denise\AppData\Local\CrashDumps2016-01-03 19:54 - 2012-11-06 16:00 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Skype2016-01-02 21:09 - 2012-05-09 18:52 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2016-01-02 11:01 - 2012-05-04 06:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-01-02 11:01 - 2012-05-04 06:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-01-02 11:01 - 2012-05-04 06:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2016-01-01 13:48 - 2012-05-09 18:52 - 00003904 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask2015-12-31 12:13 - 2014-10-18 09:17 - 845744372 _____ C:\Windows\MEMORY.DMP2015-12-31 12:13 - 2012-07-26 12:07 - 00000000 ____D C:\Windows\Minidump2015-12-30 14:31 - 2014-10-06 12:52 - 00000000 ____D C:\Users\Denise\Documents\Career and Work Reference-Related Files2015-12-30 10:37 - 2015-06-06 19:34 - 00003686 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1446522629-2901331746-3063338447-10002015-12-30 10:37 - 2014-10-12 20:10 - 00003590 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1446522629-2901331746-3063338447-10002015-12-30 08:49 - 2015-06-17 21:38 - 00000000 ____D C:\Users\Denise\AppData\Local\Dropbox2015-12-30 08:30 - 2012-05-04 06:56 - 00000000 ____D C:\ProgramData\Temp2015-12-30 08:27 - 2014-07-10 15:55 - 00000000 ___RD C:\Users\Denise\Dropbox2015-12-30 08:27 - 2014-07-10 15:54 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Dropbox2015-12-18 03:02 - 2015-04-06 02:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-18 03:02 - 2015-04-06 02:02 - 00000000 ___SD C:\Windows\system32\GWX2015-12-17 19:34 - 2015-02-20 11:02 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-17 18:56 - 2012-05-04 07:11 - 00000000 ____D C:\ProgramData\McAfee2015-12-13 18:51 - 2012-05-04 07:11 - 00000000 ____D C:\Program Files\Common Files\mcafee==================== Files in the root of some directories =======2014-01-26 16:20 - 2014-04-04 15:41 - 0002315 _____ () C:\Users\Denise\AppData\Roaming\SAS7_000.DAT2014-06-02 08:06 - 2014-06-02 08:06 - 0000000 _____ () C:\Users\Denise\AppData\Roaming\SharedSettings.ccs2012-07-11 14:12 - 2013-09-02 13:11 - 0004608 _____ () C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-06-02 08:10 - 2014-06-02 08:10 - 0068782 _____ () C:\Users\Denise\AppData\Local\ervkqrou2014-06-21 09:40 - 2014-06-21 09:40 - 0007609 _____ () C:\Users\Denise\AppData\Local\Resmon.ResmonCfg2013-09-02 13:09 - 2013-09-02 13:09 - 0027574 _____ () C:\ProgramData\xportnchk.iniSome files in TEMP:====================C:\Users\Denise\AppData\Local\Temp\3wintyxs.dllC:\Users\Denise\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6abix3.dllC:\Users\Denise\AppData\Local\Temp\jre-8u66-windows-au.exeC:\Users\Denise\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-01-09 08:50==================== End of FRST.txt ============================ Addition.txtShortcut.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2016 ID:1012431 Share Posted January 13, 2016 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Please attach it to your next reply… Next, Ensure to change your passwords, not only your email account but any account, application etc that needs a password.. Have a read at the following link: http://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/ Let me see the logs in your reply, also give an update on any remaining issues or concerns..... Thank you, Kevin.. Fixlist.txt Link to post Share on other sites More sharing options...
ConnorW Posted January 13, 2016 Author ID:1012454 Share Posted January 13, 2016 The log and report are attached as directed. One of my questions is about seeing a new Windows 10 pop-up every time I turn on my computer; other people the spam virus e-mail had been sent to, are also seeing this new pop-up on their computers that they hadn't seen before. Is that normal or a part of what happened? Thanks. Fixlog.txtcureit.log Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2016 ID:1012488 Share Posted January 13, 2016 It will more than likely be a coincidence that email delivery messages seem to cause recipients the Windows 10 pop-up nag... if you look into the task scheduler there are two entries related to the nag you mention... Task: {0E02CB96-2DA1-4992-A15F-670665ACAA97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {86B78DA4-3610-478D-9E88-4D065C200BFD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Apparently those tasks were installed with this update kb3035583 have a read at the following link, it contains removal instructions. http://www.howtogeek.com/218856/how-do-you-disable-the-get-windows-10-icon-shown-in-the-notification-tray/ Let me know if you have any remaining issues or concerns... we will close out shortly.... Next, Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"If your security program alerts to Delfix either, accept the alert or turn your security off.Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner?Take care and surf safeKevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 18, 2016 Root Admin ID:1013322 Share Posted January 18, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts