Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware, maybe.....help

Started by rigs , Apr 05 2017 03:45 PM

Please log in to reply

#1
rigs

Posted 05 April 2017 - 03:45 PM

Member

Member
331 posts

I have a dell inspiron 15 laptop running Win7 x64 and it may be infected with malware. I say this because it’s acting up. I’ve been trying to reinstall my dell wireless driver and does not let me. The DVD drive does not run and internet explorer, either. Can somebody, please, check the results of the frst scan and see if I do have a malware. If so, help me remove it………..

thank you

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by irene santander (administrator) on IRENESANTANDER (01-04-2017 19:30:33)
Running from C:\Users\irene santander\Desktop
Loaded Profiles: irene santander (Available Profiles: irene santander)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Inuvo Inc.) C:\Users\irene santander\AppData\LocalLow\alotservice\alotservice.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Waterfox Ltd) C:\Users\irene santander\Desktop\WaterfoxPortable\WaterfoxPortable.exe
(Waterfox) C:\Users\irene santander\Desktop\WaterfoxPortable\App\Waterfox\waterfox.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\MountPoints2: {3490d69b-c8d6-11e2-89fb-24b6fd490b1a} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\MountPoints2: {7fce786a-7819-11e3-8e47-24b6fd490b1a} - E:\setup.exe -a
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => No File
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5CAFA7B4-C7E0-4D0B-BB7A-21A0C50F489F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Linksicle -> {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} -> C:\Program Files\Linksicle\IE\LinksicleClientIE.dll [2013-10-02] (Linksicle)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-913611297-729162832-2297564686-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
DefaultPrefix-x32: => <==== ATTENTION
Prefixes-x32: [home]=> <==== ATTENTION
Prefixes-x32: [www]=> <==== ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlotService; C:\Users\irene santander\AppData\LocalLow\alotservice\alotservice.exe [256328 2013-01-25] (Inuvo Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-03-08] (Dell Products, LP.) [File not signed]
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
S3 McAWFwk; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 lsnfd; C:\windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-01 19:30 - 2017-04-01 19:30 - 00008533 _____ C:\Users\irene santander\Desktop\FRST.txt
2017-04-01 19:28 - 2017-04-01 19:30 - 00000000 ____D C:\FRST
2017-04-01 19:26 - 2017-04-01 19:26 - 02424832 _____ (Farbar) C:\Users\irene santander\Desktop\FRST64.exe
2017-03-04 21:09 - 2017-03-04 21:09 - 35282427 _____ C:\Users\irene santander\Desktop\RTL819xCU_AutoInstallPackage (2).zip
2017-03-04 21:08 - 2017-03-04 21:08 - 35282265 _____ C:\Users\irene santander\Desktop\RTL819xCU_AutoInstallPackage.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-01 19:29 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 19:29 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 19:23 - 2009-07-14 00:13 - 00006214 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-01 19:20 - 2017-01-07 17:08 - 00000000 ____D C:\Users\irene santander\AppData\Roaming\Mozilla
2017-04-01 19:20 - 2017-01-07 17:08 - 00000000 ____D C:\Users\irene santander\AppData\LocalLow\Mozilla
2017-04-01 19:19 - 2012-05-25 17:38 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-04-01 19:19 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-30 14:08 - 2010-11-20 22:27 - 00513192 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-04-18 12:47 - 2015-04-18 12:47 - 0000288 _____ () C:\Users\irene santander\AppData\Roaming\.backup.dm
2016-11-26 10:35 - 2016-11-26 10:35 - 0000065 _____ () C:\Users\irene santander\AppData\Roaming\mbam.context.scan
2015-10-17 19:53 - 2016-08-02 15:54 - 0000230 _____ () C:\Users\irene santander\AppData\Roaming\WB.CFG
2015-11-26 09:17 - 2016-02-18 22:54 - 1134080 _____ () C:\ProgramData\TrezaaSetupx30039.msi
2016-06-04 18:48 - 2016-09-24 22:54 - 1134592 _____ () C:\ProgramData\TrezaaSetupx30044.msi

Some files in TEMP:
====================
2015-12-25 22:10 - 2015-12-25 22:10 - 0983096 _____ (Generic Internet ) C:\Users\irene santander\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-29 15:52

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by irene santander (01-04-2017 19:31:14)
Running from C:\Users\irene santander\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-28 17:44:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-913611297-729162832-2297564686-500 - Administrator - Disabled)
Guest (S-1-5-21-913611297-729162832-2297564686-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-913611297-729162832-2297564686-1002 - Limited - Enabled)
irene santander (S-1-5-21-913611297-729162832-2297564686-1000 - Administrator - Enabled) => C:\Users\irene santander

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AOL Toolbar (HKU\S-1-5-21-913611297-729162832-2297564686-1000\...\AOL Toolbar) (Version: - )
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {052F316C-4755-4476-8971-13D9103C081C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {28D1865E-F9F6-41FD-922E-8756C4C75477} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {3862B587-E104-4C20-8393-41CF362A593D} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
Task: {471EA265-8E9C-46E2-AAD0-2F8BB347D46A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {76B5E005-FC3A-4609-84F8-BF5B9F6B6635} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {79F377D6-F5DC-4D6A-BF8E-51426D5E4F6A} - System32\Tasks\{1ACA138B-ADB6-4AD4-B589-B29DD3F3E2A5} => pcalua.exe -a "C:\Users\irene santander\Desktop\DW1704_W7_A00_Setup-F042R_ZPE.exe" -d "C:\Users\irene santander\Desktop"
Task: {9785CD96-3AC5-4E1C-B577-C1168B3DB395} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {9DE918E4-25DB-4270-89A5-58A3BE9AF9A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-24] (Adobe Systems Incorporated)
Task: {9F040355-1EF2-4C4A-A005-84BD8FE183C5} - System32\Tasks\NetRadioUpdater => C:\Program Files (x86)\NetRadio\lstrest.exe [2016-08-12] (Microsoft)
Task: {B6852FA7-5990-4BAC-8F50-E7C4DA121DCE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {CFD2345B-EC84-4FB5-BAEF-7669ADA2F02D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EDFE7EF3-845E-4694-8E55-3A81CD95E23D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-15 20:14 - 2015-06-15 20:14 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 04:59 - 2014-11-13 04:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00029696 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\registry.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00008704 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\newadvsplash.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00011264 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\System.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-913611297-729162832-2297564686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\irene santander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^irene santander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_39A70FF9FB099BEDC0E2065ECB28F6C1 => "C:\Users\irene santander\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{07785994-F3C9-4C24-9E79-76A41293AF12}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [UDP Query User{E8F08F29-F371-481D-BF72-8D90943108E3}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe

==================== Restore Points =========================

26-11-2016 08:46:01 Windows Update
30-12-2016 15:52:37 Windows Update
07-01-2017 16:26:48 Windows Update
17-01-2017 20:46:22 Windows Update
31-01-2017 20:09:09 Windows Update
07-02-2017 19:32:49 Windows Update
23-02-2017 16:11:15 Windows Update
02-03-2017 19:35:33 Windows Update
01-04-2017 19:20:21 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2017 07:23:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/01/2017 07:23:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/01/2017 07:23:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/01/2017 07:23:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/01/2017 07:19:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/23/2017 08:04:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/23/2017 08:04:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/23/2017 08:01:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/18/2017 03:08:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/04/2017 09:01:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (04/01/2017 07:23:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 3 time(s).

Error: (04/01/2017 07:23:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated with the following error:
The keyset is not defined.

Error: (04/01/2017 07:23:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.

Error: (04/01/2017 07:22:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program.

Error: (04/01/2017 07:22:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Nero Update service terminated with the following error:
The keyset is not defined.

Error: (04/01/2017 07:22:45 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070002'. In Windows Media Player, turn off media sharing, and then turn it back on.

Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Update Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/01/2017 07:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Update Service service to connect.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 390 @ 2.67GHz
Percentage of memory in use: 46%
Total physical RAM: 3894.68 MB
Available physical RAM: 2084.09 MB
Total Virtual: 7787.55 MB
Available Virtual: 5663.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:395.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C788EA28)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
zep516

Posted 05 April 2017 - 06:23 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Uninstall this program
MyPC Backup Click start, click control panel, click Programs an features in the list find MyPC Backup and uninstall it. If the program does not uninstall please keep following the rest of instructions.

Next

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Open notepad (Start =>All Programs => Accessories => Notepad). Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint: 
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-913611297-729162832-2297564686-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
DefaultPrefix-x32: =>  <==== ATTENTION
Prefixes-x32: [home]=>  <==== ATTENTION
Prefixes-x32: [www]=>  <==== ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S3 McAWFwk; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {3862B587-E104-4C20-8393-41CF362A593D} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
C:\Program Files (x86)\PRO PC Cleaner Soft
Task: {76B5E005-FC3A-4609-84F8-BF5B9F6B6635} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {9785CD96-3AC5-4E1C-B577-C1168B3DB395} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
2014-11-13 04:59 - 2014-11-13 04:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 04:59 - 2014-11-13 04:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00029696 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\registry.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00008704 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\newadvsplash.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00011264 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\System.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download adwCleaner to your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next
Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
The AdwCleaner [C1].txt Log
The JRT.txt Log
Fixlog.txt

#3
rigs

Posted 09 April 2017 - 09:07 PM

Member

Topic Starter
Member
331 posts

thank you for replying, I'm disabled and need help with all your instructions. that person is not able to help me until tuesdday. so as soon as we get it done, I'll post the results.......

thank gyou

#4
zep516

Posted 09 April 2017 - 09:12 PM

Trusted Helper

Malware Removal
8,093 posts

You're welcome rigs, I'll see you on Tuesday.

Thanks
Joe

#5
rigs

Posted 11 April 2017 - 05:20 PM

Member

Topic Starter
Member
331 posts

Ok, we copied and pasted the first part of the instructions. We then ran the FRST64 and got fixlog.txt. Everything went smoothly……
We, then, ran the adwcleaner but have a problem with this program. When we tried to scan the system. We get an error message»»»”sqlite3.dll is corrupted or has been replaced”. The program shuts off after clicking “OK”. So, we decided to quit and get back to you for new instructions……….

I’m posting the “fixlog” but not the adwcleaner or the JRT. Since we’re not sure to run JRT because of the adwcleaner not working.

Thank You

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by irene santander (11-04-2017 16:40:49) Run:1
Running from C:\Users\irene santander\Desktop
Loaded Profiles: irene santander (Available Profiles: irene santander)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-913611297-729162832-2297564686-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
DefaultPrefix-x32: => <==== ATTENTION
Prefixes-x32: [home]=> <==== ATTENTION
Prefixes-x32: [www]=> <==== ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [File not signed] <==== ATTENTION
S3 McAWFwk; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {3862B587-E104-4C20-8393-41CF362A593D} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe [2015-10-06] (PRO PC Cleaner Soft) <==== ATTENTION
C:\Program Files (x86)\PRO PC Cleaner Soft
Task: {76B5E005-FC3A-4609-84F8-BF5B9F6B6635} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe [2015-10-06] () <==== ATTENTION
Task: {9785CD96-3AC5-4E1C-B577-C1168B3DB395} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
2014-11-13 04:59 - 2014-11-13 04:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 04:59 - 2014-11-13 04:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 04:59 - 2014-11-13 04:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00029696 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\registry.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00008704 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\newadvsplash.dll
2017-04-01 19:19 - 2017-04-01 19:19 - 00011264 _____ () C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\System.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Program Files (x86)\MyPC Backup\BackupStack.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
"C:\PROGRA~3\Wincert\WIN64C~1.DLL" => Value data removed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-913611297-729162832-2297564686-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value removed successfully
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => key not found.
HKCR\PROTOCOLS\Filter\application/x-mfe-ipt => key not found.
HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\Default => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes\\home => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes\\www => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
BackupStack => service not found.
HKLM\System\CurrentControlSet\Services\McAWFwk => key removed successfully
McAWFwk => service removed successfully
HKLM\System\CurrentControlSet\Services\PCDSRVC{3B54B31B-D06B6431-06020200}_0 => key removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3862B587-E104-4C20-8393-41CF362A593D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3862B587-E104-4C20-8393-41CF362A593D} => key removed successfully
C:\windows\System32\Tasks\PROPCCleanerSoft_Start => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoft_Start => key removed successfully
C:\Program Files (x86)\PRO PC Cleaner Soft => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76B5E005-FC3A-4609-84F8-BF5B9F6B6635} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B5E005-FC3A-4609-84F8-BF5B9F6B6635} => key removed successfully
C:\windows\System32\Tasks\PROPCCleanerSoft_Popup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoft_Popup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9785CD96-3AC5-4E1C-B577-C1168B3DB395} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9785CD96-3AC5-4E1C-B577-C1168B3DB395} => key removed successfully
C:\windows\System32\Tasks\LaunchSignup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key removed successfully
"C:\Program Files (x86)\MyPC Backup\AlphaFS.dll" => not found.
"C:\Program Files (x86)\MyPC Backup\LinqBridge.dll" => not found.
"C:\Program Files (x86)\MyPC Backup\GetText.dll" => not found.
"C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll" => not found.
"C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\registry.dll" => not found.
"C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\newadvsplash.dll" => not found.
"C:\Users\irene santander\AppData\Local\Temp\nsv17E5.tmp\System.dll" => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {AA8720D5-8456-465C-B728-1182891A736B}.
Unable to cancel {10AC05EE-CBB3-4E7A-942E-3D8D6F727E91}.
0 out of 2 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-913611297-729162832-2297564686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-913611297-729162832-2297564686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24370758 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 1858078646 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 50037 B
systemprofile32 => 113238 B
LocalService => 0 B
NetworkService => 130293338 B
irene santander => 2582106774 B

RecycleBin => 180907559 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:41:37 ====

#6
zep516

Posted 11 April 2017 - 05:35 PM

Trusted Helper

Malware Removal
8,093 posts

Go ahead an run JRT.
Post the log from it

Then do this
Delete adwCleaner from the desktop lets start fresh with that, right click on the adwCleaner Icon choose delete.

New instructions for adwcleaner for your convenience

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be moved to Quarantine.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

#7
rigs

Posted 19 April 2017 - 02:53 PM

Member

Topic Starter
Member
331 posts

Ok, we did as instructed for both programs. JRT ran smoothly with no problems at all. The JRT log is posted below…..
However, when we ran the new adware cleaner download. we got the same error pop up window as the previous adware download………..

So, now we’ll wait for further instructions…………

thank you

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows_NT x64
Ran by irene santander (Administrator) on Wed 04/19/2017 at 15:11:12.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 35

Failed to delete: C:\Users\irene santander\Appdata\LocalLow\alotappbar (Folder)
Failed to delete: C:\Users\irene santander\Appdata\LocalLow\alotservice (Folder)
Successfully deleted: C:\ProgramData\aol toolbar (Folder)
Successfully deleted: C:\ProgramData\apn (Folder)
Successfully deleted: C:\ProgramData\netradio (Folder)
Successfully deleted: C:\ProgramData\pcfixspeed (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\netradio (Folder)
Successfully deleted: C:\ProgramData\wincert (Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{28A5DE1E-B791-4A5F-BD5B-02E2A20F16C6} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{3B42B0DA-FBCD-4769-9F21-CF4846BFCAD1} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{408A4109-778E-4F68-BFD1-26762CF32AF0} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{518F602E-CC9C-4CD3-BC11-49AEBAD1C41D} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{589F0254-C8E2-4C01-A16F-456B1B5DD3F9} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{AB34F31A-B09C-4F30-BFFC-758C39866C5A} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{B26E2A88-37A4-4ECE-B436-4FB4798BEC4E} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{C069D785-FEC6-4B06-83C0-9350408E0DA8} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{CB40E2A9-423A-413A-A265-D173C62108CF} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{DAA7D773-A5E4-4066-B76F-6635E38C68FF} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\{DD08F631-25A1-4041-9CA1-10957AA4B53E} (Empty Folder)
Successfully deleted: C:\Users\irene santander\AppData\Local\aol toolbar (Folder)
Successfully deleted: C:\Users\irene santander\Appdata\LocalLow\koyotesofttoolbarnew (Folder)
Successfully deleted: C:\Users\irene santander\Appdata\LocalLow\searchresultstb (Folder)
Successfully deleted: C:\Users\irene santander\AppData\Roaming\24x7 help (Folder)
Successfully deleted: C:\Users\irene santander\AppData\Roaming\pcfixspeed (Folder)
Successfully deleted: C:\Users\irene santander\Documents\propccleaner (Folder)
Successfully deleted: C:\windows\system32\Tasks\NetRadioUpdater (Task)
Successfully deleted: C:\windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\windows\system32\Tasks\PCDoctorBackgroundMonitorTask-Retry (Task)
Successfully deleted: C:\windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Program Files (x86)\alotappbar (Folder)
Successfully deleted: C:\Program Files (x86)\aol toolbar (Folder)
Successfully deleted: C:\Program Files (x86)\netradio (Folder)
Successfully deleted: C:\Program Files\earth networks (Folder)
Successfully deleted: C:\Program Files\linksicle (Folder)
Successfully deleted: C:\Users\irene santander\desktop\Continue Flash Player Pro Installation.lnk (File)

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\AlotService (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/19/2017 at 15:12:29.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
zep516

Posted 19 April 2017 - 07:57 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Not entirely sure what's going on with adwCleaner. Lets run a Malwarebytes scan.

Next

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#9
rigs

Posted 23 April 2017 - 06:49 PM

Member

Topic Starter
Member
331 posts

Dude, I don’t know what's wrong with this laptop but after d/loading the malware bytes program and try to install it. We get an error message(attached below) and the installation shuts down after clicking “ok” in the error message window.

thanks for your patience…………..

Attached Thumbnails

Edited by rigs, 23 April 2017 - 06:50 PM.

#10
zep516

Posted 24 April 2017 - 09:18 PM

Trusted Helper

Malware Removal
8,093 posts

Try the following.

Download Emsisoft Emergency Kit and save it to your desktop.
Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
Click Yes to update the program
Once the update is completed click the Back button
Click on 2. Scan (not Quick Scan or Smart Scan Click Yes to detect Potentially Unwanted Programs (PUPs)
Patiently wait for the thorough scan to complete, this can be a lengthy process
Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
Click View Report
Attach the report to your reply
Close the program then click Close

#11
rigs

Posted 28 April 2017 - 07:42 PM

Member

Topic Starter
Member
331 posts

Ok, we did ran and installed the Emsisoft Emergency Kit software. After it updated itself, we clicked “2” to scan. We clicked “yes” on the “Potentially Unwanted Programs” pop up window. Now, does the scan automatically starts or do we click another button? The reason I ask is because after we clicked “yes” we waited for about two hours but nothing happened. I want to make sure before I click anything.

One more thing, I’m having health problems and starting Monday. I will be out of “commission” a few days, a week at the most. So, if I don’t reply after this weekend. I will rerun the software as soon as possible.

Thank You for your understanding………

#12
zep516

Posted 28 April 2017 - 07:51 PM

Trusted Helper

Malware Removal
8,093 posts

Hello rigs,

That scan should have started, however if you see something else to click then don't be afraid to click it. If it never seems to run then always reboot the computer and start over.

Give Malwarebytes another try too, uninstall Malwarebytes and reinstall it.

I'll be standing by.

#13
rigs

Posted 12 May 2017 - 01:56 PM

Member

Topic Starter
Member
331 posts

Hey, I’m back. I got released from the hospital yesterday and waiting for my acquaintance to come and help me, this weekend……

Thank you

#14
zep516

Posted 12 May 2017 - 05:53 PM

Trusted Helper

Malware Removal
8,093 posts

You're welcome rigs.

#15
rigs

Posted 15 May 2017 - 02:12 PM

Member

Topic Starter
Member
331 posts

Ok, we did as instructed with the emisoft program and the report is attached. However, we had a problem, the click “yes” to detect PUPs did not come up. We restarted the program three times and it did not come up. Should we run it, again?

Once, again, thank you for your patience…………..