Results 1 to 8 of 8

Thread: AV help

  1. #1
    Member
    Join Date
    Jan 2016
    Posts
    4
    Points
    0

    Default AV help

    McAffe issues

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hey sister!

    This'll get easier once you get the hang of it...

    More than likely your PC is 64-bit so download that version..

    Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

    Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Make sure that FRST is on the desktop of the infected system
    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Jan 2016
    Posts
    4
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
    Ran by Arlene (administrator) on DELL-LAPTOP (07-01-2016 18:31:06)
    Running from C:\Users\Arlene\Downloads
    Loaded Profiles: Arlene (Available Profiles: Arlene & Administrator)
    Platform: Windows 8.1 (Update 1) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Farbar) C:\Users\Arlene\Downloads\FRST64 (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-07] (AVAST Software)
    HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\fef1b612-9e54-4345-bb6d-e0f096684620.exe [168336 2016-01-07] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2015-01-31] (Qualcomm®Atheros®)
    HKU\S-1-5-21-914953023-2316592664-2663893039-1001\...\Run: [GoogleChromeAutoLaunch_086F9E261B7378CEB4CF85948B332C04] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-07] (AVAST Software)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
    ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-01-07]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{0B3B7693-5E17-4B84-A50E-98E2454CAAF7}: [DhcpNameServer] 192.168.43.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-914953023-2316592664-2663893039-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    HKU\S-1-5-21-914953023-2316592664-2663893039-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-914953023-2316592664-2663893039-1001 -> DefaultScope {362384F3-6B4F-490E-A417-1227AF4A2838} URL =
    SearchScopes: HKU\S-1-5-21-914953023-2316592664-2663893039-1001 -> {0D8A8378-25BE-4C33-88B0-F4479FEE44FA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-07] (AVAST Software)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-09] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-07] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-28] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-28] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-09] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-09] (Google Inc.)
    FF Plugin HKU\S-1-5-21-914953023-2316592664-2663893039-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-07] (Citrix Online)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-07]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US105D20150217&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Profile: C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-13]
    CHR Extension: (Yahoo Web) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-09-13]
    CHR Extension: (Google Docs) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-13]
    CHR Extension: (Google Drive) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
    CHR Extension: (YouTube) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
    CHR Extension: (Google Search) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
    CHR Extension: (Google Sheets) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
    CHR Extension: (Avast Online Security) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
    CHR Extension: (Gmail) - C:\Users\Arlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 0315131452192361mcinstcleanup; C:\Users\Arlene\AppData\Local\Temp\031513~1.EXE [882000 2015-07-23] (McAfee, Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323200 2015-01-31] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-07] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-07] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-07] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-07] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-07] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-07] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-07] (AVAST Software)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4267008 2015-01-11] (Qualcomm Atheros Communications, Inc.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2015-01-31] (Qualcomm Atheros)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-07 18:31 - 2016-01-07 18:31 - 00019452 _____ C:\Users\Arlene\Downloads\FRST.txt
    2016-01-07 18:29 - 2016-01-07 18:31 - 00000000 ____D C:\FRST
    2016-01-07 18:29 - 2016-01-07 18:29 - 02370560 _____ (Farbar) C:\Users\Arlene\Downloads\FRST64 (1).exe
    2016-01-07 18:28 - 2016-01-07 18:28 - 01721856 _____ (Farbar) C:\Users\Arlene\Downloads\FRST (1).exe
    2016-01-07 18:25 - 2016-01-07 18:25 - 02370560 _____ (Farbar) C:\Users\Arlene\Downloads\FRST64.exe
    2016-01-07 18:23 - 2016-01-07 18:23 - 01721856 _____ (Farbar) C:\Users\Arlene\Downloads\FRST.exe
    2016-01-07 18:09 - 2016-01-07 18:09 - 00001552 _____ C:\Users\Arlene\Downloads\privatemessages-Arlene B-01-07-2016 (2).txt
    2016-01-07 18:08 - 2016-01-07 18:08 - 00001552 _____ C:\Users\Arlene\Downloads\privatemessages-Arlene B-01-07-2016.txt
    2016-01-07 18:08 - 2016-01-07 18:08 - 00001552 _____ C:\Users\Arlene\Downloads\privatemessages-Arlene B-01-07-2016 (1).txt
    2016-01-07 18:08 - 2016-01-07 18:08 - 00001338 _____ C:\Users\Arlene\Downloads\privatemessages-Arlene B-01-07-2016.xml
    2016-01-07 18:08 - 2016-01-07 18:08 - 00000763 _____ C:\Users\Arlene\Downloads\privatemessages-Arlene B-01-07-2016.csv
    2016-01-07 17:10 - 2016-01-07 17:10 - 00148190 _____ C:\Users\Arlene\Downloads\-heilman3.htm
    2016-01-07 17:10 - 2016-01-07 17:10 - 00148190 _____ C:\Users\Arlene\Downloads\-heilman3 (1).htm
    2016-01-07 17:07 - 2016-01-07 17:07 - 00003104 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-914953023-2316592664-2663893039-1001
    2016-01-07 17:07 - 2016-01-07 17:07 - 00000000 ___RD C:\Users\Arlene\OneDrive
    2016-01-07 17:07 - 2016-01-07 17:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-01-07 16:49 - 2016-01-07 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2016-01-07 16:39 - 2016-01-07 16:39 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-01-07 16:38 - 2016-01-07 16:38 - 03187368 _____ (Microsoft Corporation) C:\Users\Arlene\Downloads\Setup.X86.en-US_O365HomePremRetail_59896884-b67b-427f-badf-a5630576394c_TX_PR_.exe
    2016-01-07 13:15 - 2016-01-07 13:12 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2C9.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-01-07 13:15 - 2016-01-07 13:12 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2DA.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2DB.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2C7.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2C5.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2C8.tmp
    2016-01-07 13:15 - 2016-01-07 13:12 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2C6.tmp
    2016-01-07 13:15 - 2016-01-07 13:11 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B4.tmp
    2016-01-07 13:13 - 2016-01-07 13:13 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-01-07 13:13 - 2016-01-07 13:13 - 00000000 ____D C:\Users\Arlene\AppData\Roaming\AVAST Software
    2016-01-07 13:13 - 2016-01-07 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-01-07 13:12 - 2016-01-07 13:15 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-01-07 13:12 - 2016-01-07 13:12 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1452193974468
    2016-01-07 13:12 - 2016-01-07 13:12 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1452193974468
    2016-01-07 13:12 - 2016-01-07 13:12 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-01-07 13:12 - 2016-01-07 13:12 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-01-07 13:12 - 2016-01-07 13:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2016-01-07 13:12 - 2016-01-07 13:12 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-01-07 13:12 - 2016-01-07 13:11 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2016-01-07 13:10 - 2016-01-07 13:10 - 05066096 _____ (AVAST Software) C:\Users\Arlene\Downloads\avast_free_antivirus_setup_online.exe
    2016-01-07 13:10 - 2016-01-07 13:10 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-01-07 13:10 - 2016-01-07 13:10 - 00000000 ____D C:\Program Files\AVAST Software
    2016-01-07 12:45 - 2016-01-07 12:45 - 00000000 ____D C:\Program Files\McAfee
    2016-01-07 12:35 - 2016-01-07 12:35 - 00000000 ___RD C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-01-07 11:45 - 2016-01-07 12:10 - 00000000 ____D C:\Program Files (x86)\Citrix
    2016-01-07 11:45 - 2016-01-07 11:45 - 00000000 ____D C:\Users\Arlene\AppData\Local\Citrix
    2016-01-07 11:40 - 2015-12-08 21:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-01-07 11:16 - 2016-01-07 11:17 - 00000000 ____D C:\ProgramData\Atheros
    2016-01-07 11:16 - 2016-01-07 11:16 - 00000000 ____D C:\Users\Arlene\AppData\Roaming\Atheros
    2015-12-09 21:43 - 2015-12-09 21:43 - 00000000 ____D C:\Users\Arlene\AppData\Local\YSearchUtil
    2015-12-09 21:43 - 2015-12-09 21:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-12-09 21:41 - 2015-12-09 21:41 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-12-09 21:41 - 2015-12-09 21:41 - 00000000 ____D C:\Users\Arlene\AppData\Roaming\Sun
    2015-12-09 21:41 - 2015-12-09 21:41 - 00000000 ____D C:\Users\Arlene\.oracle_jre_usage
    2015-12-09 21:41 - 2015-12-09 21:41 - 00000000 ____D C:\ProgramData\Oracle
    2015-12-09 21:41 - 2015-12-09 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-12-09 21:40 - 2015-12-09 21:40 - 00000000 ____D C:\Program Files (x86)\Java
    2015-12-09 21:39 - 2015-12-09 21:39 - 00584288 _____ (Oracle Corporation) C:\Users\Arlene\Downloads\chromeinstall-8u66.exe
    2015-12-09 19:34 - 2015-07-31 21:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
    2015-12-09 19:34 - 2015-07-31 21:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
    2015-12-09 19:34 - 2015-07-31 21:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2015-12-09 19:34 - 2015-07-31 21:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
    2015-12-09 19:34 - 2015-07-31 21:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
    2015-12-09 19:34 - 2015-07-29 08:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-12-09 19:34 - 2015-07-29 08:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-12-09 19:34 - 2015-07-29 08:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-12-09 19:34 - 2015-07-24 12:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-09 19:34 - 2015-07-24 12:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-12-09 19:34 - 2015-07-24 12:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-12-09 19:34 - 2015-07-24 11:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-12-09 19:34 - 2015-07-24 11:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-12-09 19:34 - 2015-07-13 21:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-12-09 19:34 - 2015-07-13 21:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-12-09 19:34 - 2015-07-10 12:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
    2015-12-09 19:34 - 2015-07-10 11:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-12-09 19:34 - 2015-07-10 11:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
    2015-12-09 19:34 - 2015-07-10 11:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2015-12-09 19:34 - 2015-07-10 10:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-12-09 19:34 - 2015-07-10 10:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2015-12-09 19:34 - 2015-06-15 23:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2015-12-09 19:34 - 2015-06-15 23:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2015-12-09 19:34 - 2015-06-10 21:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2015-12-09 19:34 - 2015-06-10 10:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2015-12-09 19:34 - 2015-01-27 19:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
    2015-12-09 19:34 - 2015-01-27 19:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
    2015-12-09 19:34 - 2014-10-28 20:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-12-09 19:34 - 2014-10-28 20:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-12-09 19:34 - 2014-10-28 20:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-12-09 19:34 - 2014-10-28 20:24 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
    2015-12-09 19:34 - 2014-10-28 20:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2015-12-09 19:34 - 2014-10-28 20:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2015-12-09 19:34 - 2014-10-28 20:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2015-12-09 19:34 - 2014-10-28 19:43 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
    2015-12-09 19:32 - 2015-08-03 15:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2015-12-09 19:32 - 2015-08-03 15:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2015-12-09 19:32 - 2015-08-01 08:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2015-12-09 19:32 - 2015-01-29 12:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2015-12-09 19:32 - 2015-01-29 12:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2015-12-09 19:32 - 2014-10-28 20:46 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2015-12-09 19:32 - 2014-10-28 20:41 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
    2015-12-09 19:32 - 2014-10-28 20:28 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
    2015-12-09 19:31 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2015-12-09 19:31 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2015-12-09 19:31 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2015-12-09 19:31 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2015-12-09 19:31 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2015-12-09 19:31 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2015-12-09 19:31 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2015-12-09 19:31 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-12-09 19:31 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-12-09 19:31 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2015-12-09 19:31 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2015-12-09 19:31 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2015-12-09 19:31 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-09 19:30 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-09 19:30 - 2015-07-13 21:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
    2015-12-09 19:30 - 2015-05-03 09:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2015-12-09 19:30 - 2015-05-03 08:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2015-12-09 19:30 - 2015-03-04 04:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2015-12-09 19:30 - 2015-03-03 21:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2015-12-09 19:30 - 2015-03-03 20:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2015-12-09 19:30 - 2015-01-20 23:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2015-12-09 19:30 - 2015-01-20 23:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2015-12-09 19:22 - 2015-12-09 19:22 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-12-09 19:20 - 2015-12-09 19:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2015-12-09 19:19 - 2015-12-09 19:23 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
    2015-12-09 19:19 - 2015-12-09 19:19 - 00000000 ____D C:\ProgramData\{46B78963-E124-47B8-9C79-11FDD89852E5}
    2015-12-09 19:13 - 2015-12-09 19:13 - 00000000 ____D C:\WINDOWS\system32\nn-NO
    2015-12-09 19:13 - 2015-12-09 19:13 - 00000000 ____D C:\Program Files (x86)\Cisco
    2015-12-09 19:13 - 2014-05-13 20:07 - 00060416 ____N (Atheros) C:\WINDOWS\system32\athihvui.dll
    2015-12-09 19:13 - 2014-05-13 20:06 - 00440320 ____N (Atheros) C:\WINDOWS\system32\athihvs.dll
    2015-12-09 13:53 - 2015-11-02 18:23 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-12-09 13:53 - 2015-11-02 18:23 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-07 18:30 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
    2016-01-07 17:53 - 2015-09-13 10:24 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-07 17:12 - 2015-09-13 10:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-914953023-2316592664-2663893039-1001
    2016-01-07 17:09 - 2014-04-28 12:37 - 00000000 ____D C:\Users\Arlene\AppData\Local\Packages
    2016-01-07 17:07 - 2015-09-13 10:06 - 00000000 ____D C:\Users\Arlene
    2016-01-07 17:07 - 2014-01-22 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-01-07 17:06 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-01-07 17:05 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-07 16:39 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-01-07 16:11 - 2013-08-22 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-07 15:45 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 15:45 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-07 14:53 - 2015-09-13 10:24 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-07 14:39 - 2015-09-13 11:19 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-07 14:34 - 2015-09-13 11:19 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-07 14:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
    2016-01-07 13:53 - 2014-01-22 23:10 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2016-01-07 12:45 - 2014-01-22 23:08 - 00000000 ____D C:\ProgramData\McAfee
    2016-01-07 12:42 - 2014-01-22 22:44 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-07 12:33 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-07 12:33 - 2013-08-22 08:44 - 00346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-07 11:37 - 2014-01-22 23:08 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-01-07 11:36 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-07 11:35 - 2015-11-06 12:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2016-01-07 11:35 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-01-07 11:35 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2016-01-07 11:21 - 2015-09-13 10:25 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-09 19:25 - 2014-01-22 22:56 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
    2015-12-09 14:48 - 2015-09-13 10:24 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-09 14:48 - 2015-09-13 10:24 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-09 13:41 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2015-12-09 13:41 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\setup
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\WinStore
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\MediaViewer
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2015-12-09 13:40 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-12-09 13:40 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\servicing
    2015-12-09 13:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\FileManager
    2015-12-09 13:39 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Camera

    ==================== Files in the root of some directories =======

    2014-01-22 22:32 - 2014-01-22 22:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-01-22 23:05 - 2014-01-22 23:06 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-01-22 23:01 - 2014-01-22 23:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-01-22 23:02 - 2014-01-22 23:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-01-22 23:04 - 2014-01-22 23:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-01-22 23:01 - 2014-01-22 23:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Files to move or delete:
    ====================
    C:\Users\Arlene\jobq.dat


    Some files in TEMP:
    ====================
    C:\Users\Arlene\AppData\Local\Temp\0315131452192361mcinst.exe
    C:\Users\Arlene\AppData\Local\Temp\McCSPInstall.dll
    C:\Users\Arlene\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\Arlene\AppData\Local\Temp\ytb.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-07 17:04

    ==================== End of FRST.txt ============================

  4. #4
    Member
    Join Date
    Jan 2016
    Posts
    4
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
    Ran by Arlene (2016-01-07 18:32:05)
    Running from C:\Users\Arlene\Downloads
    Windows 8.1 (Update 1) (X64) (2015-09-13 16:09:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-914953023-2316592664-2663893039-500 - Administrator - Disabled) => C:\Users\Administrator
    Arlene (S-1-5-21-914953023-2316592664-2663893039-1001 - Administrator - Enabled) => C:\Users\Arlene
    Guest (S-1-5-21-914953023-2316592664-2663893039-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-914953023-2316592664-2663893039-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-914953023-2316592664-2663893039-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.340 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {128B630F-42BE-4A39-BDE6-462A6D8BC016} - System32\Tasks\Dell\Dell System Registration => /boot /LSRC=autolaunch
    Task: {1BD923A7-63FB-428B-AAB2-2F1D62230ECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
    Task: {2308BD95-B80C-45AF-B27E-0279FD0E37F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-07] (AVAST Software)
    Task: {41619423-A1A8-4A37-884A-A8CF1D843628} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-21] (PC-Doctor, Inc.)
    Task: {44CDA2DC-955A-452F-9F7E-4011654E551D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {4874C977-9A5A-43B0-B802-36AF12555ABE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-07] (Microsoft Corporation)
    Task: {4AC884C6-492F-451D-ACBB-975D26C6DF99} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {504C6E71-D703-4681-AF42-6F5281EB35A0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
    Task: {61BEE100-BD93-4D52-8080-91DDDB860ACA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
    Task: {69559F1E-A426-46B0-AB60-A47C1A5524F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
    Task: {756681C8-FA4B-4637-89DB-394F2FFD455B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-914953023-2316592664-2663893039-1001 => C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-01-07] (Microsoft Corporation)
    Task: {762151F7-5245-4C65-97BF-DDB61E7E413E} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
    Task: {89F9C13D-8C83-4685-8882-A40191952264} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {954A5CA5-EB2F-454F-BCCC-B581920219A8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {9DD05358-9701-4668-9030-5F75AE79BA39} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {E02B92F3-10B7-4DA6-807E-824E9B00EFD6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-06] (Synaptics Incorporated)
    Task: {E5DC01D2-2A00-4513-92D9-988EC2DC71A2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-21] (PC-Doctor, Inc.)
    Task: {EFB50ED2-BF4E-416D-861B-0FAAFDDB0FE9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-07] (Microsoft Corporation)
    Task: {FA611EEF-6CA9-4935-B9DC-44F9F6686F98} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-07] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
    2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
    2015-01-31 06:18 - 2015-01-31 06:18 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2015-01-31 06:14 - 2015-01-31 06:14 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2015-01-31 06:21 - 2015-01-31 06:21 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    2016-01-07 16:39 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
    2014-01-22 23:02 - 2013-03-04 21:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-11-12 12:04 - 2013-11-12 12:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2014-01-22 22:53 - 2013-08-28 04:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2014-01-22 23:11 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 02990080 _____ () C:\Program Files\AVAST Software\Avast\defs\15110499\algo.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-01-07 13:15 - 2016-01-07 13:15 - 02809344 _____ () C:\Program Files\AVAST Software\Avast\defs\16010700\algo.dll
    2016-01-07 16:42 - 2016-01-07 16:42 - 02809344 _____ () C:\Program Files\AVAST Software\Avast\defs\16010701\algo.dll
    2016-01-07 13:12 - 2016-01-07 13:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-01-07 11:20 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2016-01-07 11:20 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-914953023-2316592664-2663893039-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Arlene\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.43.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{4EC5F8EF-012D-4B36-9266-69DC7F0EB0D0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
    FirewallRules: [{651F2958-0168-48C5-93D0-D58CC198CD8E}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
    FirewallRules: [{E8478F5F-5700-4B7F-B2B1-22B69048ED84}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    FirewallRules: [{6DBBFC1A-072E-443D-B692-DD9AAED77170}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{4F431608-82E9-40F5-863A-C9ED09FA1786}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{913E6BF9-9DF7-41B3-9E80-F956FC0EF85D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{AB06FA4D-7CA8-4F7E-ACDB-D8921D6735EB}] => (Allow) LPort=2869
    FirewallRules: [{51BEA9E3-0689-481F-B78E-F79F747396A5}] => (Allow) LPort=1900
    FirewallRules: [{405AED7F-928B-4346-AE6C-35E214F5BFEA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{815D41D3-20DF-4445-A333-FA189E0BE513}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{AC835269-102F-423E-823D-95D1511ECED0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{5E943F00-8E9F-4A7A-9A4B-22F32B27E628}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{940E8A40-054B-4F00-8EF5-C8BDA47E6F44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{023B38A2-B30E-4ECB-B626-89A37EBF32A2}] => (Allow) C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\OneDrive.exe

    ==================== Restore Points =========================

    09-12-2015 19:05:59 Dell Update: Dell Wireless 1705/1703 WLAN 802.11b/g/n, Bluetooth4.0+HS Driver
    07-01-2016 12:24:44 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/02/2015 06:42:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (12/02/2015 12:53:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 46.0.2490.86 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 14f0

    Start Time: 01d12d1fd2ee8332

    Termination Time: 4

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: e09baece-9925-11e5-8267-645a04ca7a78

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/02/2015 12:40:36 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=46.0.2490.86;lang=;guid=9DBE47F5EEA64D32A3A73233E7C81660;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0ccfb354-6de8-4633-9f27-8daa9a018c2c.dmp

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
    Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/SECURITY namespace does not exist. The query will be ignored.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/SECURITY namespace does not exist. The query will be ignored.

    Error: (11/25/2015 07:37:59 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
    Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.


    System errors:
    =============
    Error: (01/07/2016 05:05:22 PM) (Source: DCOM) (EventID: 10010) (User: Dell-laptop)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (01/07/2016 05:04:52 PM) (Source: DCOM) (EventID: 10010) (User: Dell-laptop)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (01/07/2016 02:30:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 8.1 for x64-based Systems (KB3000850).

    Error: (01/07/2016 11:09:39 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:21:09 PM on ‎12/‎9/‎2015 was unexpected.

    Error: (12/09/2015 09:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
    %%1053

    Error: (12/09/2015 09:26:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

    Error: (12/09/2015 09:26:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1

    Error: (12/09/2015 09:22:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
    %%1053

    Error: (12/09/2015 09:22:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.

    Error: (12/09/2015 07:01:09 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:27:48 PM on ‎12/‎9/‎2015 was unexpected.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
    Percentage of memory in use: 36%
    Total physical RAM: 6024.96 MB
    Available physical RAM: 3853.84 MB
    Total Virtual: 6984.96 MB
    Available Virtual: 4682.79 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:456.78 GB) (Free:405.46 GB) NTFS
    Drive w: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
    Drive x: (PBR Image) (Fixed) (Total:7.85 GB) (Free:0.69 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 550808BB)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  5. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Arlene, check your messages at FB.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Arlene,

    I am going to answer your questions here in your topic...

    First of all, I see no malware. I am sure that the McAfee program is what was causing the issues.

    Back in the days of Windows Vista, Windows Defender was designed as an AntiSpyware program and also came preinstalled on Win7, then Windows Defender was redesigned for Windows 8 and above (Win10) as an Antivirus based on Microsoft Security Essentials and is updated through the Windows Updates applet. If you want to uninstall Avast you will still be protected. Just make sure that Windows Defender is enabled if you choose to uninstall Avast.

    I know you aren't online a lot, except to research genealogy and I assume you have many precious documents saved to your computer. File encrypting ransomeware is on the rise and I know that some sites can be very shady. I think it is best of you install Cryptoprevent to protect your precious documents from file encrypting ransomeware. If you don't have backups of these files they could be lost forever. This is some nasty stuff that is going around so make backups of ALL your research.

    1. Download CryptoPrevent free for home use >>here <<following the instructions below.
    2. Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
    3. Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
    4. You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
    5. You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
    6. You will then be prompted to apply all default protections. Answer Yes.
    7. You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    8. That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

    Next:

    Here's another program that you would benefit from if you use external storage devices.

    Download McShield2 to your desktop and install with default settings.
    In the control center, select scanner and check unhide items on flash drives

    Anytime you plug in an external storage device such as USB drive, phone, etc., McShield will scan the device to make sure it is clean.

    Next:

    There are a few things that need to be fixed on your system. I also noticed no hint of any GWX (Get Windows 10) files on your system. I included a reg fix that will prevent Windows Updates from allowing the upgrade to download.

    Please do as follows:

    You have the Farbar Recovery Scan Tool located in your downloads folder. See below:

    Running from C:\Users\Arlene\Downloads

    I need you to copy and paste the following fix script into notepad (not wordpad) and save it in the same location, your downloads folder or FRST won't be able to find the fix when you click on the Fix button. Ok?

    • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
    • Please copy the entire contents from start to end of the code box below.
      (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    • Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.

      Code:
      start
      CreateRestorePoint:
      CloseProcesses:
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-01-07]
      ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US105D20150217&p={searchTerms}
      CHR DefaultSearchKeyword: Default -> mcafee
      S2 0315131452192361mcinstcleanup; C:\Users\Arlene\AppData\Local\Temp\031513~1.EXE [882000 2015-07-23] (McAfee, Inc.)
      S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
      C:\Program Files\McAfee
      C:\ProgramData\McAfee
      C:\Program Files (x86)\McAfee
      C:\WINDOWS\System32\Tasks\McAfee
      FirewallRules: [{405AED7F-928B-4346-AE6C-35E214F5BFEA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
      FirewallRules: [{815D41D3-20DF-4445-A333-FA189E0BE513}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
      FirewallRules: [{AC835269-102F-423E-823D-95D1511ECED0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
      C:\Program Files\Common Files\mcafee
      Reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX /v DisableGWX /t Reg_Dword /d 0x1 /f
      Reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade /v AllowOSUpgrade /t Reg_Dword /d 0x0 /f
      Reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade /v ReservationsAllowed /t Reg_Dword /d 0x0 /f
      Reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v DisableOSUpgrade /t Reg_Dword /d 0x1 /f
      Hosts:
      EmptyTemp:
      end
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.


    Logs In need you to post on your next reply:

    Fixlog.txt

    Last edited by DonnaB; 01-10-2016 at 05:02 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member
    Join Date
    Jan 2016
    Posts
    4
    Points
    0

    Default

    I don't see anything here to dl Arlene

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    The dl's are in the post above. I'll the dl links and the instructions again below:

    1. Download CryptoPrevent free for home use from >>HERE<< and install by following the instructions below.
    2. Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
    3. Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
    4. You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
    5. You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
    6. You will then be prompted to apply all default protections. Answer Yes.
    7. You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    8. That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

    Next:

    Download McShield2 to your desktop and install with default settings from >>HERE<<.
    In the control center, select scanner and check unhide items on flash drives.

    Anytime you plug in a USB drive, McShield will scan the device.

    Post back here when you are done downloading those 2 programs.

    Since you refreshed the PC, those Windows 10 upgrades may come down through Windows Updates and I would like for you to run a registry script that prevent you from being nagged about getting Windows 10.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"