Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplorer.exe and Schvostes.exe 2: The Electric Boogaloo


  • Please log in to reply
40 replies to this topic

#1 BuckJogSkiff

BuckJogSkiff

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 24 June 2017 - 02:42 AM

Just came from this topic.

 

https://www.bleepingcomputer.com/forums/t/646160/found-trojanagent-gen-dropper/page-2

 

The good news is there is no Malware, but the problems persist. The CPU starts shooting up in high spikes all of a sudden while casual browsing on Internet Explorer. Task Manager shows several iexplorer.exe and processes. Sites and things like Discord which I have been able to use without trouble suddenly cause freeze hangs or CPU crashes. Especially with those with high image use.The times Internet Explorer can be shut down when this happens, Task Manager still shows Internet Explorer as open, with high Physical Memory Usage. Having one Internet Explorer tab open while in Clean Boot Mode with no other applications shows the CPU at 36% already. It easily spikes higher and higher during normal use. Certain applications will leave shells on Task Manager after being closed, such as Acrobat Reader.

 

The problem has been ongoing for a while, from CPU Memory spikes to more frequent freeze crashes. I'm happy for any additional help.



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 PM

Posted 24 June 2017 - 04:51 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

 

Louis



#3 sflatechguy

sflatechguy

  • BC Advisor
  • 2,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 25 June 2017 - 09:34 AM

Is your version of IE up to date?

Have you tried using a different browser? Or is there is reason why you have to use IE?



#4 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 26 June 2017 - 01:46 AM

Will do. As far as I can tell it this version of IE is updated. I was advised to install Firefox in the last help topic too. It installed, then never opened up, but froze when opening up. Now checking it over, Firefox mysteriously launches all of a sudden. I'm leery of switching to anything else or updating anything other then standard application Updates ever since the infamous Microsoft Update problem gave me trouble.



#5 sflatechguy

sflatechguy

  • BC Advisor
  • 2,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 26 June 2017 - 08:02 AM

Not to pre-empt others who have been assisting you, but based on that it sounds as if the malware damaged your OS. You may need to run a repair install to fix these issues -- but let's wait for the system info @hamluis requested before going that route.



#6 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 28 June 2017 - 05:28 AM

The only one found from the previous topic was that Candy malware, though. I've having trouble just downloading minitoolbox and Speccy as using Bleeping Computer alone causes crashes, I'll keep trying to get those specs.



#7 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 29 June 2017 - 04:21 AM

That took some doing. Here are the Specs:

 

 

MiniToolBox Log:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Bendlebender (administrator) on 29-06-2017 at 04:07:51
Running from "C:\Users\Bendlebender\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Studio 1558 Manufacturer: Dell Inc.

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2017 04:20:31 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not defragmented because an error was encountered: The dirty bit is set on this volume. (0x89000015).

 

Error: (06/15/2017 11:20:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 04:51:02 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'

   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 04:41:13 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 03:23:18 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 03:14:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18450, time stamp: 0x57c77728
Faulting module name: MSHTML.dll, version: 11.0.9600.18450, time stamp: 0x57c79ab7
Exception code: 0xc0000005

Fault offset: 0x00fc83d9
Faulting process id: 0xd4c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

 

Error: (06/14/2017 11:18:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/13/2017 11:18:48 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/12/2017 11:07:15 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/12/2017 12:47:24 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

System errors:
=============
Error: (06/29/2017 03:47:33 AM) (Source: Service Control Manager) (User: )
Description: The aswbIDSAgent service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

 

Error: (06/29/2017 03:47:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the aswbIDSAgent service to connect.

 

Error: (06/29/2017 03:46:24 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:44:23 AM on ‎6/‎29/‎2017 was unexpected.

 

Error: (06/29/2017 03:39:53 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

 

Error: (06/28/2017 02:31:32 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:29:40 AM on ‎6/‎28/‎2017 was unexpected.

 

Error: (06/28/2017 12:16:34 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

 

Error: (06/26/2017 02:05:35 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:47:46 AM on ‎6/‎26/‎2017 was unexpected.

 

Error: (06/25/2017 05:50:03 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

 

Error: (06/24/2017 11:44:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (06/24/2017 02:45:23 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:43:23 AM on ‎6/‎24/‎2017 was unexpected.

 

Microsoft Office Sessions:
=========================
Error: (06/16/2017 04:20:31 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)The dirty bit is set on this volume. (0x89000015)

 

Error: (06/15/2017 11:20:13 PM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 04:51:02 AM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 04:41:13 AM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 03:23:18 AM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/15/2017 03:14:20 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1845057c77728MSHTML.dll11.0.9600.1845057c79ab7c000000500fc83d9d4c01d2e59 1bf30a49 1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dlla1d2fd1c-51a2-11e7-9e1b-f04da251bf52

 

Error: (06/14/2017 11:18:13 PM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/13/2017 11:18:48 PM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/12/2017 11:07:15 PM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'

   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

Error: (06/12/2017 12:47:24 AM) (Source: Swapdrive Backup)(User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

 

CodeIntegrity Errors:
===================================
  Date: 2016-09-25 00:46:39.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\wow64_microsoft-windows- appid_31bf3856ad364e35_6.1.7601.23455_none_ c0 25ec16 1664fa1b\appidapi.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-09-25 00:46:35.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\c4154e707216b0f9ca48a8462c2fdd9e\inst\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23455_none_b5d141c3e2043820\appidapi.dll because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================

7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0601.2151 - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Baldur's Gate™ II - Shadows of Amn™ Bonus CD (HKLM-x32\...\{014585C8-7557-11D4-9ABA-006067325E47}) (Version:  - )
Baldur's Gate™ II - Throne of Bhaal ™ (HKLM-x32\...\{B8C3B479-1716-11D5-968A-0050BA84F5F7}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
ccc-core-static (HKLM-x32\...\{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}) (Version: 2010.0601.2152.37421 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Circle of Eight Modpack version 6.1.0 NC (HKLM-x32\...\{F25E8F2C-8443-42B6-A232-9236A74507C5}_is1) (Version: 6.1.0 NC - Circle of Eight)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Creature Chaos 4.22 (HKLM-x32\...\{BA6A41DC-603B-49D5-AC40-2A125DFF6DB8}_is1) (Version:  - Creature Chaos Mod Team)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DJ OldGames Package: Stronghold (HKLM-x32\...\Stronghold63) (Version: 1.0.3.0 - DJ)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GrafX2 (GNU GPL) (HKLM-x32\...\Grafx2-SDL) (Version: 2.4.wip2035 - )
HHD Software Free Hex Editor Neo 5.14 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version:  - )
Impossible Creatures (HKLM-x32\...\Impossible Creatures 1.0) (Version:  - )
Impossible Creatures 1.0.1 (HKLM-x32\...\{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}) (Version: 1.0.1 - Microsoft)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 54.0 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0 (x64 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OHRRPGCE alectormancy+2 20120731 (HKLM-x32\...\Official Hamster Republic RPG Construction Engine_is1) (Version:  - Hamster Republic Productions)
PRC Pack (HKLM-x32\...\PRC Pack) (Version:  - )
Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.18 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Skins (HKLM-x32\...\{220D75B2-56A3-02AF-CF23-25520587D973}) (Version: 2010.0601.2152.37421 - ATI) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars Galactic Battlegrounds: Saga (HKLM-x32\...\{10133CDD-50B9-4783-B336-8B48F3653715}) (Version:  - )
Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

 

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3956.52 MB
Available physical RAM: 2519.74 MB
Total Virtual: 9954.71 MB
Available Virtual: 8422.18 MB

 

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:254.36 GB) NTFS
2 Drive d: (TOEE_PLAY) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

 

========================= Users: ========================================

User accounts for \\BLUEBEAST

Administrator            Bendlebender             Fat Wombat              
Guest                    KnockerCroc              Warchow 

                

**** End of log ****

 

 

The Speccy: http://speccy.piriform.com/results/EDAXW65X0Fvp6yckIlKGn1c


Edited by hamluis, 10 July 2017 - 09:02 PM.


#8 sflatechguy

sflatechguy

  • BC Advisor
  • 2,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 29 June 2017 - 07:05 AM

I see numerous errors for your Dell backups to the Internet, and for Internet Explorer. The IE errors could either be due to incorrect system settings, or may be caused by Adobe Flash. You can try uninstalling Flash, or go to Internet Option in IE, go to the Advanced tab, and click "reset". However, resetting will reset any custom security or privacy settings you may have configured, so note those before resetting.



#9 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 03 July 2017 - 02:28 AM

Trying to keep up, so there is no evidence of malware or malware damage? And thanks for the help.



#10 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 06 July 2017 - 03:41 AM

A post bump to the above, and I am going to try out the browser settings given the chance.



#11 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 06 July 2017 - 03:48 AM

I would also suggest you download and run Sysinternals' Process Explorer.

https://technet.microsoft.com/en-us/sysinternals/bb896653

Also, enable the VirusTotal check in Process Explorer by clicking on Options > VirusTotal.com > Check VirusTotal.com

 

You can get details on each process by double-clicking on the process name.

If you see anything suspicious, use the built-in Windows Snipping Tool to grab screen shots.

Post the images on a site such as Dropbox, Imgur, etc. and paste the links to the images in the thread.



#12 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 07 July 2017 - 03:14 AM

Process Explorer turned up two viruses in two same extensions of ZAM.exe, according to VirusTotal.com, Trojan/MSIL.Agents, which rated about 33 on the virus scale. ZAM.exe is the expired free trail of the Zemana Antimalware I downloaded per instructions from the last help topic. This is confusing because Zemana never turned up any malware like that, just OpenCandy.

 

The CPU is giving me grief regarding photosharing, I'll upload some shots when I can. Thanks for the help again.



#13 sflatechguy

sflatechguy

  • BC Advisor
  • 2,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:56 PM

Posted 07 July 2017 - 07:10 AM

It's possible Zemana found those files and tried to quarantine them. Where are these files located?



#14 BuckJogSkiff

BuckJogSkiff
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 08 July 2017 - 02:56 AM

C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe is the location. That doesn't seem out of the ordinary as far as I can tell.



#15 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 08 July 2017 - 03:17 AM

Did you try uploading that exact file to VirusTotal.com and scanning it there?

 

I would like to see the screen shot of Process Explorer's flagging of ZAM.exe.


Edited by jwoods301, 08 July 2017 - 03:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users