Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Corrine

Pages: [1] 2 3 ... 812
1
Just click the Windows logo and locate Pale Moon.  Right-click and select "Pin to start".

2
Very strange.  Let's try it this way:

Note:  This time you will again need to press the "Search Registry" button. 

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: These instructions were written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Please copy the following in the search area:  avira
  • Press the Search Registry button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.

3
You mentioned that you are using Pale Moon now.  Note that Edge is still listed as your primary browser, which is fine or you can change it to Pale Moon under Tools > Preferences > General.

It appears that the Avira remnants are buried in the registry.  We'll see if FRST can dig out the location and then remove it along with the additional remnants that popped up

Note:  This time you will need to press the "Search Registry" button. 

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: These instructions were written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Please copy the following in the search area:  F665F2B2-DF77-27D1-BDD8-9197742422E4
  • Press the Search Registry button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.

4
thank you so much Corrine
removed everything  8)
except this little ditty??

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

Let's see if the ESET AV Removal Tool works.  I double-checked and it includes Avira.  Select the 32-bit AV Remover and follow the instructions at [KB3527] ESET AV Remover—List of removable applications and instructions to run the tool.

Again, the FRST.txt log is so long it got cut off.  Please relaunch it and locate the line shown below.  Copy/paste everything following that line and paste it in your next reply.

5
Analysis and Malware Removal / Re: Windows 10 loaded on laptop....
« on: January 18, 2020, 09:11:27 PM »
Good job, G! 

Three hours for the ESET scan!  That is a long time.  Did you uninstall the programs I listed and follow the instructions for Avira?  It wouldn't hurt to post fresh FRST logs to see if there are any leftovers from their removal.  To do so,
  • Run the FRST as you did before.
  • Press Scan button.
  • Please copy/paste both logs in your reply.

6
Safe to use?
Yes.  In fact the current release is Release v0.14.1:
Quote
This is patch release to fix a regression introduced in 0.14.0. (#840 was issue #). It also includes one fix for FancyZones to not interfere with full screen applications (#306).

7
Analysis and Malware Removal / Re: Windows 10 loaded on laptop....
« on: January 18, 2020, 03:07:03 PM »
Please do the following:

1.  Go to Control Panel\All Control Panel Items\Programs and Features and uninstall the following programs, leftovers from the upgrade to Windows 10.
  • Microsoft Silverlight
  • Windows Live Mesh ActiveX Control for Remote Connections
  • ESU for Microsoft Windows 7 SP1
  • Microsoft Office XP Professional*
*Windows Vista is the last operating system that supported Microsoft Office XP Professional. 

2.  The logs show that Windows Firewall is disabled.  Please follow the instructions at Turn Windows Defender Firewall on or off to enable Windows Firewall.

3.  Since Avira is no longer installed on your computer, I suggest you follow the instructions at https://support.avira.com/hc/en-us/articles/360002858514-How-do-I-perform-a-manual-reinstallation-of-my-Avira-Antivirus-product-?utm_source=CS&utm_medium=KB for Windows 10, including running the Avira Registry Cleaner.

3.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [HideSCAVolume] 1
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-01-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
C:\Program Files (x86)\Common Files\wruninstall.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0E70AE0A-50D3-4CD7-85EF-054CA1C1ED20} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {121A23D9-689C-4BF0-8DFA-D45D62550D19} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {16C3F228-651D-4A21-9738-012AB9C2EAED} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {17AF5E85-3140-44FA-B2DE-59F03DEFC3AD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {2279200F-B4DE-4FD2-8A63-4E188CFFFB9E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {270C9FC5-ABF2-4C0E-A65E-DECA34EB18DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4763D67E-5D44-4E56-946A-636869FADB00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EC42F8A-DD7E-47EE-87A4-EC4D88B70802} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56D36459-E022-4EBB-9CA6-6FF989F84717} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EE92166-59A0-4642-9DF3-A2DF2DAE1AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61ACD53F-07CF-4DBF-9861-D8A2B7547BB0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78A4DE43-B0FA-412C-B081-3D53E32D222C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AC0A72E-E3C8-4057-B970-71D4A7B46BF5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9C1992C6-7283-4B32-9960-5A06A6EAA897} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D2FB2ED-EDA7-44AA-860C-313A7F3C64F1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC1612F0-B87F-4930-A132-F980064C99E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4F92E13-73AE-4B30-9FF0-D859A8EA32AD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DD0CA-CFDB-4D3F-85C8-A1FCDBA58FA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6517D15-F9A8-4140-86A8-7DBAD289294B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBAB7799-4094-471F-A379-66A692E7F94F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCCE8766-ABC4-4171-B03C-9BDE39D846FA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D8005743-284D-4CB6-8401-64F81F02BCBC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D9DCADC3-9A87-4C80-BDD0-8AA180488202} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB4EEFBB-5066-49F2-96C9-F63899D602DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E4D3074F-4029-4C85-B289-5ED38DC8043D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
C:\WINDOWS\ehome
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\startupreg: jv16 PT 2017 (Startup Optimizer) => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /StartupOptimizer /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
4.  Please do a scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

8
Analysis and Malware Removal / Re: Windows 10 loaded on laptop....
« on: January 17, 2020, 10:34:53 PM »
What above Avira?  Can you access it?  As I indicated, it is not shown in Installed Programs.

By the way, it has been a long day for me so I'm going to wait until I've had sufficient coffee tomorrow and take a close look at your logs.

9
Analysis and Malware Removal / Re: Windows 10 loaded on laptop....
« on: January 17, 2020, 10:20:31 PM »
I deleted two of your posts that were partial duplicates of your FRST log and edited .  I also edited Reply #6 to remove what was duplicated in the initial FRST log, also labeling it as FRST.txt continued.  I have the feeling that the FRST.txt you had copied was still in memory and, as a result, still need the rest of the Addition.txt log.  Because of the upgrade from Windows 7 to Windows 10, the logs are extremely long.

Please do the following:

1. Go to C:\Users\Gordon & Nancy\Desktop\Junk and open Addition.txt. 
2. Locate "==================== Faulty Device Manager Devices ============="
3. Copy paste the lines after that to the end of the log which will have the following: 
==================== End of Addition.txt ============================

As to Avira, if you look at the Additiona.txt log under "Installed Programs", note that Avira is not listed:

Quote
ACDSeePro (HKLM-x32\...\ACDSeePro) (Version: 9.3.0.545 - ACD Systems International Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2169, 08.01.2020 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)

10
Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:

Quote
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

Security Advisory ADV200001

11
Analysis and Malware Removal / Re: Windows 10 loaded on laptop....
« on: January 17, 2020, 05:56:04 PM »
Hi, G.

I'm glad the driver update worked.  I was about to post a link to the solution on the HP site. 

It appears you had Avira installed on this device at one time but it isn't showing in installed programs and you have Windows Defender set as your AV.  I suggest you go to Select Start > Settings > Update & Security > Windows Security > Virus & threat protection > Manage settings and uncheck Avira.

At one time did you have Windows Media Center installed on this device?

Your logs are incomplete due to the length.  Please do the following:

-- open the FRST log and locate "2020-01-16 00:24 - 2020-01-16 00:24 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dl".  Copy/paste the rest of the log and post it in your next reply. 

-- open the Addition.txt and locate "==================== Faulty Device Manager Devices ============='.  Copy/paste the rest of the log and post it in your next reply. 

12
Great!

13
Suggestions and Site Feedback / Re: Not saving log in password Edge
« on: January 17, 2020, 05:02:10 PM »
You won't get a pop-up because the SMF Forum software password save option is different.  After you type your usename and password, in the next box click the arrow and select "forever".


14
Suggestions and Site Feedback / Re: Not saving log in password Edge
« on: January 17, 2020, 02:04:46 PM »
That is strange.  I generally use Pale Moon on the forums due to the extensions that I use throughout the day.  However, I launched Edge and first went to edge://settings/passwords and confirmed that both "Offer to save passwords" and "Sign in automatically" were set to on.  There were no sites/passwords listed since I don't generally use Edge on this device but rather use Edge Dev on my other PC.  After logging in, I closed Edge and then launched it again.  I was automatically logged in. 

15
Done as in upgraded to Windows 10?

Pages: [1] 2 3 ... 812