Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old July 15th, 2018, 01:10 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
Dynamic IP address flagged blocked

Hi,
I'm posting this here, and hope it's posted in the right spot. My Mom is having a problem with her Windows 10 computer. It involves sending email from any email program in her computer. Somehow, her IP address was blocked/blacklisted by an outfit called Cloudmark. When the problem first arose, I contacted her internet provider (Mediacom) and even talked to a supervisor and they said they could NOT help me. At all. After sending numerous emails to Cloudmark, and filling out online forms, they finally agreed to remediate her ip address, even though they said the provider should do so, and Cloudmark doesn't normally work with individuals, and dynamic addresses, only companies. She runs an antivirus program (McAfee) and I also ran Malwarebytes, and it turned up nothing. She CAN send email from her webmail through mediacom, but doesn't like it and at 83 years young, it's much more confusing for her. She was using Thunderbird email when this problem first started. After Cloudmark 'fixed' the problem, within 3-4 days, the problem was back, so there's got to be a 'bug' in her computer, or something else I'm not familiar with. Here is the error she gets if she tries to send an email from Thunderbird, or any other 'in house' email program:
"An error occurred sending mail: The mail server sent an incorrect greeting: njtocomv01 Mediacom B4mafX4eLMklx POL103 173.30.160.91 is listed on Cloudmark CSI-Global. Please visit:https://csi.cloudmark.com/en/reset?ip=173.30.160.91 ESMTP server not available." I'm sure you'll need more info and I'll be glad to provide it. Any and all help/tips will be much appreciated. (For the record, her provider, Mediacom, said she could get a new router and that would assign her a new ip address, but if there's a 'bug' in her machine, the problem may present itself again?) thanks
Reply With Quote
  #2  
Old July 17th, 2018, 11:36 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello k9mom007 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check your the system.

I Would like you to do the following

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old July 17th, 2018, 11:34 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
results of frst txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by vern (administrator) on CAROLANN (17-07-2018 18:32:39)
Running from C:\Users\vern\Downloads
Loaded Profiles: vern (Available Profiles: vern & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.747\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\pcdrwi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Farbar) C:\Users\vern\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-04-24] (Hewlett-Packard Co.)
HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-4235110116-143568719-509401355-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-06-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.747\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7a3ad203-0f58-459a-844c-cb1519a74469}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ae449e5f-c059-4bca-9817-306b9f28041a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4235110116-143568719-509401355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4235110116-143568719-509401355-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> DefaultScope {776E85C1-E013-40BF-AA25-1CE74D99E5C8} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US84D20151114&p={searchT erms}
SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL =
SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> {776E85C1-E013-40BF-AA25-1CE74D99E5C8} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US84D20151114&p={searchT erms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.)

Edge:
======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-14]

FireFox:
========
FF ProfilePath: C:\Users\vern\AppData\Roaming\Postbox\Profiles\63i p5ju5.default [2018-07-15]
FF ProfilePath: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default [2018-03-02]
FF Homepage: Mozilla\Firefox\Profiles\qr68upw5.default -> www.google.com
FF Extension: (Search and New Tab by Yahoo) - C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-08-04] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] [Legacy]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-08-09] [Legacy]
FF SearchPlugin: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\searchplugins\McSiteAdvisor. xml [2015-11-14]
FF SearchPlugin: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\searchplugins\yahoo-ysp.xml [2016-08-04]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_ 134.dll [2018-07-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_ 134.dll [2018-07-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp .dll [2013-06-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Adobe Acrobat) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-03-03]
CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho [2018-07-06]
CHR Extension: (Skype) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl [2017-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-06-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx [2014-07-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe [1508656 2018-05-03] (McAfee, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\DSAPI.exe [935744 2018-07-17] (PC-Doctor, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.747\McCHSvc.exe [405400 2018-06-18] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-07] (McAfee, Inc.)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [135816 2018-06-28] (Microsoft Corporation)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [45016 2018-07-08] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-17 18:28 - 2018-07-17 18:29 - 000055716 _____ C:\Users\vern\Downloads\Addition.txt
2018-07-17 18:26 - 2018-07-17 18:32 - 000023509 _____ C:\Users\vern\Downloads\FRST.txt
2018-07-17 18:25 - 2018-07-17 18:32 - 000000000 ____D C:\FRST
2018-07-17 18:24 - 2018-07-17 18:24 - 002412544 _____ (Farbar) C:\Users\vern\Downloads\FRST64 (1).exe
2018-07-17 18:23 - 2018-07-17 18:23 - 002412544 _____ (Farbar) C:\Users\vern\Downloads\FRST64.exe
2018-07-17 15:46 - 2018-07-17 15:46 - 000002237 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-07-15 11:26 - 2018-07-15 11:26 - 000000542 _____ C:\Users\vern\Desktop\How to attach a picture to an email on webmail.txt
2018-07-15 10:56 - 2018-07-15 10:56 - 000000759 _____ C:\Users\vern\Desktop\Music - Shortcut.lnk
2018-07-09 12:15 - 2018-07-09 12:15 - 000003144 _____ C:\WINDOWS\System32\Tasks\SmartByte Telemetry
2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\ProgramData\RivetNetworks
2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rivet Networks
2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\Program Files\Rivet Networks
2018-07-08 17:37 - 2018-07-08 17:37 - 000002211 _____ C:\Users\vern\Downloads\100_3873.JPG - Shortcut.download
2018-07-08 17:37 - 2018-07-08 17:37 - 000002211 _____ C:\Users\vern\Downloads\100_3873.JPG - Shortcut (1).download
2018-07-07 22:10 - 2018-07-07 22:11 - 000002595 _____ C:\Users\vern\Downloads\deck.zip
2018-07-07 22:10 - 2018-07-07 22:11 - 000002595 _____ C:\Users\vern\Downloads\deck (1).zip
2018-07-07 08:13 - 2018-07-07 08:13 - 000102146 _____ C:\Users\vern\Desktop\this year thousands of men will die
2018-07-05 04:59 - 2018-07-05 04:59 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt
2018-07-02 19:20 - 2018-07-02 19:20 - 000002211 _____ C:\Users\vern\Downloads\100_3872.JPG - Shortcut (1).download
2018-07-02 19:08 - 2018-07-02 19:08 - 000002211 _____ C:\Users\vern\Downloads\100_3872.JPG - Shortcut.download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut.download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (7).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (6).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (5).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (4).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (3).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (2).download
2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (1).download
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3873 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3872 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3871 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3869 (2).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3869 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3868 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3867 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3866 (1).JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3873.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3872.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3871.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3870.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3868.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3867.JPG - Shortcut.lnk
2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3866.JPG - Shortcut.lnk
2018-07-01 09:23 - 2018-07-01 09:23 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-06-25 06:22 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-06-23 14:45 - 2018-06-23 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-06-23 14:45 - 2018-06-23 14:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-17 18:22 - 2012-08-10 01:22 - 000000000 ____D C:\Users\vern\AppData\Roaming\Skype
2018-07-17 18:17 - 2018-01-18 12:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-17 17:46 - 2018-06-14 14:24 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-07-17 17:03 - 2018-01-18 13:19 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{3EF9CE7F-932A-42D6-A35F-9BB9118DC536}
2018-07-17 15:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-17 15:52 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-07-17 15:47 - 2018-05-17 11:28 - 000004240 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-07-17 15:46 - 2018-01-18 12:56 - 000000000 ____D C:\Users\vern\AppData\Local\Packages
2018-07-17 15:46 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-17 15:46 - 2012-08-04 12:22 - 000000000 ____D C:\ProgramData\PCDr
2018-07-17 15:46 - 2012-07-05 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-07-17 15:45 - 2017-06-26 11:26 - 000000000 ____D C:\ProgramData\SupportAssist
2018-07-17 11:50 - 2018-01-18 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 10:50 - 2016-09-25 04:11 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-07-17 10:50 - 2016-09-25 04:11 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-07-17 10:50 - 2012-07-05 08:58 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-07-17 10:49 - 2018-01-18 13:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-17 10:49 - 2018-01-18 12:55 - 000000000 ____D C:\Users\vern
2018-07-17 08:10 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-07-12 18:40 - 2017-09-29 04:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-07-12 08:11 - 2018-01-12 00:58 - 000000000 ____D C:\Program Files\rempl
2018-07-12 04:25 - 2018-01-18 13:19 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-12 04:25 - 2015-04-10 06:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-11 06:50 - 2013-08-07 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 06:47 - 2012-08-03 00:36 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-11 06:46 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 02:23 - 2018-03-13 12:23 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-11 02:23 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-11 02:23 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-05 05:04 - 2017-07-10 07:34 - 000000296 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2018-07-05 04:09 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-03 17:42 - 2018-01-18 12:46 - 000294024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-02 17:40 - 2016-12-10 17:15 - 000000000 ____D C:\Users\vern\AppData\LocalLow\Mozilla
2018-06-28 14:33 - 2013-11-09 18:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-06-28 08:00 - 2018-01-18 13:19 - 000003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-06-25 18:23 - 2016-05-17 18:28 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-23 14:45 - 2018-01-27 15:45 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-06-23 14:45 - 2015-11-21 15:49 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-06-23 04:16 - 2018-01-18 13:19 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4235110116-143568719-509401355-1000
2018-06-23 04:16 - 2016-05-19 09:20 - 000002402 _____ C:\Users\vern\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive.lnk
2018-06-23 04:16 - 2016-05-19 09:20 - 000000000 ___RD C:\Users\vern\OneDrive
2018-06-22 21:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2014-09-06 15:01 - 2014-09-06 15:01 - 000000043 _____ () C:\Users\vern\AppData\Roaming\WB.CFG
2012-11-05 19:07 - 2012-11-05 19:07 - 000000236 _____ () C:\Users\vern\AppData\Local\LaunchHomeCenter.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-08 06:11

==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old July 17th, 2018, 11:38 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
addition txt

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123simsen.com -> www.123simsen.com

There are 7864 more sites.
Reply With Quote
  #5  
Old July 17th, 2018, 11:38 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-06-23 14:45 - 000445158 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15281 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4235110116-143568719-509401355-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "AccuWeatherWidget"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\StartupApproved\Run: => "HP ENVY 5660 series (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C347F97-C09A-4258-B6D1-D324EDC54EB3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{4919E637-9A02-4F14-8104-19D85CF9070A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{FB62EEBF-2F02-4BEB-8465-577C722FECA3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D9E61D8F-BAA6-4B91-BA35-6B84BA6C27DB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B7C963D5-C83C-47F5-BAAD-11FAA02262BD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{28251915-38D1-4535-B45C-ADDA02370666}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{4B9891A0-AABB-4EA1-8E40-971865CFDDCB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1054DFB9-38B2-4D67-BA9A-A512268BD4F5}] => (Allow) LPort=2869
FirewallRules: [{758E4EC3-0618-44F5-98A5-4EF1A2D6BA56}] => (Allow) LPort=1900
FirewallRules: [{B397B24C-30B9-4477-9756-FA49E0514712}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B6997361-7990-4141-8753-32FF77D9CD01}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{242E0CA0-EC49-496A-BB46-46A9DC8DF185}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B30E2927-01AE-4F30-A533-3F2C1F5E5C77}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1417C179-1F5F-4B21-8569-09C6342EB056}] => (Allow) LPort=9700
FirewallRules: [{2B7603DB-4B28-4CB6-A094-E059A600E25E}] => (Allow) LPort=9701
FirewallRules: [{39317CA8-EFE2-42BC-984F-5A0077EC6006}] => (Allow) LPort=9702
FirewallRules: [{6601EF2F-D7D6-4409-B1FD-4EBD6F7846E5}] => (Allow) LPort=9700
FirewallRules: [{FDB94704-D332-48F5-A53C-F6883800F82B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{A7E63F26-114B-4016-A304-9D664A2167B9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{9B884FB5-EB8A-4E5F-98D2-6E028421FE1F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{0309144D-543D-4751-9E41-9D72AF6FDFE8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{1DFCBA86-53DD-401C-A082-17BA4586378D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{68EE0F7E-19B2-4E98-9EB3-1F895EBF8565}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{72988CE1-278A-4A11-9F6C-9EE34B06FE4B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{CC940C1F-22AA-4F7D-B952-D698E6D3E1C0}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{DAC00BA1-2594-4E48-9F8C-BDCFF8B7ED7A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{3A3733DC-9A19-460C-9517-5C4B4BDA750B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{A6554DF4-38AB-4D2C-8A17-530F7867ECA2}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{FB6D947C-9832-4110-B089-A366E614C4E1}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{1FE74D94-97FA-4D1E-84D7-A4A58BB6E8EC}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{FFB8F238-16A9-4EFB-8062-9863FD4A3AA7}] => (Allow) LPort=5353
FirewallRules: [{A71F3AFD-9B09-438F-912D-A6FE619AA5DD}] => (Allow) LPort=9322
FirewallRules: [{C17D7FB6-E218-4D50-A97E-892FD0165D15}] => (Allow) LPort=5353
FirewallRules: [{DE9E9FBC-7CEB-4BB5-AD88-7C60104CEAF8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{24C149C8-9D4E-46A9-ADE6-1D78F97EE814}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D768075B-5D7D-4D03-91DE-30893260739A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{914928FA-4261-487F-8FA7-D42D48E9E43F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{6DD8274C-3300-4DF4-AE8B-B6F9F47C7039}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0BA203-9836-42EF-9AD3-E89C4B06CA5B}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{F5F3C152-1608-429F-A9D4-04A8D106CA43}] => (Allow) LPort=5357
FirewallRules: [{92E8EDC5-11C7-4255-A875-F05EF1857D75}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5EFC6922-CCBE-47F5-B193-0DC5D67B3C95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC4B39A6-F4DE-47C5-AC61-A1014C92BADC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23F6A41E-59DC-45AA-B7D0-DF6BCCFF31E4}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0769\HPDiagnos ticCoreUI.exe
FirewallRules: [{5C8B94CA-6103-4E65-9443-21E097FF7093}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0769\HPDiagnos ticCoreUI.exe
FirewallRules: [{B355E2AE-05A3-40FE-AC60-D61CAD202402}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0DC0\HPDiagnos ticCoreUI.exe
FirewallRules: [{56EBF397-293A-4F11-854F-491A66077356}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0DC0\HPDiagnos ticCoreUI.exe
FirewallRules: [{1951EE15-8C6A-4F00-A293-695021E464C7}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS2702\HPDiagnos ticCoreUI.exe
FirewallRules: [{A69D0927-1ECD-4AD2-A414-2C67A390504A}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS2702\HPDiagnos ticCoreUI.exe
FirewallRules: [{63FE7D8D-6584-4332-B2CF-384475E6C4BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-06-2018 17:45:32 Windows Update
02-07-2018 21:18:21 Windows Update
11-07-2018 06:45:28 Windows Update
11-07-2018 06:46:09 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2018 04:14:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x06986e65
Faulting process id: 0x488
Faulting application start time: 0x01d41da60d8a4aa4
Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e
Faulting module path: unknown
Report Id: c836e807-305e-4195-8a98-e594d13eb1a1
Faulting package full name:
Faulting package-relative application ID:

Error: (07/17/2018 04:14:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TelemetryUtility.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at TelemetryUtility.Program.TelemetrySendTimes()
at System.Threading.ThreadHelper.ThreadStart_Context( System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (07/14/2018 04:14:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x06a76cb5
Faulting process id: 0x1b18
Faulting application start time: 0x01d41b4a8e53b3e2
Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e
Faulting module path: unknown
Report Id: ea424fba-c1ea-4a74-879a-39effcead457
Faulting package full name:
Faulting package-relative application ID:

Error: (07/14/2018 04:14:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TelemetryUtility.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at TelemetryUtility.Program.TelemetrySendTimes()
at System.Threading.ThreadHelper.ThreadStart_Context( System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (07/11/2018 04:14:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x06496cb5
Faulting process id: 0xc98
Faulting application start time: 0x01d418ef0f1542e3
Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e
Faulting module path: unknown
Report Id: f4d84a52-d017-40fc-8428-2747d5b755a7
Faulting package full name:
Faulting package-relative application ID:

Error: (07/11/2018 04:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TelemetryUtility.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at TelemetryUtility.Program.TelemetrySendTimes()
at System.Threading.ThreadHelper.ThreadStart_Context( System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (07/08/2018 04:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x06f16e65
Faulting process id: 0x2e58
Faulting application start time: 0x01d416938fe6704b
Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e
Faulting module path: unknown
Report Id: e848399e-a998-4dd8-b165-3dff292c0bac
Faulting package full name:
Faulting package-relative application ID:

Error: (07/08/2018 04:14:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TelemetryUtility.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at TelemetryUtility.Program.TelemetrySendTimes()
at System.Threading.ThreadHelper.ThreadStart_Context( System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (07/17/2018 06:17:17 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2018 05:16:32 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2018 05:05:34 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s).

Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s).

Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s).

Error: (07/17/2018 03:42:20 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2018 03:03:49 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-05-08 21:59:19.354
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-08 21:59:18.663
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-08 21:59:10.930
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-08 21:59:10.427
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-05 16:58:53.938
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 6056.63 MB
Available physical RAM: 2934.23 MB
Total Virtual: 7144.63 MB
Available Virtual: 3083.4 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:913.93 GB) (Free:843.66 GB) NTFS
Drive d: (dvdcopytry) (CDROM) (Total:0.85 GB) (Free:0 GB) UDF

\\?\Volume{287a2538-c6ae-11e1-a66c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:17.55 GB) (Free:6.29 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0F6F242E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=17.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #6  
Old July 18th, 2018, 04:31 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi k9mom007, thanks for the logs.



But, the additional log seems to be missing. Could you send the additional log again. Thanks.


Have a nice day.
Reply With Quote
  #7  
Old July 18th, 2018, 05:03 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
Yes I posted the addition log. I had to post it in two separate replies because there were too many characters
Reply With Quote
  #8  
Old July 18th, 2018, 10:15 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Quote:
Originally Posted by k9mom007 View Post
Yes I posted the addition log. I had to post it in two separate replies because there were too many characters

I understand. Some sections on the log are missing. Could you send just the additional log file again.You can also send it with wikisend.com if necessary.
Reply With Quote
  #9  
Old July 21st, 2018, 10:02 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
Sorry for the delay. I've got some sort of flu and don't want to expose my parents to it. It's their computer I'm working on. If you will kindly have patience with me, I will repost the Addition text as soon as I'm well enough to go to their home. Regards...Janice
Reply With Quote
  #10  
Old July 22nd, 2018, 10:07 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Okay. I am waiting. Get better soon.


Best regards.
Reply With Quote
  #11  
Old July 22nd, 2018, 10:11 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
Thank you so much for your understanding. As soon as I'm not contagious, I will go to their home and do what you ask.
Reply With Quote
  #12  
Old July 30th, 2018, 11:08 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
just wanted you to know I have not forgotten you or this topic. I will be well enough to go to my parents home (where the computer is) tomorrow evening. Thank you for your patience!
Reply With Quote
  #13  
Old August 8th, 2018, 12:13 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Quote:
Originally Posted by k9mom007 View Post
just wanted you to know I have not forgotten you or this topic. I will be well enough to go to my parents home (where the computer is) tomorrow evening. Thank you for your patience!
Okay. I am waiting.
Reply With Quote
  #14  
Old August 8th, 2018, 12:54 AM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
I appreciate your patience more than you know. It has been a terrible time. I still want to fix the problem. I will be back with you soon
Reply With Quote
  #15  
Old August 26th, 2018, 04:16 PM
k9mom007's Avatar
k9mom007 k9mom007 is offline
Senior Member
 
Join Date: Sep 2005
O/S: Windows XP Pro
Location: n.e. indiana
Posts: 273
I'm back. Hope this link works. Uploaded the addition txt to wikisend Addition.txt
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Static/dynamic IP address TETO Networking 1 April 16th, 2010 08:07 PM
Getting A0013811.exe flagged by PcCillian jeepgal1 Malware Removal 9 March 13th, 2007 01:34 AM
Dynamic IP problem Lubricant_Larry Networking 1 November 11th, 2005 05:42 PM
How do I import an address book from one address to the other in outlook express? ForMadMenOnly Applications 2 June 1st, 2004 11:16 AM


All times are GMT +1. The time now is 10:00 AM.