|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Dynamic IP address flagged blocked
Hi,
I'm posting this here, and hope it's posted in the right spot. My Mom is having a problem with her Windows 10 computer. It involves sending email from any email program in her computer. Somehow, her IP address was blocked/blacklisted by an outfit called Cloudmark. When the problem first arose, I contacted her internet provider (Mediacom) and even talked to a supervisor and they said they could NOT help me. At all. After sending numerous emails to Cloudmark, and filling out online forms, they finally agreed to remediate her ip address, even though they said the provider should do so, and Cloudmark doesn't normally work with individuals, and dynamic addresses, only companies. She runs an antivirus program (McAfee) and I also ran Malwarebytes, and it turned up nothing. She CAN send email from her webmail through mediacom, but doesn't like it and at 83 years young, it's much more confusing for her. She was using Thunderbird email when this problem first started. After Cloudmark 'fixed' the problem, within 3-4 days, the problem was back, so there's got to be a 'bug' in her computer, or something else I'm not familiar with. Here is the error she gets if she tries to send an email from Thunderbird, or any other 'in house' email program: "An error occurred sending mail: The mail server sent an incorrect greeting: njtocomv01 Mediacom B4mafX4eLMklx POL103 173.30.160.91 is listed on Cloudmark CSI-Global. Please visit:https://csi.cloudmark.com/en/reset?ip=173.30.160.91 ESMTP server not available." I'm sure you'll need more info and I'll be glad to provide it. Any and all help/tips will be much appreciated. (For the record, her provider, Mediacom, said she could get a new router and that would assign her a new ip address, but if there's a 'bug' in her machine, the problem may present itself again?) thanks |
#2
|
||||
|
||||
Hello k9mom007 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* Let's check your the system. I Would like you to do the following Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
#3
|
||||
|
||||
results of frst txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018 Ran by vern (administrator) on CAROLANN (17-07-2018 18:32:39) Running from C:\Users\vern\Downloads Loaded Profiles: vern (Available Profiles: vern & DefaultAppPool) Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (McAfee, LLC) C:\Windows\System32\mfevtps.exe (Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC) C:\Windows\System32\mfevtps.exe (CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe (Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.747\SSScheduler.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\DSAPI.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\pcdrwi.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe (Farbar) C:\Users\vern\Downloads\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-04-24] (Hewlett-Packard Co.) HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.) HKU\S-1-5-21-4235110116-143568719-509401355-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-06-23] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.747\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7a3ad203-0f58-459a-844c-cb1519a74469}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{ae449e5f-c059-4bca-9817-306b9f28041a}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4235110116-143568719-509401355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4235110116-143568719-509401355-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1 SearchScopes: HKLM -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> DefaultScope {776E85C1-E013-40BF-AA25-1CE74D99E5C8} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US84D20151114&p={searchT erms} SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> {6249C9F1-9CEA-4449-B021-35CA84F317FF} URL = SearchScopes: HKU\S-1-5-21-4235110116-143568719-509401355-1000 -> {776E85C1-E013-40BF-AA25-1CE74D99E5C8} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US84D20151114&p={searchT erms} BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-14] (Oracle Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-14] (Oracle Corporation) Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.) Edge: ====== Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [2018-03-14] FireFox: ======== FF ProfilePath: C:\Users\vern\AppData\Roaming\Postbox\Profiles\63i p5ju5.default [2018-07-15] FF ProfilePath: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default [2018-03-02] FF Homepage: Mozilla\Firefox\Profiles\qr68upw5.default -> www.google.com FF Extension: (Search and New Tab by Yahoo) - C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-08-04] [Legacy] FF Extension: (Adblock Plus) - C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] [Legacy] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-08-09] [Legacy] FF SearchPlugin: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\searchplugins\McSiteAdvisor. xml [2015-11-14] FF SearchPlugin: C:\Users\vern\AppData\Roaming\Mozilla\Firefox\Prof iles\qr68upw5.default\searchplugins\yahoo-ysp.xml [2016-08-04] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_ 134.dll [2018-07-11] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_ 134.dll [2018-07-11] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-03-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-14] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp .dll [2013-06-21] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default [2018-07-17] CHR Extension: (Adobe Acrobat) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-03-03] CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho [2018-07-06] CHR Extension: (Skype) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl [2017-12-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-04-03] CHR Extension: (Chrome Media Router) - C:\Users\vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-06-14] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-18] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx [2014-07-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalyt ics.exe [1508656 2018-05-03] (McAfee, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.6992.1236\DSAPI.exe [935744 2018-07-17] (PC-Doctor, Inc.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed] R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.747\McCHSvc.exe [405400 2018-06-18] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC) R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.) R2 osrss; C:\WINDOWS\system32\osrss.dll [130808 2018-06-08] (Microsoft Corporation) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-07] (McAfee, Inc.) R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.) R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [135816 2018-06-28] (Microsoft Corporation) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [45016 2018-07-08] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] () S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC) U3 mfeavfk01; no ImagePath S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) U3 idsvc; no ImagePath S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X] S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X] S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-17 18:28 - 2018-07-17 18:29 - 000055716 _____ C:\Users\vern\Downloads\Addition.txt 2018-07-17 18:26 - 2018-07-17 18:32 - 000023509 _____ C:\Users\vern\Downloads\FRST.txt 2018-07-17 18:25 - 2018-07-17 18:32 - 000000000 ____D C:\FRST 2018-07-17 18:24 - 2018-07-17 18:24 - 002412544 _____ (Farbar) C:\Users\vern\Downloads\FRST64 (1).exe 2018-07-17 18:23 - 2018-07-17 18:23 - 002412544 _____ (Farbar) C:\Users\vern\Downloads\FRST64.exe 2018-07-17 15:46 - 2018-07-17 15:46 - 000002237 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2018-07-15 11:26 - 2018-07-15 11:26 - 000000542 _____ C:\Users\vern\Desktop\How to attach a picture to an email on webmail.txt 2018-07-15 10:56 - 2018-07-15 10:56 - 000000759 _____ C:\Users\vern\Desktop\Music - Shortcut.lnk 2018-07-09 12:15 - 2018-07-09 12:15 - 000003144 _____ C:\WINDOWS\System32\Tasks\SmartByte Telemetry 2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\ProgramData\RivetNetworks 2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rivet Networks 2018-07-09 12:15 - 2018-07-09 12:15 - 000000000 ____D C:\Program Files\Rivet Networks 2018-07-08 17:37 - 2018-07-08 17:37 - 000002211 _____ C:\Users\vern\Downloads\100_3873.JPG - Shortcut.download 2018-07-08 17:37 - 2018-07-08 17:37 - 000002211 _____ C:\Users\vern\Downloads\100_3873.JPG - Shortcut (1).download 2018-07-07 22:10 - 2018-07-07 22:11 - 000002595 _____ C:\Users\vern\Downloads\deck.zip 2018-07-07 22:10 - 2018-07-07 22:11 - 000002595 _____ C:\Users\vern\Downloads\deck (1).zip 2018-07-07 08:13 - 2018-07-07 08:13 - 000102146 _____ C:\Users\vern\Desktop\this year thousands of men will die 2018-07-05 04:59 - 2018-07-05 04:59 - 000000000 _____ C:\WINDOWS\SysWOW64\SpyWareFolderstoFilter.txt 2018-07-02 19:20 - 2018-07-02 19:20 - 000002211 _____ C:\Users\vern\Downloads\100_3872.JPG - Shortcut (1).download 2018-07-02 19:08 - 2018-07-02 19:08 - 000002211 _____ C:\Users\vern\Downloads\100_3872.JPG - Shortcut.download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut.download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (7).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (6).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (5).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (4).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (3).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (2).download 2018-07-02 17:52 - 2018-07-02 17:52 - 000002247 _____ C:\Users\vern\Downloads\100_3872 (1).JPG - Shortcut (1).download 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3873 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3872 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3871 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3869 (2).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3869 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3868 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3867 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002247 _____ C:\Users\vern\Desktop\100_3866 (1).JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3873.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3872.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3871.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3870.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3868.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3867.JPG - Shortcut.lnk 2018-07-02 17:40 - 2018-07-02 17:40 - 000002211 _____ C:\Users\vern\Desktop\100_3866.JPG - Shortcut.lnk 2018-07-01 09:23 - 2018-07-01 09:23 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2018-06-25 06:22 - 2018-06-08 14:09 - 000130808 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll 2018-06-23 14:45 - 2018-06-23 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2018-06-23 14:45 - 2018-06-23 14:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-17 18:22 - 2012-08-10 01:22 - 000000000 ____D C:\Users\vern\AppData\Roaming\Skype 2018-07-17 18:17 - 2018-01-18 12:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-07-17 17:46 - 2018-06-14 14:24 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test 2018-07-17 17:03 - 2018-01-18 13:19 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{3EF9CE7F-932A-42D6-A35F-9BB9118DC536} 2018-07-17 15:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-07-17 15:52 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF 2018-07-17 15:47 - 2018-05-17 11:28 - 000004240 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2018-07-17 15:46 - 2018-01-18 12:56 - 000000000 ____D C:\Users\vern\AppData\Local\Packages 2018-07-17 15:46 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-07-17 15:46 - 2012-08-04 12:22 - 000000000 ____D C:\ProgramData\PCDr 2018-07-17 15:46 - 2012-07-05 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2018-07-17 15:45 - 2017-06-26 11:26 - 000000000 ____D C:\ProgramData\SupportAssist 2018-07-17 11:50 - 2018-01-18 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-07-17 10:50 - 2016-09-25 04:11 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2018-07-17 10:50 - 2016-09-25 04:11 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2018-07-17 10:50 - 2012-07-05 08:58 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2018-07-17 10:49 - 2018-01-18 13:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-07-17 10:49 - 2018-01-18 12:55 - 000000000 ____D C:\Users\vern 2018-07-17 08:10 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-07-12 18:40 - 2017-09-29 04:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM 2018-07-12 08:11 - 2018-01-12 00:58 - 000000000 ____D C:\Program Files\rempl 2018-07-12 04:25 - 2018-01-18 13:19 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-07-12 04:25 - 2015-04-10 06:55 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-07-11 06:50 - 2013-08-07 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-07-11 06:47 - 2012-08-03 00:36 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-07-11 06:46 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-07-11 02:23 - 2018-03-13 12:23 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-07-11 02:23 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-07-11 02:23 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-07-05 05:04 - 2017-07-10 07:34 - 000000296 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2018-07-05 04:09 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-07-03 17:42 - 2018-01-18 12:46 - 000294024 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-07-02 17:40 - 2016-12-10 17:15 - 000000000 ____D C:\Users\vern\AppData\LocalLow\Mozilla 2018-06-28 14:33 - 2013-11-09 18:33 - 000000000 ____D C:\Program Files (x86)\McAfee 2018-06-28 08:00 - 2018-01-18 13:19 - 000003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2018-06-25 18:23 - 2016-05-17 18:28 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-06-23 14:45 - 2018-01-27 15:45 - 000002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2018-06-23 14:45 - 2015-11-21 15:49 - 000000000 ____D C:\Program Files\McAfee Security Scan 2018-06-23 04:16 - 2018-01-18 13:19 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4235110116-143568719-509401355-1000 2018-06-23 04:16 - 2016-05-19 09:20 - 000002402 _____ C:\Users\vern\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive.lnk 2018-06-23 04:16 - 2016-05-19 09:20 - 000000000 ___RD C:\Users\vern\OneDrive 2018-06-22 21:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2014-09-06 15:01 - 2014-09-06 15:01 - 000000043 _____ () C:\Users\vern\AppData\Roaming\WB.CFG 2012-11-05 19:07 - 2012-11-05 19:07 - 000000236 _____ () C:\Users\vern\AppData\Local\LaunchHomeCenter.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-07-08 06:11 ==================== End of FRST.txt ============================ |
#4
|
||||
|
||||
addition txt
(If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\123simsen.com -> www.123simsen.com There are 7864 more sites. |
#5
|
||||
|
||||
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-06-23 14:45 - 000445158 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15281 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4235110116-143568719-509401355-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "AccuWeatherWidget" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4235110116-143568719-509401355-1000\...\StartupApproved\Run: => "HP ENVY 5660 series (NET)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2C347F97-C09A-4258-B6D1-D324EDC54EB3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe FirewallRules: [{4919E637-9A02-4F14-8104-19D85CF9070A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe FirewallRules: [{FB62EEBF-2F02-4BEB-8465-577C722FECA3}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{D9E61D8F-BAA6-4B91-BA35-6B84BA6C27DB}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{B7C963D5-C83C-47F5-BAAD-11FAA02262BD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{28251915-38D1-4535-B45C-ADDA02370666}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{4B9891A0-AABB-4EA1-8E40-971865CFDDCB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1054DFB9-38B2-4D67-BA9A-A512268BD4F5}] => (Allow) LPort=2869 FirewallRules: [{758E4EC3-0618-44F5-98A5-4EF1A2D6BA56}] => (Allow) LPort=1900 FirewallRules: [{B397B24C-30B9-4477-9756-FA49E0514712}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B6997361-7990-4141-8753-32FF77D9CD01}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{242E0CA0-EC49-496A-BB46-46A9DC8DF185}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{B30E2927-01AE-4F30-A533-3F2C1F5E5C77}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{1417C179-1F5F-4B21-8569-09C6342EB056}] => (Allow) LPort=9700 FirewallRules: [{2B7603DB-4B28-4CB6-A094-E059A600E25E}] => (Allow) LPort=9701 FirewallRules: [{39317CA8-EFE2-42BC-984F-5A0077EC6006}] => (Allow) LPort=9702 FirewallRules: [{6601EF2F-D7D6-4409-B1FD-4EBD6F7846E5}] => (Allow) LPort=9700 FirewallRules: [{FDB94704-D332-48F5-A53C-F6883800F82B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{A7E63F26-114B-4016-A304-9D664A2167B9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{9B884FB5-EB8A-4E5F-98D2-6E028421FE1F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{0309144D-543D-4751-9E41-9D72AF6FDFE8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{1DFCBA86-53DD-401C-A082-17BA4586378D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe FirewallRules: [{68EE0F7E-19B2-4E98-9EB3-1F895EBF8565}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{72988CE1-278A-4A11-9F6C-9EE34B06FE4B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe FirewallRules: [{CC940C1F-22AA-4F7D-B952-D698E6D3E1C0}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe FirewallRules: [{DAC00BA1-2594-4E48-9F8C-BDCFF8B7ED7A}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe FirewallRules: [{3A3733DC-9A19-460C-9517-5C4B4BDA750B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe FirewallRules: [{A6554DF4-38AB-4D2C-8A17-530F7867ECA2}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe FirewallRules: [{FB6D947C-9832-4110-B089-A366E614C4E1}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe FirewallRules: [{1FE74D94-97FA-4D1E-84D7-A4A58BB6E8EC}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe FirewallRules: [{FFB8F238-16A9-4EFB-8062-9863FD4A3AA7}] => (Allow) LPort=5353 FirewallRules: [{A71F3AFD-9B09-438F-912D-A6FE619AA5DD}] => (Allow) LPort=9322 FirewallRules: [{C17D7FB6-E218-4D50-A97E-892FD0165D15}] => (Allow) LPort=5353 FirewallRules: [{DE9E9FBC-7CEB-4BB5-AD88-7C60104CEAF8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{24C149C8-9D4E-46A9-ADE6-1D78F97EE814}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D768075B-5D7D-4D03-91DE-30893260739A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{914928FA-4261-487F-8FA7-D42D48E9E43F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{6DD8274C-3300-4DF4-AE8B-B6F9F47C7039}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1E0BA203-9836-42EF-9AD3-E89C4B06CA5B}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe FirewallRules: [{F5F3C152-1608-429F-A9D4-04A8D106CA43}] => (Allow) LPort=5357 FirewallRules: [{92E8EDC5-11C7-4255-A875-F05EF1857D75}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{5EFC6922-CCBE-47F5-B193-0DC5D67B3C95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AC4B39A6-F4DE-47C5-AC61-A1014C92BADC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{23F6A41E-59DC-45AA-B7D0-DF6BCCFF31E4}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0769\HPDiagnos ticCoreUI.exe FirewallRules: [{5C8B94CA-6103-4E65-9443-21E097FF7093}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0769\HPDiagnos ticCoreUI.exe FirewallRules: [{B355E2AE-05A3-40FE-AC60-D61CAD202402}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0DC0\HPDiagnos ticCoreUI.exe FirewallRules: [{56EBF397-293A-4F11-854F-491A66077356}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS0DC0\HPDiagnos ticCoreUI.exe FirewallRules: [{1951EE15-8C6A-4F00-A293-695021E464C7}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS2702\HPDiagnos ticCoreUI.exe FirewallRules: [{A69D0927-1ECD-4AD2-A414-2C67A390504A}] => (Allow) C:\Users\vern\AppData\Local\Temp\7zS2702\HPDiagnos ticCoreUI.exe FirewallRules: [{63FE7D8D-6584-4332-B2CF-384475E6C4BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-06-2018 17:45:32 Windows Update 02-07-2018 21:18:21 Windows Update 11-07-2018 06:45:28 Windows Update 11-07-2018 06:46:09 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/17/2018 04:14:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x06986e65 Faulting process id: 0x488 Faulting application start time: 0x01d41da60d8a4aa4 Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e Faulting module path: unknown Report Id: c836e807-305e-4195-8a98-e594d13eb1a1 Faulting package full name: Faulting package-relative application ID: Error: (07/17/2018 04:14:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TelemetryUtility.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at TelemetryUtility.Program.TelemetrySendTimes() at System.Threading.ThreadHelper.ThreadStart_Context( System.Object) at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (07/14/2018 04:14:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x06a76cb5 Faulting process id: 0x1b18 Faulting application start time: 0x01d41b4a8e53b3e2 Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e Faulting module path: unknown Report Id: ea424fba-c1ea-4a74-879a-39effcead457 Faulting package full name: Faulting package-relative application ID: Error: (07/14/2018 04:14:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TelemetryUtility.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at TelemetryUtility.Program.TelemetrySendTimes() at System.Threading.ThreadHelper.ThreadStart_Context( System.Object) at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (07/11/2018 04:14:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x06496cb5 Faulting process id: 0xc98 Faulting application start time: 0x01d418ef0f1542e3 Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e Faulting module path: unknown Report Id: f4d84a52-d017-40fc-8428-2747d5b755a7 Faulting package full name: Faulting package-relative application ID: Error: (07/11/2018 04:14:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TelemetryUtility.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at TelemetryUtility.Program.TelemetrySendTimes() at System.Threading.ThreadHelper.ThreadStart_Context( System.Object) at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (07/08/2018 04:14:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TelemetryUtility.exe, version: 3.3.0.4941, time stamp: 0x5ad84908 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x06f16e65 Faulting process id: 0x2e58 Faulting application start time: 0x01d416938fe6704b Faulting application path: C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.ex e Faulting module path: unknown Report Id: e848399e-a998-4dd8-b165-3dff292c0bac Faulting package full name: Faulting package-relative application ID: Error: (07/08/2018 04:14:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TelemetryUtility.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at TelemetryUtility.Program.TelemetrySendTimes() at System.Threading.ThreadHelper.ThreadStart_Context( System.Object) at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() System errors: ============= Error: (07/17/2018 06:17:17 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/17/2018 05:16:32 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/17/2018 05:05:34 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). Error: (07/17/2018 03:43:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). Error: (07/17/2018 03:42:20 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/17/2018 03:03:49 PM) (Source: DCOM) (EventID: 10016) (User: CAROLANN) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user CAROLANN\vern SID (S-1-5-21-4235110116-143568719-509401355-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-05-08 21:59:19.354 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-08 21:59:18.663 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-08 21:59:10.930 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-08 21:59:10.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Micros oft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-05 16:58:53.938 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz Percentage of memory in use: 51% Total physical RAM: 6056.63 MB Available physical RAM: 2934.23 MB Total Virtual: 7144.63 MB Available Virtual: 3083.4 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:913.93 GB) (Free:843.66 GB) NTFS Drive d: (dvdcopytry) (CDROM) (Total:0.85 GB) (Free:0 GB) UDF \\?\Volume{287a2538-c6ae-11e1-a66c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:17.55 GB) (Free:6.29 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0F6F242E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=17.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=913.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
#6
|
||||
|
||||
Hi k9mom007, thanks for the logs.
But, the additional log seems to be missing. Could you send the additional log again. Thanks. Have a nice day. |
#7
|
||||
|
||||
Yes I posted the addition log. I had to post it in two separate replies because there were too many characters
|
#8
|
||||
|
||||
Quote:
I understand. Some sections on the log are missing. Could you send just the additional log file again.You can also send it with wikisend.com if necessary. |
#9
|
||||
|
||||
Sorry for the delay. I've got some sort of flu and don't want to expose my parents to it. It's their computer I'm working on. If you will kindly have patience with me, I will repost the Addition text as soon as I'm well enough to go to their home. Regards...Janice
|
#10
|
||||
|
||||
Okay. I am waiting. Get better soon.
Best regards. |
#11
|
||||
|
||||
Thank you so much for your understanding. As soon as I'm not contagious, I will go to their home and do what you ask.
|
#12
|
||||
|
||||
just wanted you to know I have not forgotten you or this topic. I will be well enough to go to my parents home (where the computer is) tomorrow evening. Thank you for your patience!
|
#13
|
||||
|
||||
Okay. I am waiting.
|
#14
|
||||
|
||||
I appreciate your patience more than you know. It has been a terrible time. I still want to fix the problem. I will be back with you soon
|
#15
|
||||
|
||||
I'm back. Hope this link works. Uploaded the addition txt to wikisend Addition.txt
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Static/dynamic IP address | TETO | Networking | 1 | April 16th, 2010 08:07 PM |
Getting A0013811.exe flagged by PcCillian | jeepgal1 | Malware Removal | 9 | March 13th, 2007 01:34 AM |
Dynamic IP problem | Lubricant_Larry | Networking | 1 | November 11th, 2005 05:42 PM |
How do I import an address book from one address to the other in outlook express? | ForMadMenOnly | Applications | 2 | June 1st, 2004 11:16 AM |
All times are GMT +1. The time now is 02:11 AM.