Jump to content

FoundMarbles

Members
  • Content Count

    7
  • Joined

  • Last visited

About FoundMarbles

  • Rank
    New Member
  1. I have a problem with Malwarebytes pro, real time protection could not be enabled after removing 3 items found by Rogue Killer. I have tried twice to remove the program for a fresh install but it fails to be able to do the job. I have attached the text file in the hope that you can tell me what is wrong. mb-clean-results.txt
  2. Hi Aura, Here is the resulting file: MiniToolBox by Farbar Version: 17-06-2016 Ran by owner (administrator) on 28-11-2017 at 21:43:03 Running from "C:\Users\owner\Desktop" Microsoft Windows 10 Home (X64) Model: Inspiron 3668 Manufacturer: Dell Inc. Boot Mode: Normal *************************************************************************** ========================= Event log errors: =============================== Application errors: ================== Error: (11/24/2017 07:50:25 PM) (Source: Application Error) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1 Faulting module name: arwlib.dll, version: 3.0.0.390, time stamp: 0x58af57f8 Exception code: 0xc0000005 Fault offset: 0x0000000000070b94 Faulting process ID: 0x10b0 Faulting application start time: 0xmbamservice.exe0 Faulting application path: mbamservice.exe1 Faulting module path: mbamservice.exe2 Report ID: mbamservice.exe3 Faulting package full name: mbamservice.exe4 Faulting package-relative application ID: mbamservice.exe5 Error: (11/23/2017 11:04:00 PM) (Source: Application Error) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1 Faulting module name: arwlib.dll, version: 3.0.0.390, time stamp: 0x58af57f8 Exception code: 0xc0000005 Fault offset: 0x0000000000070b94 Faulting process ID: 0x119c Faulting application start time: 0xmbamservice.exe0 Faulting application path: mbamservice.exe1 Faulting module path: mbamservice.exe2 Report ID: mbamservice.exe3 Faulting package full name: mbamservice.exe4 Faulting package-relative application ID: mbamservice.exe5 Error: (11/23/2017 05:06:50 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (11/23/2017 05:06:42 PM) (Source: .NET Runtime) (User: ) Description: Application: PostInstall.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.IO.Path.CheckInvalidPathChars(System.String, Boolean) at System.IO.Path.Combine(System.String, System.String) at utilities.UserCredConfig.PerformConfig(Boolean, System.String) at PostInstall.Program.Main(System.String[]) Error: (11/23/2017 05:06:40 PM) (Source: PostOnce.exe) (User: ) Description: [1] ERROR- Merge back telemetry event faile: System.Xml.XmlException: Root element is missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Excal.Telemetry.EventManager.MergeEventFile() #StackInfo# Error: (11/21/2017 04:43:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1 Faulting module name: arwlib.dll, version: 3.0.0.390, time stamp: 0x58af57f8 Exception code: 0xc0000005 Fault offset: 0x0000000000070b94 Faulting process ID: 0xed8 Faulting application start time: 0xmbamservice.exe0 Faulting application path: mbamservice.exe1 Faulting module path: mbamservice.exe2 Report ID: mbamservice.exe3 Faulting package full name: mbamservice.exe4 Faulting package-relative application ID: mbamservice.exe5 Error: (11/21/2017 08:55:44 AM) (Source: DellSupportAssistRemedationService.exe) (User: ) Description: [5] ERROR- FindPartObjects() Lable not matched! Target:WINRETOOLS, Current:DELLSUPPORT, Partition:PartitionPos {disk:0, part:6}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo# Error: (11/21/2017 08:55:44 AM) (Source: DellSupportAssistRemedationService.exe) (User: ) Description: [5] ERROR- FindPartObjects() Lable not matched! Target:WINRETOOLS, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo# Error: (11/21/2017 08:25:43 AM) (Source: DellSupportAssistRemedationService.exe) (User: ) Description: [4] ERROR- Merge back telemetry event faile: System.Xml.XmlException: Root element is missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Excal.Telemetry.EventManager.MergeEventFile() #StackInfo# Error: (11/21/2017 08:20:44 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet System errors: ============= Error: (11/28/2017 11:50:48 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (11/28/2017 11:50:48 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (11/26/2017 04:47:14 PM) (Source: DCOM) (User: DESKTOP-4KNLURF) Description: application-specificLocalActivation{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}DESKTOP-4KNLURFownerS-1-5-21-151752392-1570635984-2468627807-1001LocalHost (Using LRPC)Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbweS-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518 Error: (11/24/2017 07:51:05 PM) (Source: Service Control Manager) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/24/2017 10:01:32 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (11/24/2017 10:01:32 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (11/24/2017 10:00:55 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NvStreamNetworkSvc service to connect. Error: (11/24/2017 10:00:50 AM) (Source: Service Control Manager) (User: ) Description: The CldFlt service failed to start due to the following error: %%50 = The request is not supported. Error: (11/23/2017 11:05:47 PM) (Source: Service Control Manager) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 2 time(s). Error: (11/23/2017 10:06:26 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Microsoft Office Sessions: ========================= Error: (11/24/2017 07:50:25 PM) (Source: Application Error)(User: ) Description: mbamservice.exe3.1.0.4155881b7a1arwlib.dll3.0.0.39058af57f8c00000050000000000070b9410b001d36535069a1b35C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeC:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll8285f52b-a104-4818-8cb1-a92a3d4b33a9 Error: (11/23/2017 11:04:00 PM) (Source: Application Error)(User: ) Description: mbamservice.exe3.1.0.4155881b7a1arwlib.dll3.0.0.39058af57f8c00000050000000000070b94119c01d363a94e2dd4a0C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeC:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll3e5bea73-d712-464a-918d-23bbdc592612 Error: (11/23/2017 05:06:50 PM) (Source: VSS)(User: ) Description: QueryFullProcessImageNameW0x80070006, The handle is invalid. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (11/23/2017 05:06:42 PM) (Source: .NET Runtime)(User: ) Description: Application: PostInstall.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.IO.Path.CheckInvalidPathChars(System.String, Boolean) at System.IO.Path.Combine(System.String, System.String) at utilities.UserCredConfig.PerformConfig(Boolean, System.String) at PostInstall.Program.Main(System.String[]) Error: (11/23/2017 05:06:40 PM) (Source: PostOnce.exe)(User: ) Description: [1] ERROR- Merge back telemetry event faile: System.Xml.XmlException: Root element is missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Excal.Telemetry.EventManager.MergeEventFile() #StackInfo# Error: (11/21/2017 04:43:14 PM) (Source: Application Error)(User: ) Description: mbamservice.exe3.1.0.4155881b7a1arwlib.dll3.0.0.39058af57f8c00000050000000000070b94ed801d362cbe0336e62C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeC:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll1c5516a8-fe5a-4968-83f6-cd4f66c6fe13 Error: (11/21/2017 08:55:44 AM) (Source: DellSupportAssistRemedationService.exe)(User: ) Description: [5] ERROR- FindPartObjects() Lable not matched! Target:WINRETOOLS, Current:DELLSUPPORT, Partition:PartitionPos {disk:0, part:6}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo# Error: (11/21/2017 08:55:44 AM) (Source: DellSupportAssistRemedationService.exe)(User: ) Description: [5] ERROR- FindPartObjects() Lable not matched! Target:WINRETOOLS, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo# Error: (11/21/2017 08:25:43 AM) (Source: DellSupportAssistRemedationService.exe)(User: ) Description: [4] ERROR- Merge back telemetry event faile: System.Xml.XmlException: Root element is missing. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Excal.Telemetry.EventManager.MergeEventFile() #StackInfo# Error: (11/21/2017 08:20:44 AM) (Source: VSS)(User: ) Description: QueryFullProcessImageNameW0x80070006, The handle is invalid. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet CodeIntegrity Errors: =================================== Date: 2017-11-20 10:55:17.827 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-20 10:54:45.022 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-20 10:54:44.915 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-20 09:50:26.892 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-20 09:49:55.824 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-11-20 09:49:55.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. =========================== Installed Programs ============================ 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.66 - NVIDIA Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell) Dell SupportAssist Remediation (HKLM\...\{EEB1E6AD-5E5E-46C0-B60C-BF208CE755A3}) (Version: 3.1.1.3834 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{61737d36-07ae-47a4-a2f5-3f2979f77e50}) (Version: 3.1.1.3834 - Dell Inc.) Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell) Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.) Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.3.6855.72 - PC-Doctor, Inc.) Hidden EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Stylus Photo R2000 Printer Uninstall (HKLM\...\Epson Stylus Photo R2000) (Version: - SEIKO EPSON Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.1.1028 - Intel Corporation) Intel(R) Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9134.0 - Waves Audio Ltd.) Hidden Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft Research AutoCollage 2008 version 1.1 (HKLM-x32\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) NVIDIA 3D Vision Driver 382.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.66 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation) NVIDIA Graphics Driver 382.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.66 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.) proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH) Product Registration (HKLM\...\{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.11 - Qualcomm Atheros) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.36.104.1020 - Electronic Arts Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) **** End of log ****
  3. Aura, Thank You! Yes, It has been a while since I posted that question and you are the first response I have had. As noted in the question, I'm just wondering if any OR all of those Dell programs are require. (Dumb me, Dell Update is an obvious keeper!) The product is registered already and the all those support bits have prove hard to navigate or useless. I just phone them instead.
  4. Reading comments on one of the malwarebytes lab posts I learned that Dell Tech Support and PC security is far from good. All of the items in the screenshot were pre-installed from Dell. I was wondering how many of them could be safely removed and which ones actually serve the PC rather than Dell.
  5. NEVER MIND, NO HELP TO BE FOUND HERE I SEE. I FIXED IT, FINALLY. IF IT TURNS UP AGAIN, I'LL GO SOMEWHERE ELSE!
  6. We seem to have 4 VERY persistent infections. Mind Spark, Ask.com & others. No amount of cleaning gets rid of the problems! Please Help! After reinstalling Malwarebytes and scanning, it cleaned 327 items. Ran AdwCleaner it removed a bunch of threats. This morning 2 were right back so I ran AdwCleaner again and Hitmman pro after that and then 4 items were back. I am near my wits end!! The Hitman pro log is copied below. HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : ACER-PC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : acer-PC\acer UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-29 15:34:42 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 2,076,381 Files scanned . . . . : 66,173 Remnants scanned . . : 421,941 files / 1,588,267 keys Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ASock32.OCX Size . . . . . . . : 62,384 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5DB604CEEE5C4502F7FB4DB77CDBBA70F0783AF3A92389749040167384ECDC9F Product . . . . . : ASOCKET Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry ASocket Control Version . . . . . : 5.00.012 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\GetHst32.OCX Size . . . . . . . : 46,512 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.5 SHA-256 . . . . . : 37643B0F7D6B680B79CC6F53A34E4F655E5649AC83703C5531E6598950076ED6 Product . . . . . : GetHst Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet GetHst Control Version . . . . . : 5.00.007 Copyright . . . . : Copyright © 1996-1998 by Mabry Software, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\Mftp32.ocx Size . . . . . . . : 75,696 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.8 SHA-256 . . . . . : 6249744A37B44608E569160B7281D34AFA6BFDF625FF60237C400067575F54A5 Product . . . . . : Mabry Internet FTP Control Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet FTP Control Version . . . . . : 5.00.015 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-4003829262-2848994777-1340562341-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.