Jump to content

christym

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So far everything seems to be running smoothly. I haven't had any short freezes, plugin crashes, or low memory warnings.
  2. I only noticed symptoms while browsing the internet which I've refrained from doing during this process. Is it ok to do so now?
  3. Thank you so much for the quick reply. I ran both scans and have attached the logs. FRST.txt Addition.txt mbar-log-2015-02-08 (14-08-09).txt system-log.txt
  4. MBAM keeps finding Trojan.Agent.U every time I restart and then open my browser. Any help is greatly appreciated. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by dogfish (administrator) on DOGFISH-LP on 08-02-2015 13:51:25 Running from C:\Users\dogfish\Desktop Loaded Profiles: dogfish (Available profiles: dogfish) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (VIS without Co) C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-10-21] (Dell Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisEBA4.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-04] (Intel Corporation) HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] ( (Qualcomm®Atheros®)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-139359534-3230386112-1521331459-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-139359534-3230386112-1521331459-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-18\...\Run: [DustApps] => "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-139359534-3230386112-1521331459-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> {01F46CC9-CCB1-4777-99A6-DBD4502C4FBC} URL = SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: DustApps -> {0622D1AC-7D62-42F9-8393-A66E32146E0C} -> C:\Windows\SysWow64\config\systemprofile\AppData\Local\DustApps\plugin.dll (MicroApps Ltd) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default FF DefaultSearchEngine: Google FF Homepage: https://espanol.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-139359534-3230386112-1521331459-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF user.js: detected! => C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default\user.js FF Extension: Adblock Plus - C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-28] FF HKU\.DEFAULT\...\Firefox\Extensions: [{9110611c-1c53-4919-9c17-b89a76795094}] - C:\Program Files (x86)\Select-N-Go-soft\155.xpi ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows ® Win 7 DDK provider) R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-26] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS) R2 UpdateServiceTool; C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] S2 KDUpdater; "\\?\C:\Users\dogfish\AppData\Local\Temp\kdADA5.tmp" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-18] (Disc Soft Ltd) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-11] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) U4 CmdAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 13:43 - 2015-02-08 13:51 - 00020534 _____ () C:\Users\dogfish\Desktop\FRST.txt 2015-02-08 13:42 - 2015-02-08 13:51 - 00000000 ____D () C:\FRST 2015-02-08 13:41 - 2015-02-08 13:41 - 02132992 _____ (Farbar) C:\Users\dogfish\Desktop\FRST64.exe 2015-02-08 11:17 - 2015-02-08 11:17 - 00000000 ___RD () C:\Users\dogfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-02-07 12:08 - 2015-02-07 12:09 - 00286488 _____ () C:\Windows\Minidump\020715-26562-01.dmp 2015-02-07 10:47 - 2015-02-07 10:47 - 00000046 _____ () C:\Windows\wininit.ini 2015-02-07 10:33 - 2015-02-07 10:43 - 00006368 _____ () C:\Windows\system32\Drivers\sfi.dat 2015-02-07 10:33 - 2015-02-07 10:33 - 00000000 ____D () C:\ProgramData\Shared Space 2015-02-07 10:31 - 2015-02-07 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-07 10:31 - 2015-02-07 10:31 - 00000000 ____D () C:\Users\dogfish\AppData\Local\Comodo 2015-02-07 10:30 - 2015-02-07 10:33 - 00000000 ____D () C:\ProgramData\Comodo 2015-02-07 10:30 - 2015-02-07 10:30 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2015-02-07 09:38 - 2015-02-07 09:41 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages 2015-02-07 09:38 - 2015-02-07 09:41 - 00000000 ____D () C:\Users\TEMP 2015-02-06 23:31 - 2015-02-06 23:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\dogfish\Desktop\tdsskiller.exe 2015-02-02 20:08 - 2015-02-02 20:08 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-02 20:08 - 2015-02-02 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-02 20:07 - 2015-02-02 20:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-02 20:07 - 2015-02-02 20:08 - 00000000 ____D () C:\Program Files\iTunes 2015-02-02 20:07 - 2015-02-02 20:07 - 00000000 ____D () C:\Program Files\iPod 2015-02-02 20:07 - 2015-02-02 20:07 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-26 13:47 - 2015-01-26 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 13:31 - 2015-01-26 13:31 - 00001039 _____ () C:\Users\dogfish\Desktop\ScummVM.lnk 2015-01-25 16:27 - 2015-01-27 00:50 - 00000000 ____D () C:\Program Files (x86)\ScummVM 2015-01-25 16:27 - 2015-01-25 16:27 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\ScummVM 2015-01-25 16:27 - 2015-01-25 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM 2015-01-25 16:23 - 2015-01-25 16:24 - 07238761 _____ (The ScummVM Team ) C:\Users\dogfish\Downloads\scummvm-1.7.0-win32.exe 2015-01-24 20:54 - 2015-01-27 00:46 - 00051917 _____ () C:\Users\dogfish\Downloads\fceux.cfg 2015-01-24 20:54 - 2015-01-25 00:46 - 00000000 ____D () C:\Users\dogfish\Downloads\sav 2015-01-24 20:54 - 2015-01-24 23:54 - 00000000 ____D () C:\Users\dogfish\Downloads\fcs 2015-01-24 20:54 - 2015-01-24 20:54 - 00000740 _____ () C:\Users\dogfish\Desktop\fceux.lnk 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\snaps 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\movies 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\cheats 2015-01-24 20:53 - 2015-01-24 20:53 - 03029593 _____ () C:\Users\dogfish\Downloads\fceux-2.2.2-win32.zip 2015-01-24 20:53 - 2013-09-24 02:06 - 01105408 _____ () C:\Users\dogfish\Downloads\fceux.exe 2015-01-24 20:53 - 2013-09-24 01:32 - 00352497 _____ () C:\Users\dogfish\Downloads\fceux.chm 2015-01-24 20:53 - 2013-09-23 23:29 - 00924947 _____ () C:\Users\dogfish\Downloads\taseditor.chm 2015-01-24 20:53 - 2013-08-18 02:21 - 00167936 _____ () C:\Users\dogfish\Downloads\lua5.1.dll 2015-01-24 20:53 - 2013-08-18 02:21 - 00011264 _____ () C:\Users\dogfish\Downloads\lua51.dll 2015-01-24 20:53 - 2013-08-18 02:21 - 00000000 ____D () C:\Users\dogfish\Downloads\luaScripts 2015-01-24 20:53 - 2013-08-18 02:20 - 00941568 _____ (Igor Pavlov) C:\Users\dogfish\Downloads\7z.dll 2015-01-24 20:53 - 2013-08-18 02:20 - 00001724 _____ () C:\Users\dogfish\Downloads\auxlib.lua 2015-01-24 20:53 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\dogfish\Downloads\tools 2015-01-24 20:53 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\dogfish\Downloads\palettes 2015-01-13 16:45 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 16:45 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 16:45 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-13 16:45 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-13 16:45 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-13 16:45 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-13 16:45 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 16:45 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-13 16:45 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-13 16:45 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-13 16:45 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-13 16:45 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-13 16:45 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-13 16:45 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-13 16:45 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-13 16:45 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-13 16:45 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-13 16:45 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-13 16:45 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-13 16:45 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-13 16:45 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 13:50 - 2014-01-24 02:40 - 01788954 _____ () C:\Windows\WindowsUpdate.log 2015-02-08 13:47 - 2014-03-22 09:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-08 13:43 - 2014-03-01 12:55 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\ClassicShell 2015-02-08 13:29 - 2014-03-27 15:29 - 00000318 _____ () C:\Windows\Tasks\FoxTab.job 2015-02-08 13:16 - 2014-02-28 17:39 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-08 13:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-08 12:14 - 2014-02-28 15:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-139359534-3230386112-1521331459-1001 2015-02-08 11:58 - 2014-06-21 18:49 - 00000000 ____D () C:\ProgramData\FLEXnet 2015-02-08 11:58 - 2014-06-21 18:47 - 00000000 ____D () C:\ProgramData\Rosetta Stone 2015-02-08 11:22 - 2014-05-28 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 11:20 - 2014-02-28 15:51 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C4F66BD3-B6AD-4E00-B619-6C32C0E170D2} 2015-02-08 11:17 - 2014-03-06 20:55 - 00000000 ____D () C:\Users\dogfish\AppData\Local\CrashDumps 2015-02-08 11:17 - 2014-02-28 17:39 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-08 11:17 - 2014-02-28 15:48 - 00000000 ___DO () C:\Users\dogfish\SkyDrive 2015-02-07 20:23 - 2014-01-24 02:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-02-07 20:16 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-07 20:15 - 2014-01-24 02:09 - 00242184 _____ () C:\Windows\PFRO.log 2015-02-07 20:15 - 2013-08-22 06:46 - 00026063 _____ () C:\Windows\setupact.log 2015-02-07 20:15 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-07 20:14 - 2014-02-28 15:45 - 00000000 ____D () C:\Users\dogfish 2015-02-07 12:08 - 2014-10-16 23:09 - 955397169 _____ () C:\Windows\MEMORY.DMP 2015-02-07 12:08 - 2014-10-16 23:09 - 00000000 ____D () C:\Windows\Minidump 2015-02-07 09:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-06 00:37 - 2014-03-01 17:39 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\CDisplayEx 2015-02-05 19:16 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-05 18:11 - 2014-02-28 17:39 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 18:11 - 2014-02-28 17:39 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-04 16:47 - 2014-03-22 09:06 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:25 - 2014-03-02 13:17 - 00000000 ____D () C:\Users\dogfish\Documents\My Misc. Goodies 2015-02-03 11:31 - 2014-12-10 17:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 11:31 - 2014-12-10 17:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 20:07 - 2014-02-28 17:20 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-28 00:10 - 2014-02-28 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 00:13 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-01-23 00:38 - 2014-10-31 21:30 - 00000000 ____D () C:\Users\dogfish\Documents\Story Ideas 2015-01-20 21:03 - 2014-03-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-20 19:58 - 2014-03-02 22:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-03-27 15:29 - 2014-07-18 14:32 - 0000110 _____ () C:\Users\dogfish\AppData\Roaming\WB.CFG 2014-01-24 02:13 - 2014-01-24 02:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-01-24 02:47 - 2014-01-24 02:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-01-24 02:43 - 2014-01-24 02:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-01-24 02:44 - 2014-01-24 02:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-01-24 02:45 - 2014-01-24 02:47 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-01-24 02:42 - 2014-01-24 02:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\dogfish\AppData\Local\Temp\7612uninstall.exe C:\Users\dogfish\AppData\Local\Temp\COMAP.EXE C:\Users\dogfish\AppData\Local\Temp\KDLdr2_new.exe C:\Users\dogfish\AppData\Local\Temp\ose00000.exe C:\Users\dogfish\AppData\Local\Temp\Sqlite3.dll C:\Users\dogfish\AppData\Local\Temp\tmpEAE0.exe C:\Users\dogfish\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-07 21:34 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by dogfish at 2015-02-08 13:52:16 Running from C:\Users\dogfish\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite) CDisplayEx 1.10.8 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) Corel Painter Essentials 3 (HKLM-x32\...\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: 3.0 - Corel Corporation) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Google 日本語入力 (HKLM\...\{6A1E4EFB-3EE0-40A0-9D6D-E865370289DB}) (Version: 1.13.1641.0 - Google Inc.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) KeyPlayr (HKLM-x32\...\{A21A2C02-B537-4418-858C-1F79C309FD0C}) (Version: 1.00.0000 - KeyDownload) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team) MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.004 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-139359534-3230386112-1521331459-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) ==================== Restore Points ========================= Could not list restore points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B379E50-B5DC-41AE-9443-D521D8D1241C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.) Task: {25D09176-7F44-481E-A976-AEFE93CBC08D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {2E525AF7-D81C-47D1-9459-14741CCC0AF9} - \AmiUpdXp No Task File <==== ATTENTION Task: {3A255A26-6075-4ABA-B7C5-AF2C74A40796} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {3E03156B-90EF-46A3-9AFD-DA70D2A302E0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-21] (CyberLink Corp.) Task: {4697EE97-7C59-4FDE-93B8-F0CFBC55BC03} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {537DFD8D-1692-4EC5-BBC9-FD8834DC1DF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.) Task: {6381C9E6-8617-4D9E-86BA-F3415D67CE9D} - System32\Tasks\FoxTab => C:\Users\dogfish\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {70F296EB-89B1-4DE4-BB3D-89188E351F91} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {7357C82C-41C6-4ADB-A551-00B1EDFD2CF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {76C69584-C8D1-495E-8018-7031015F9A4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {80F64EF0-E4E4-4FF5-860C-5B22CD1216DC} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {87F374E0-7B7A-4F2C-9182-51D7084A2666} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {B5CE0A18-8A98-4A9C-BE94-A900CD8F22F8} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {B8C35CA7-8F0B-48B1-90F3-6A18BA96FC04} - System32\Tasks\PocketCloudUpdater => C:\Program Task: {CAB25594-A76F-49ED-9E37-3E77A4BEFB65} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {D9294577-77BF-4599-ABE9-A5F0780025F2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-11] (Synaptics Incorporated) Task: {E8B9744C-277B-4CE3-A91C-5C60C5D255BC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FoxTab.job => C:\Users\dogfish\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2005-09-09 02:24 - 2005-09-09 02:24 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-08-22 11:40 - 2013-08-22 11:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2013-08-22 11:40 - 2013-08-22 11:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll 2013-08-22 11:40 - 2013-08-22 11:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll 2014-03-18 20:50 - 2013-12-04 08:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-01-24 01:20 - 2013-09-30 07:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-21 23:19 - 2013-08-21 22:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd 2014-01-24 02:34 - 2013-09-04 07:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-01-24 02:43 - 2013-03-04 19:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-01-26 13:47 - 2015-01-26 13:47 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\dogfish\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-139359534-3230386112-1521331459-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dogfish\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader" ==================== Accounts: ============================= Administrator (S-1-5-21-139359534-3230386112-1521331459-500 - Administrator - Disabled) dogfish (S-1-5-21-139359534-3230386112-1521331459-1001 - Administrator - Enabled) => C:\Users\dogfish Guest (S-1-5-21-139359534-3230386112-1521331459-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-139359534-3230386112-1521331459-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 11:17:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Faulting module name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Exception code: 0xc0000005 Fault offset: 0x00000000000696a5 Faulting process id: 0x2b4 Faulting application start time: 0xquickset.exe0 Faulting application path: quickset.exe1 Faulting module path: quickset.exe2 Report Id: quickset.exe3 Faulting package full name: quickset.exe4 Faulting package-relative application ID: quickset.exe5 Error: (02/07/2015 08:38:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DmiInfo.exe, version: 1.0.0.0, time stamp: 0x5273bfb9 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x1120 Faulting application start time: 0xDmiInfo.exe0 Faulting application path: DmiInfo.exe1 Faulting module path: DmiInfo.exe2 Report Id: DmiInfo.exe3 Faulting package full name: DmiInfo.exe4 Faulting package-relative application ID: DmiInfo.exe5 Error: (02/07/2015 08:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DmiInfo.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean) at System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions) at System.Management.ManagementClass.GetInstances() at DmiInfo.Program.GetSystemModel() at DmiInfo.Program.Main(System.String[]) Error: (02/07/2015 08:24:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TOASTER.EXE, version: 1.0.1.172, time stamp: 0x527be563 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x7fc Faulting application start time: 0xTOASTER.EXE0 Faulting application path: TOASTER.EXE1 Faulting module path: TOASTER.EXE2 Report Id: TOASTER.EXE3 Faulting package full name: TOASTER.EXE4 Faulting package-relative application ID: TOASTER.EXE5 Error: (02/07/2015 08:24:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TOASTER.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Toaster.App.Main() Error: (02/07/2015 08:24:06 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. Not found at System.Management.ThreadDispatch.Start() at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at Toaster.Services.PowerManagementService.Start() at Toaster.MainWindowViewModel..ctor() at Toaster.App.OnStartup(StartupEventArgs e) at System.Windows.Application.<.ctor>b__1(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (02/07/2015 08:23:55 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error: (02/07/2015 08:23:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 28) (User: NT AUTHORITY) Description: Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80041002. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory. Error: (02/07/2015 08:18:48 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error: (02/07/2015 08:17:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Faulting module name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Exception code: 0xc0000005 Fault offset: 0x00000000000696a5 Faulting process id: 0x8d4 Faulting application start time: 0xquickset.exe0 Faulting application path: quickset.exe1 Faulting module path: quickset.exe2 Report Id: quickset.exe3 Faulting package full name: quickset.exe4 Faulting package-relative application ID: quickset.exe5 System errors: ============= Error: (02/08/2015 01:50:34 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:50:28 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:50:24 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:49 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:20 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:07 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:36:23 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:36:21 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:16:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The KDUpdater service failed to start due to the following error: %%2 Error: (02/07/2015 07:49:02 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Microsoft Office Sessions: ========================= Error: (02/08/2015 11:17:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: quickset.exe10.16.4.35264dbf6quickset.exe10.16.4.35264dbf6c000000500000000000696a52b401d043d3daf0ed32C:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\QuickSet\quickset.exe1a0a4d6f-afc7-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:38:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DmiInfo.exe1.0.0.05273bfb9KERNELBASE.dll6.3.9600.1727853eeb460e043435200012f71112001d043591c20e6b6C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DmiInfo.exeC:\Windows\SYSTEM32\KERNELBASE.dll59ed922b-af4c-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DmiInfo.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean) at System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions) at System.Management.ManagementClass.GetInstances() at DmiInfo.Program.GetSystemModel() at DmiInfo.Program.Main(System.String[]) Error: (02/07/2015 08:24:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TOASTER.EXE1.0.1.172527be563KERNELBASE.dll6.3.9600.1727853eeb460e043435200012f717fc01d0435701052a9dC:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\SYSTEM32\KERNELBASE.dll51d2d679-af4a-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:24:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TOASTER.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Toaster.App.Main() Error: (02/07/2015 08:24:06 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. Not found at System.Management.ThreadDispatch.Start() at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at Toaster.Services.PowerManagementService.Start() at Toaster.MainWindowViewModel..ctor() at Toaster.App.OnStartup(StartupEventArgs e) at System.Windows.Application.<.ctor>b__1(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (02/07/2015 08:23:55 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: Error: (02/07/2015 08:23:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 28) (User: NT AUTHORITY) Description: 0x80041002 Error: (02/07/2015 08:18:48 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: Error: (02/07/2015 08:17:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: quickset.exe10.16.4.35264dbf6quickset.exe10.16.4.35264dbf6c000000500000000000696a58d401d0435619eaa764C:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\QuickSet\quickset.exe5925f710-af49-11e4-82a5-645a04ca7b10 CodeIntegrity Errors: =================================== Date: 2015-02-07 21:39:06.163 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:02.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:02.044 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:00.856 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:53.865 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:53.568 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:52.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Pentium® CPU 2127U @ 1.90GHz Percentage of memory in use: 52% Total physical RAM: 3977.27 MB Available physical RAM: 1884.71 MB Total Pagefile: 12169.27 MB Available Pagefile: 1848.16 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.75 GB) (Free:361.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 67923C5C) Partition: GPT Partition Type. ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.