christym
Members-
Posts
5 -
Joined
-
Last visited
Reputation
0 Neutral-
Trojan.Agent.U keeps coming back
christym replied to christym's topic in Resolved Malware Removal Logs
So far everything seems to be running smoothly. I haven't had any short freezes, plugin crashes, or low memory warnings. -
Trojan.Agent.U keeps coming back
christym replied to christym's topic in Resolved Malware Removal Logs
I only noticed symptoms while browsing the internet which I've refrained from doing during this process. Is it ok to do so now? -
Trojan.Agent.U keeps coming back
christym replied to christym's topic in Resolved Malware Removal Logs
Attached Fixlog.txt AdwCleanerS0.txt -
Trojan.Agent.U keeps coming back
christym replied to christym's topic in Resolved Malware Removal Logs
Thank you so much for the quick reply. I ran both scans and have attached the logs. FRST.txt Addition.txt mbar-log-2015-02-08 (14-08-09).txt system-log.txt -
MBAM keeps finding Trojan.Agent.U every time I restart and then open my browser. Any help is greatly appreciated. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by dogfish (administrator) on DOGFISH-LP on 08-02-2015 13:51:25 Running from C:\Users\dogfish\Desktop Loaded Profiles: dogfish (Available profiles: dogfish) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (VIS without Co) C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-26] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-10-21] (Dell Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cisEBA4.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-04] (Intel Corporation) HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1435672 2013-12-18] (Google Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] ( (Qualcomm®Atheros®)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-139359534-3230386112-1521331459-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-139359534-3230386112-1521331459-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-18\...\Run: [DustApps] => "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-139359534-3230386112-1521331459-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> {01F46CC9-CCB1-4777-99A6-DBD4502C4FBC} URL = SearchScopes: HKU\S-1-5-21-139359534-3230386112-1521331459-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0Dzy0B0D0F0FzyyE0EtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyD0ByC0A0DtGtCtDyB0CtGzz0CzzzztG0C0AtDtAtGtB0DyB0Czz0BtC0B0AzztCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0C0FyCtAyB0B0EtGtAyBtD0AtG0ByCyEtDtGyBzy0E0CtGyCtBtCyCyByDzy0CtByB0F0A2Q&cr=1624708148&ir= BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: DustApps -> {0622D1AC-7D62-42F9-8393-A66E32146E0C} -> C:\Windows\SysWow64\config\systemprofile\AppData\Local\DustApps\plugin.dll (MicroApps Ltd) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default FF DefaultSearchEngine: Google FF Homepage: https://espanol.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-139359534-3230386112-1521331459-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF user.js: detected! => C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default\user.js FF Extension: Adblock Plus - C:\Users\dogfish\AppData\Roaming\Mozilla\Firefox\Profiles\7xhrwwnz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-28] FF HKU\.DEFAULT\...\Firefox\Extensions: [{9110611c-1c53-4919-9c17-b89a76795094}] - C:\Program Files (x86)\Select-N-Go-soft\155.xpi ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows ® Win 7 DDK provider) R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [754712 2013-12-18] (Google Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-26] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS) R2 UpdateServiceTool; C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] () R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] S2 KDUpdater; "\\?\C:\Users\dogfish\AppData\Local\Temp\kdADA5.tmp" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-18] (Disc Soft Ltd) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-11] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) U4 CmdAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 13:43 - 2015-02-08 13:51 - 00020534 _____ () C:\Users\dogfish\Desktop\FRST.txt 2015-02-08 13:42 - 2015-02-08 13:51 - 00000000 ____D () C:\FRST 2015-02-08 13:41 - 2015-02-08 13:41 - 02132992 _____ (Farbar) C:\Users\dogfish\Desktop\FRST64.exe 2015-02-08 11:17 - 2015-02-08 11:17 - 00000000 ___RD () C:\Users\dogfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-02-07 12:08 - 2015-02-07 12:09 - 00286488 _____ () C:\Windows\Minidump\020715-26562-01.dmp 2015-02-07 10:47 - 2015-02-07 10:47 - 00000046 _____ () C:\Windows\wininit.ini 2015-02-07 10:33 - 2015-02-07 10:43 - 00006368 _____ () C:\Windows\system32\Drivers\sfi.dat 2015-02-07 10:33 - 2015-02-07 10:33 - 00000000 ____D () C:\ProgramData\Shared Space 2015-02-07 10:31 - 2015-02-07 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-02-07 10:31 - 2015-02-07 10:31 - 00000000 ____D () C:\Users\dogfish\AppData\Local\Comodo 2015-02-07 10:30 - 2015-02-07 10:33 - 00000000 ____D () C:\ProgramData\Comodo 2015-02-07 10:30 - 2015-02-07 10:30 - 00000000 ____D () C:\ProgramData\Comodo Downloader 2015-02-07 09:38 - 2015-02-07 09:41 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages 2015-02-07 09:38 - 2015-02-07 09:41 - 00000000 ____D () C:\Users\TEMP 2015-02-06 23:31 - 2015-02-06 23:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\dogfish\Desktop\tdsskiller.exe 2015-02-02 20:08 - 2015-02-02 20:08 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-02 20:08 - 2015-02-02 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-02 20:07 - 2015-02-02 20:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-02 20:07 - 2015-02-02 20:08 - 00000000 ____D () C:\Program Files\iTunes 2015-02-02 20:07 - 2015-02-02 20:07 - 00000000 ____D () C:\Program Files\iPod 2015-02-02 20:07 - 2015-02-02 20:07 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-26 13:47 - 2015-01-26 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 13:31 - 2015-01-26 13:31 - 00001039 _____ () C:\Users\dogfish\Desktop\ScummVM.lnk 2015-01-25 16:27 - 2015-01-27 00:50 - 00000000 ____D () C:\Program Files (x86)\ScummVM 2015-01-25 16:27 - 2015-01-25 16:27 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\ScummVM 2015-01-25 16:27 - 2015-01-25 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM 2015-01-25 16:23 - 2015-01-25 16:24 - 07238761 _____ (The ScummVM Team ) C:\Users\dogfish\Downloads\scummvm-1.7.0-win32.exe 2015-01-24 20:54 - 2015-01-27 00:46 - 00051917 _____ () C:\Users\dogfish\Downloads\fceux.cfg 2015-01-24 20:54 - 2015-01-25 00:46 - 00000000 ____D () C:\Users\dogfish\Downloads\sav 2015-01-24 20:54 - 2015-01-24 23:54 - 00000000 ____D () C:\Users\dogfish\Downloads\fcs 2015-01-24 20:54 - 2015-01-24 20:54 - 00000740 _____ () C:\Users\dogfish\Desktop\fceux.lnk 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\snaps 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\movies 2015-01-24 20:54 - 2015-01-24 20:54 - 00000000 ____D () C:\Users\dogfish\Downloads\cheats 2015-01-24 20:53 - 2015-01-24 20:53 - 03029593 _____ () C:\Users\dogfish\Downloads\fceux-2.2.2-win32.zip 2015-01-24 20:53 - 2013-09-24 02:06 - 01105408 _____ () C:\Users\dogfish\Downloads\fceux.exe 2015-01-24 20:53 - 2013-09-24 01:32 - 00352497 _____ () C:\Users\dogfish\Downloads\fceux.chm 2015-01-24 20:53 - 2013-09-23 23:29 - 00924947 _____ () C:\Users\dogfish\Downloads\taseditor.chm 2015-01-24 20:53 - 2013-08-18 02:21 - 00167936 _____ () C:\Users\dogfish\Downloads\lua5.1.dll 2015-01-24 20:53 - 2013-08-18 02:21 - 00011264 _____ () C:\Users\dogfish\Downloads\lua51.dll 2015-01-24 20:53 - 2013-08-18 02:21 - 00000000 ____D () C:\Users\dogfish\Downloads\luaScripts 2015-01-24 20:53 - 2013-08-18 02:20 - 00941568 _____ (Igor Pavlov) C:\Users\dogfish\Downloads\7z.dll 2015-01-24 20:53 - 2013-08-18 02:20 - 00001724 _____ () C:\Users\dogfish\Downloads\auxlib.lua 2015-01-24 20:53 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\dogfish\Downloads\tools 2015-01-24 20:53 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\dogfish\Downloads\palettes 2015-01-13 16:45 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 16:45 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 16:45 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-13 16:45 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-13 16:45 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-13 16:45 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-13 16:45 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-13 16:45 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 16:45 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-13 16:45 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-13 16:45 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-13 16:45 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-13 16:45 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-13 16:45 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-13 16:45 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-13 16:45 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-13 16:45 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-13 16:45 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-13 16:45 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-13 16:45 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-13 16:45 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-13 16:45 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-13 16:45 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 13:50 - 2014-01-24 02:40 - 01788954 _____ () C:\Windows\WindowsUpdate.log 2015-02-08 13:47 - 2014-03-22 09:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-08 13:43 - 2014-03-01 12:55 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\ClassicShell 2015-02-08 13:29 - 2014-03-27 15:29 - 00000318 _____ () C:\Windows\Tasks\FoxTab.job 2015-02-08 13:16 - 2014-02-28 17:39 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-08 13:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-08 12:14 - 2014-02-28 15:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-139359534-3230386112-1521331459-1001 2015-02-08 11:58 - 2014-06-21 18:49 - 00000000 ____D () C:\ProgramData\FLEXnet 2015-02-08 11:58 - 2014-06-21 18:47 - 00000000 ____D () C:\ProgramData\Rosetta Stone 2015-02-08 11:22 - 2014-05-28 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 11:20 - 2014-02-28 15:51 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C4F66BD3-B6AD-4E00-B619-6C32C0E170D2} 2015-02-08 11:17 - 2014-03-06 20:55 - 00000000 ____D () C:\Users\dogfish\AppData\Local\CrashDumps 2015-02-08 11:17 - 2014-02-28 17:39 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-08 11:17 - 2014-02-28 15:48 - 00000000 ___DO () C:\Users\dogfish\SkyDrive 2015-02-07 20:23 - 2014-01-24 02:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-02-07 20:16 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-07 20:15 - 2014-01-24 02:09 - 00242184 _____ () C:\Windows\PFRO.log 2015-02-07 20:15 - 2013-08-22 06:46 - 00026063 _____ () C:\Windows\setupact.log 2015-02-07 20:15 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-07 20:14 - 2014-02-28 15:45 - 00000000 ____D () C:\Users\dogfish 2015-02-07 12:08 - 2014-10-16 23:09 - 955397169 _____ () C:\Windows\MEMORY.DMP 2015-02-07 12:08 - 2014-10-16 23:09 - 00000000 ____D () C:\Windows\Minidump 2015-02-07 09:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-06 00:37 - 2014-03-01 17:39 - 00000000 ____D () C:\Users\dogfish\AppData\Roaming\CDisplayEx 2015-02-05 19:16 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-05 18:11 - 2014-02-28 17:39 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 18:11 - 2014-02-28 17:39 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-04 16:47 - 2014-03-22 09:06 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:25 - 2014-03-02 13:17 - 00000000 ____D () C:\Users\dogfish\Documents\My Misc. Goodies 2015-02-03 11:31 - 2014-12-10 17:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 11:31 - 2014-12-10 17:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 20:07 - 2014-02-28 17:20 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-28 00:10 - 2014-02-28 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 00:13 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-01-23 00:38 - 2014-10-31 21:30 - 00000000 ____D () C:\Users\dogfish\Documents\Story Ideas 2015-01-20 21:03 - 2014-03-02 22:33 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-20 19:58 - 2014-03-02 22:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-03-27 15:29 - 2014-07-18 14:32 - 0000110 _____ () C:\Users\dogfish\AppData\Roaming\WB.CFG 2014-01-24 02:13 - 2014-01-24 02:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-01-24 02:47 - 2014-01-24 02:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-01-24 02:43 - 2014-01-24 02:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-01-24 02:44 - 2014-01-24 02:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-01-24 02:45 - 2014-01-24 02:47 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-01-24 02:42 - 2014-01-24 02:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\dogfish\AppData\Local\Temp\7612uninstall.exe C:\Users\dogfish\AppData\Local\Temp\COMAP.EXE C:\Users\dogfish\AppData\Local\Temp\KDLdr2_new.exe C:\Users\dogfish\AppData\Local\Temp\ose00000.exe C:\Users\dogfish\AppData\Local\Temp\Sqlite3.dll C:\Users\dogfish\AppData\Local\Temp\tmpEAE0.exe C:\Users\dogfish\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-07 21:34 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by dogfish at 2015-02-08 13:52:16 Running from C:\Users\dogfish\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite) CDisplayEx 1.10.8 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) Corel Painter Essentials 3 (HKLM-x32\...\{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: 3.0 - Corel Corporation) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Google 日本語入力 (HKLM\...\{6A1E4EFB-3EE0-40A0-9D6D-E865370289DB}) (Version: 1.13.1641.0 - Google Inc.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) KeyPlayr (HKLM-x32\...\{A21A2C02-B537-4418-858C-1F79C309FD0C}) (Version: 1.00.0000 - KeyDownload) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team) MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.004 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-139359534-3230386112-1521331459-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) ==================== Restore Points ========================= Could not list restore points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B379E50-B5DC-41AE-9443-D521D8D1241C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.) Task: {25D09176-7F44-481E-A976-AEFE93CBC08D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {2E525AF7-D81C-47D1-9459-14741CCC0AF9} - \AmiUpdXp No Task File <==== ATTENTION Task: {3A255A26-6075-4ABA-B7C5-AF2C74A40796} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {3E03156B-90EF-46A3-9AFD-DA70D2A302E0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-21] (CyberLink Corp.) Task: {4697EE97-7C59-4FDE-93B8-F0CFBC55BC03} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] () Task: {537DFD8D-1692-4EC5-BBC9-FD8834DC1DF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.) Task: {6381C9E6-8617-4D9E-86BA-F3415D67CE9D} - System32\Tasks\FoxTab => C:\Users\dogfish\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {70F296EB-89B1-4DE4-BB3D-89188E351F91} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {7357C82C-41C6-4ADB-A551-00B1EDFD2CF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {76C69584-C8D1-495E-8018-7031015F9A4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {80F64EF0-E4E4-4FF5-860C-5B22CD1216DC} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink) Task: {87F374E0-7B7A-4F2C-9182-51D7084A2666} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] () Task: {B5CE0A18-8A98-4A9C-BE94-A900CD8F22F8} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {B8C35CA7-8F0B-48B1-90F3-6A18BA96FC04} - System32\Tasks\PocketCloudUpdater => C:\Program Task: {CAB25594-A76F-49ED-9E37-3E77A4BEFB65} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {D9294577-77BF-4599-ABE9-A5F0780025F2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-11] (Synaptics Incorporated) Task: {E8B9744C-277B-4CE3-A91C-5C60C5D255BC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FoxTab.job => C:\Users\dogfish\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2005-09-09 02:24 - 2005-09-09 02:24 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-08-22 11:40 - 2013-08-22 11:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe 2013-08-22 11:40 - 2013-08-22 11:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll 2013-08-22 11:40 - 2013-08-22 11:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll 2014-03-18 20:50 - 2013-12-04 08:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-24 02:54 - 2013-08-19 09:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2013-09-04 23:20 - 2013-09-04 23:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-04 23:24 - 2013-09-04 23:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2014-01-24 01:20 - 2013-09-30 07:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-08-21 23:19 - 2013-08-21 22:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd 2014-01-24 02:34 - 2013-09-04 07:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-01-24 02:43 - 2013-03-04 19:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-01-26 13:47 - 2015-01-26 13:47 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\dogfish\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-139359534-3230386112-1521331459-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dogfish\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader" ==================== Accounts: ============================= Administrator (S-1-5-21-139359534-3230386112-1521331459-500 - Administrator - Disabled) dogfish (S-1-5-21-139359534-3230386112-1521331459-1001 - Administrator - Enabled) => C:\Users\dogfish Guest (S-1-5-21-139359534-3230386112-1521331459-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-139359534-3230386112-1521331459-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 11:17:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Faulting module name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Exception code: 0xc0000005 Fault offset: 0x00000000000696a5 Faulting process id: 0x2b4 Faulting application start time: 0xquickset.exe0 Faulting application path: quickset.exe1 Faulting module path: quickset.exe2 Report Id: quickset.exe3 Faulting package full name: quickset.exe4 Faulting package-relative application ID: quickset.exe5 Error: (02/07/2015 08:38:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DmiInfo.exe, version: 1.0.0.0, time stamp: 0x5273bfb9 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x1120 Faulting application start time: 0xDmiInfo.exe0 Faulting application path: DmiInfo.exe1 Faulting module path: DmiInfo.exe2 Report Id: DmiInfo.exe3 Faulting package full name: DmiInfo.exe4 Faulting package-relative application ID: DmiInfo.exe5 Error: (02/07/2015 08:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DmiInfo.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean) at System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions) at System.Management.ManagementClass.GetInstances() at DmiInfo.Program.GetSystemModel() at DmiInfo.Program.Main(System.String[]) Error: (02/07/2015 08:24:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TOASTER.EXE, version: 1.0.1.172, time stamp: 0x527be563 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x7fc Faulting application start time: 0xTOASTER.EXE0 Faulting application path: TOASTER.EXE1 Faulting module path: TOASTER.EXE2 Report Id: TOASTER.EXE3 Faulting package full name: TOASTER.EXE4 Faulting package-relative application ID: TOASTER.EXE5 Error: (02/07/2015 08:24:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TOASTER.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Toaster.App.Main() Error: (02/07/2015 08:24:06 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. Not found at System.Management.ThreadDispatch.Start() at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at Toaster.Services.PowerManagementService.Start() at Toaster.MainWindowViewModel..ctor() at Toaster.App.OnStartup(StartupEventArgs e) at System.Windows.Application.<.ctor>b__1(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (02/07/2015 08:23:55 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error: (02/07/2015 08:23:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 28) (User: NT AUTHORITY) Description: Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80041002. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory. Error: (02/07/2015 08:18:48 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error: (02/07/2015 08:17:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Faulting module name: quickset.exe, version: 10.16.4.3, time stamp: 0x5264dbf6 Exception code: 0xc0000005 Fault offset: 0x00000000000696a5 Faulting process id: 0x8d4 Faulting application start time: 0xquickset.exe0 Faulting application path: quickset.exe1 Faulting module path: quickset.exe2 Report Id: quickset.exe3 Faulting package full name: quickset.exe4 Faulting package-relative application ID: quickset.exe5 System errors: ============= Error: (02/08/2015 01:50:34 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:50:28 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:50:24 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:49 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:20 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/08/2015 01:48:07 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:36:23 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:36:21 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/07/2015 08:16:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The KDUpdater service failed to start due to the following error: %%2 Error: (02/07/2015 07:49:02 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Microsoft Office Sessions: ========================= Error: (02/08/2015 11:17:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: quickset.exe10.16.4.35264dbf6quickset.exe10.16.4.35264dbf6c000000500000000000696a52b401d043d3daf0ed32C:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\QuickSet\quickset.exe1a0a4d6f-afc7-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:38:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DmiInfo.exe1.0.0.05273bfb9KERNELBASE.dll6.3.9600.1727853eeb460e043435200012f71112001d043591c20e6b6C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DmiInfo.exeC:\Windows\SYSTEM32\KERNELBASE.dll59ed922b-af4c-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:38:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DmiInfo.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean) at System.Management.ManagementClass.GetInstances(System.Management.EnumerationOptions) at System.Management.ManagementClass.GetInstances() at DmiInfo.Program.GetSystemModel() at DmiInfo.Program.Main(System.String[]) Error: (02/07/2015 08:24:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TOASTER.EXE1.0.1.172527be563KERNELBASE.dll6.3.9600.1727853eeb460e043435200012f717fc01d0435701052a9dC:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEC:\Windows\SYSTEM32\KERNELBASE.dll51d2d679-af4a-11e4-82a5-645a04ca7b10 Error: (02/07/2015 08:24:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: TOASTER.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Management.ManagementException Stack: at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.Run() at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Toaster.App.Main() Error: (02/07/2015 08:24:06 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. Not found at System.Management.ThreadDispatch.Start() at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at Toaster.Services.PowerManagementService.Start() at Toaster.MainWindowViewModel..ctor() at Toaster.App.OnStartup(StartupEventArgs e) at System.Windows.Application.<.ctor>b__1(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler) Error: (02/07/2015 08:23:55 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: Error: (02/07/2015 08:23:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 28) (User: NT AUTHORITY) Description: 0x80041002 Error: (02/07/2015 08:18:48 PM) (Source: SecurityCenter) (EventID: 3) (User: ) Description: Error: (02/07/2015 08:17:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: quickset.exe10.16.4.35264dbf6quickset.exe10.16.4.35264dbf6c000000500000000000696a58d401d0435619eaa764C:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Dell\QuickSet\quickset.exe5925f710-af49-11e4-82a5-645a04ca7b10 CodeIntegrity Errors: =================================== Date: 2015-02-07 21:39:06.163 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:02.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:02.044 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.403 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:01.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:55:00.856 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:53.865 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:53.568 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 19:54:52.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Pentium® CPU 2127U @ 1.90GHz Percentage of memory in use: 52% Total physical RAM: 3977.27 MB Available physical RAM: 1884.71 MB Total Pagefile: 12169.27 MB Available Pagefile: 1848.16 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.75 GB) (Free:361.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 67923C5C) Partition: GPT Partition Type. ==================== End Of Log ============================