Dang it the dell computer is shutting down every 15 minutes because of the above malware wear i am using advanced power power settings and all is set to never shut
down so what now ?
- - - - - - - - - - - - - -
Ok hope this helps maybe get me a fix - it log to use ; nothing found using A D W - so awaiting help its so needed - -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Pestyone (administrator) on LOSTSOUL (06-02-2016 18:16:37)
Running from C:\Users\Pestyone\Desktop
Loaded Profiles: Pestyone & Administrator (Available Profiles: Pestyone & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [64512 2015-08-24] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [283648 2015-09-13] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C2].txt [733 2016-02-06] ()
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2501368 2015-01-27] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-06-27] (IvoSoft)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-03-11] (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-06-27] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
Tcpip\..\Interfaces\{30ED7B6C-DD1A-4529-BC73-BF10F70C4313}: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{8F1F049A-A9E3-4A2C-9BB8-59F001EE17A4}: [DhcpNameServer] 10.240.205.161
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {25F4A535-FB3B-4FDD-B54F-51BAA6EEDCCB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL =
SearchScopes: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> {F69915E7-A958-4034-8B85-CCBAF32BCDFC} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-3116091646-4023644724-1358722376-500 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF ProfilePath: C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3116091646-4023644724-1358722376-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Pestyone\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-30] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Users\Pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\1527jakz.default\Extensions\
[email protected] [2015-09-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\
[email protected] FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\
[email protected] [2015-05-17] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pestyone\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-02-06] (Emsisoft Ltd)
S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-08-24] (Ellora Assets Corp.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-09-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-20] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2015-08-24] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-07-24] (Digiarty Software, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2016-02-06] (Emsisoft GmbH)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-21] (REALiX™)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2015-06-29] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2015-06-29] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-05] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-26] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-09] (BitDefender S.R.L.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [11304 2015-04-14] (wisecleaner.com) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 CtClsFlt; \SystemRoot\system32\DRIVERS\CtClsFlt.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 18:16 - 2016-02-06 18:17 - 00019092 _____ C:\Users\Pestyone\Desktop\FRST.txt
2016-02-06 18:13 - 2016-02-06 18:13 - 01508352 _____ C:\Users\Pestyone\Desktop\AdwCleaner.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-06 18:16 - 2015-09-13 10:55 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-02-06 18:16 - 2015-06-22 07:37 - 00000000 ____D C:\Users\Pestyone\Desktop\FRST-OlderVersion
2016-02-06 18:16 - 2015-06-06 04:06 - 00000000 ____D C:\AdwCleaner
2016-02-06 18:16 - 2015-04-24 13:31 - 00000000 ____D C:\FRST
2016-02-06 18:16 - 2015-04-24 11:34 - 02370560 _____ (Farbar) C:\Users\Pestyone\Desktop\FRST64.exe
2016-02-06 18:14 - 2015-08-03 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-06 18:14 - 2015-04-20 09:43 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3116091646-4023644724-1358722376-1001
2016-02-06 18:14 - 2014-03-18 04:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-06 18:14 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-06 18:13 - 2015-09-11 18:12 - 00000000 ____D C:\Users\Pestyone\AppData\Roaming\SlimBrowser
2016-02-06 18:12 - 2014-09-16 07:44 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-02-06 18:11 - 2015-02-25 15:20 - 00000000 ____D C:\ProgramData\Ultra Adware Killer
2016-02-06 18:10 - 2015-08-24 13:23 - 00002880 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Pestyone)
2016-02-06 18:10 - 2015-08-20 00:39 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-06 18:10 - 2015-07-17 13:19 - 00000000 ____D C:\Users\Pestyone\AppData\Local\ClassicShell
2016-02-06 18:08 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-06 18:07 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-06 18:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-06 17:59 - 2014-11-28 14:28 - 00000000 ____D C:\Users\Pestyone\AppData\Local\Packages
2016-02-06 17:59 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-06 17:45 - 2015-04-21 00:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-06 17:42 - 2015-08-20 00:39 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 17:38 - 2014-09-16 07:47 - 00000000 ____D C:\Program Files (x86)\Dell
2016-02-06 17:37 - 2015-08-20 00:39 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-06 17:37 - 2015-08-20 00:39 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-06 17:34 - 2015-08-24 13:23 - 00002166 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2016-02-06 17:30 - 2015-08-24 13:23 - 00000000 ____D C:\ProgramData\ProductData
==================== Files in the root of some directories =======
2015-04-16 11:48 - 2015-08-03 05:03 - 0000629 _____ () C:\Users\Pestyone\AppData\Roaming\burnaware.ini
2015-06-25 04:06 - 2015-06-25 04:06 - 0068890 _____ () C:\Users\Pestyone\AppData\Roaming\ClassicFTP.dmp
2015-03-16 06:38 - 2015-06-22 03:42 - 0099384 _____ () C:\Users\Pestyone\AppData\Roaming\inst.exe
2015-03-16 06:38 - 2015-06-22 03:42 - 0007859 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.cat
2015-03-16 06:38 - 2015-06-22 03:42 - 0001167 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.inf
2015-04-17 14:07 - 2015-06-22 03:42 - 0000055 _____ () C:\Users\Pestyone\AppData\Roaming\pcouffin.log
2015-03-16 06:38 - 2015-06-22 03:42 - 0082816 _____ (VSO Software) C:\Users\Pestyone\AppData\Roaming\pcouffin.sys
2015-04-14 00:01 - 2015-04-14 01:15 - 0558080 _____ () C:\Users\Pestyone\AppData\Roaming\SharedSettings.ccs
2015-03-16 06:39 - 2015-09-11 22:36 - 0001059 _____ () C:\Users\Pestyone\AppData\Roaming\vso_ts_preview.xml
2015-04-13 17:39 - 2015-04-13 18:05 - 0000600 _____ () C:\Users\Pestyone\AppData\Roaming\winscp.rnd
2015-07-23 19:26 - 2015-07-23 19:28 - 0004608 _____ () C:\Users\Pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-28 08:52 - 2015-05-02 01:44 - 0000046 _____ () C:\Users\Pestyone\AppData\Local\DonationCoder_findrunrobot_InstallInfo.dat
2015-09-13 08:44 - 2015-09-13 08:44 - 0613255 _____ (CMI Limited) C:\Users\Pestyone\AppData\Local\nsy2C3D.tmp
2015-03-08 13:50 - 2015-03-08 13:50 - 0000414 _____ () C:\Users\Pestyone\AppData\Local\Temp-log.txt
2015-03-08 13:50 - 2015-03-08 13:50 - 0000000 _____ () C:\Users\Pestyone\AppData\Local\Temp.dat
2014-09-16 07:10 - 2014-09-16 07:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-23 19:19 - 2015-07-23 19:19 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt
2015-03-05 03:34 - 2015-03-05 03:34 - 0000032 _____ () C:\ProgramData\Temp.log
2015-07-23 19:19 - 2015-07-23 19:19 - 1593561 ____N ( ) C:\ProgramData\TR.exe
2014-09-16 07:32 - 2014-09-16 07:32 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-16 07:28 - 2014-09-16 07:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-16 07:29 - 2014-09-16 07:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-16 07:30 - 2014-09-16 07:32 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-16 07:27 - 2014-09-16 07:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Files to move or delete:
====================
C:\ProgramData\TR.exe
Some files in TEMP:
====================
C:\Users\Pestyone\AppData\Local\Temp\ads1F47.exe
C:\Users\Pestyone\AppData\Local\Temp\avgnt.exe
C:\Users\Pestyone\AppData\Local\Temp\beecbefhca.exe
C:\Users\Pestyone\AppData\Local\Temp\Uninstall.exe
C:\Users\Pestyone\AppData\Local\Temp\UninstallModule.exe
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\mfc45.dll
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-06 05:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Pestyone (2016-02-06 18:17:45)
Running from C:\Users\Pestyone\Desktop
Windows 8.1 (X64) (2015-02-22 02:24:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3116091646-4023644724-1358722376-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3116091646-4023644724-1358722376-501 - Limited - Disabled)
Pestyone (S-1-5-21-3116091646-4023644724-1358722376-1001 - Administrator - Enabled) => C:\Users\Pestyone
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 12 ActiveX & Plugin 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.0.150 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2015 v.1.15.3 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Bandizip (HKLM\...\Bandizip) (Version: 5.06 - Bandisoft.com)
calibre (HKLM-x32\...\{7C1B7566-C44C-4436-B08D-636337C7C665}) (Version: 2.19.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
ConvertXtoDVD 4.1.10.348 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.10.348 - )
Crap Cleaner (HKLM-x32\...\Crap Cleaner_is1) (Version: 2.0 - Evonsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Detect (HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
EasyDuplicateFinder v4.8 (HKLM\...\Easy Duplicate Finder 4_is1) (Version: - WebMinds, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
FileSearchy (HKLM-x32\...\FileSearchy) (Version: 1.4 - Midlinesoft)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.124 - FlashPeak Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3945 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LibreOffice 4.2.5.2 (HKLM-x32\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.2 - Panda Security)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SmartFTP Client (HKLM\...\{D67A4A07-FF25-4570-8E56-14B596BF6071}) (Version: 6.0.2136.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TeamViewer 8 (HKLM-x32\...\TeamViewer
(Version: 8.0.17292 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSO Media Player 1.4.12.503 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.12.503 - VSO Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E7886E-3CF6-4B6F-BC35-210C2D7FC61F} - System32\Tasks\{6B955214-4325-4252-ADCA-90CDA5DD1B2B} => pcalua.exe -a F:\autorun\installer.exe
Task: {138011FA-7813-4F19-A1C4-6CA49D7E2EF5} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
Task: {1C3D1F66-5C08-455E-A8E7-834907A2C7AE} - \PocketCloud -> No File <==== ATTENTION
Task: {2A09FA8F-5916-4F85-AE65-9362BF60FEB2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {311BCA98-355D-452B-8456-4867CC7E0419} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {474B2C2E-8E31-464F-8E31-97575EC9B1E2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-07] (Realtek Semiconductor)
Task: {4A87B82D-9A3C-4A11-A5DC-7F756F4C4559} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {4C200A31-F510-44D1-BC08-FF9C03335AA0} - System32\Tasks\{8FA83659-6752-4F85-B29D-A9F43A11AB55} => pcalua.exe -a "C:\Program Files (x86)\epson\escndv\setup\setup.exe" -c /r
Task: {52EC1006-C2C2-485C-AB31-F31100546F0C} - System32\Tasks\Driver Booster SkipUAC (Pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {57B6690B-1CA5-46E0-8360-2403DE0E6352} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {5AC61936-26F1-4454-89B2-556A4829114D} - System32\Tasks\FileSearchy_SkipUAC => C:\Program Files (x86)\FileSearchy\FileSearchy.exe [2015-05-14] ()
Task: {5BC891EE-13A1-4062-8EC7-58BC788C1AEB} - System32\Tasks\{7C1582DD-876F-4BB2-ABFF-C478DA16A747} => pcalua.exe -a "C:\Program Files (x86)\Polarity\Uninstall.exe"
Task: {6E7CDC42-235B-43E9-BA58-FAA0EC2E72E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
Task: {78E27F11-458D-414E-9898-9E5A03209F10} - \PocketCloudVirtualChannel -> No File <==== ATTENTION
Task: {7EE03077-5BF5-49A8-BBCE-2D3CB308FA6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {80CF96AF-1D6A-45B1-90F4-C23F68DDAF41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Users\Pestyone\AppData\Local\Temp\BNZ.55b50473d252fcb\Wise Registry Cleaner\WiseRegCleaner.exe <==== ATTENTION
Task: {86FD647A-90DF-4726-BF4F-3495845EE8F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AFAAAD36-9CC0-4E36-9DD3-057609E5418C} - \{C435504B-6E4E-4435-9713-449BE5CF008C} -> No File <==== ATTENTION
Task: {BA02C09E-B774-42A9-8121-64C5E2A02324} - \PocketCloudUpdater -> No File <==== ATTENTION
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BE86D0C0-39A6-4916-8BF3-B555880D7B60} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {C3B38D13-B8C0-4A74-B541-152DD7B2B743} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {C4CDF127-75BC-4E8F-86C8-CD4B2A14DC88} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {DD446C02-BCE4-4A79-9F1D-BA5BA667EFCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.)
Task: {EA43288E-586C-439F-A0A4-7F08F664A8B6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)
Task: {EDC055E7-9D40-45D5-B474-1EE9DC3BEC5C} - System32\Tasks\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE => C:\Users\Pestyone\AppData\Local\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE\D59B9D36-C4CA-4860-9981-78DF8DA9E2FE.exe <==== ATTENTION
Task: {F6CCB01F-C216-49C0-9A48-45C6B6FCBF56} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {FD38E186-21BC-4B98-B124-E191DBDFE3E4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-16 07:46 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-16 07:46 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-16 07:32 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\errorhelp.info -> hxxp://www.errorhelp.info
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\securitytech.help -> hxxp://notice.securitytech.help
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\show-tips.com -> hxxp://show-tips.com
IE trusted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\errorhelp.info -> hxxp://www.errorhelp.info
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\securitytech.help -> hxxp://notice.securitytech.help
IE restricted site: HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\show-tips.com -> hxxp://show-tips.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-04-12 15:54 - 2015-06-17 11:06 - 00000732 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.240.205.161
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-3116091646-4023644724-1358722376-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "ALLUpdate"
HKU\S-1-5-21-3116091646-4023644724-1358722376-500\...\StartupApproved\Run: => "DellSystemDetect"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CF28D58A-D9B9-486A-A906-528CB67635A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{97054E85-4EA3-4CB3-9650-37A810E71A04}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{04A24F6C-3028-4F3A-A42C-BFB1B7A78E70}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F799EA34-626C-47E0-AEF9-7F6FD3E23727}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6AD8E1D9-E99D-4DCE-BE30-246F7CBF44A8}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [TCP Query User{F253BEBB-4295-45FC-A97D-B0CC5D87EF17}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7E5E9CD3-1138-4603-8C56-921C85C48933}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{2F671EE5-795F-419C-AF2A-39522348CE30}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{A8C0D860-660E-4860-89B9-EC512F1F538B}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{148A250A-840F-4C9C-B466-0803703EBFC0}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{56A63C1E-9B14-4744-93A2-2FA59A66DC86}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{84C87AA0-187C-4EFE-8C03-3D625ACC2A0E}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{F106C25F-C6EB-458B-9FD2-A39418226AAA}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{F2F41182-36B8-4037-A00E-B5268B94CBAF}] => (Block) Freemake video converter
FirewallRules: [{C9F08616-8FC3-4D8A-8659-4E7A03915C34}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{8E43C94F-7E1D-42F9-B56D-EB2900EE9A7F}] => (Allow) C:\Users\Pestyone\AppData\Local\Temp\nsjE7B5.tmp\Installer-75031047.exe
FirewallRules: [{55DD8484-8ABC-427D-900C-75117611709C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C42AEF59-F283-4536-B204-29C377A3D77F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D41ADFCB-FE73-4205-8307-C457B0B7AFC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{725652C2-C63B-41E4-9F19-08814485C824}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6B4D9167-15A6-4D2F-A317-A4F5ED5D86C2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{FEFD9FA4-B8FD-4A83-BC72-7500BDBDA4FB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{75C690C0-EC6D-4E2C-919C-07C770F94D57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{FC03E6F4-D463-4E61-8A6E-4F9EA0FBB4D2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2016 05:29:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (10/16/2015 11:42:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Faulting module name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Exception code: 0xc0000005
Fault offset: 0x0000000000024c65
Faulting process id: 0xae4
Faulting application start time: 0xSSUPDATE64.EXE0
Faulting application path: SSUPDATE64.EXE1
Faulting module path: SSUPDATE64.EXE2
Report Id: SSUPDATE64.EXE3
Faulting package full name: SSUPDATE64.EXE4
Faulting package-relative application ID: SSUPDATE64.EXE5
Error: (10/16/2015 11:38:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/16/2015 11:37:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
System errors:
=============
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Wyse PocketCloud service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Wyse RemoteAccess service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/06/2016 06:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2015-09-13 05:46:58.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:40:33.419
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:40:12.134
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:40:05.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:39:59.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:39:58.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:38:01.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:37:43.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:37:21.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-13 05:37:13.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 33%
Total physical RAM: 4000.17 MB
Available physical RAM: 2674.29 MB
Total Virtual: 4576.17 MB
Available Virtual: 2754.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.04 GB) (Free:357.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6BC648E8)
Partition: GPT.
==================== End of Addition.txt ============================