Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by CHIQUITA (04-02-2018 18:19:59) Running from C:\Users\CHIQUITA\AppData\Local\Microsoft\Windows\INetCache\IE\JFFZPN6H Windows 8.1 (Update) (X64) (2018-01-25 02:20:38) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-344180634-2788314874-1676771043-500 - Administrator - Disabled) CHIQUITA (S-1-5-21-344180634-2788314874-1676771043-1001 - Administrator - Enabled) => C:\Users\CHIQUITA Chiquita_2 (S-1-5-21-344180634-2788314874-1676771043-1004 - Limited - Enabled) => C:\Users\Chiquita_2 Guest (S-1-5-21-344180634-2788314874-1676771043-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-344180634-2788314874-1676771043-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <==== ATTENTION 5KPlayer (HKLM-x32\...\5KPlayer) (Version: 4.8 - DearMob, Inc.) Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon) <==== ATTENTION Bejeweled 3 (HKLM-x32\...\WTA-bbd1d566-28da-4606-87c7-b35430e928d1) (Version: 2.2.0.97 - WildTangent) Hidden Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation) Cut the Rope (HKLM-x32\...\WTA-c9234863-ddeb-44a9-a39c-fd8ddf9730a0) (Version: 3.0.2.38 - WildTangent) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.) Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc) DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.5700 - DTS, Inc.) FastDataX 1.20 (HKLM-x32\...\FastDataX_is1) (Version: 1.20 - ) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) JunkSweeper (HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\JunkSweeper) (Version: v1.1 - JunkSweeper) King Oddball (HKLM-x32\...\WTA-bb1c896f-c949-43fd-97d1-d41d66d3769c) (Version: 3.0.2.48 - WildTangent) Hidden Luxor Evolved (HKLM-x32\...\WTA-d7a9b51f-407f-483c-af65-91af71606321) (Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-8e0eaecd-5925-4e58-9f3f-87e06e2a324c) (Version: 2.2.0.98 - WildTangent) Hidden ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== ATTENTION Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.) SearchAwesome (HKLM\...\0e58906936a1b7540381a892a8428cf6) (Version: 13.14.1.155 (i1.0) - SearchAwesome) <==== ATTENTION Secure My Files (HKLM-x32\...\{045F9E21-7283-40EB-97B4-9C65A8EC3194}) (Version: 3.2.0 - SecuSimple) Slotomania (HKLM-x32\...\Slotomania) (Version: "1.1.1" - "Slotomania") Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated) TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.22 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation) TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) Uninstall UUKeys Windows Password Mate (HKLM-x32\...\{0D275C7A-0854-4EC3-B2C9-D8ED980732B1}_is1) (Version: 1.5 - UUKeys Studio) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden VidsqaurE (HKLM-x32\...\{A97606DF-0FE1-4390-B0DD-ADA8B303AE61}_is1) (Version: 1.4 - ) <==== ATTENTION WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.439 - Company Inc.) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-23] (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03F61156-AAA0-462E-BC2B-CF48A1689ED9} - System32\Tasks\k81792283 => C:\Program Files (x86)\ewen\ewen.exe [2018-02-04] (kitchenware) Task: {0636FE85-F236-4A13-B356-564F11A32C3D} - System32\Tasks\7285968 => C:\Program Files (x86)\Quacks\cowl.exe [2018-01-29] () <==== ATTENTION Task: {07610A66-237E-4913-825B-4C5BF9262026} - System32\Tasks\ts76439423764394237643942376439423 => C:\Program Files (x86)\duking\modifier.exe [2018-02-04] () Task: {099C8125-8E14-4D48-A0BA-76D5EB0D755E} - System32\Tasks\{3B74BAD7-D8B4-7942-D1AE-7B90EC6CE651} => C:\Users\CHIQUITA\AppData\Roaming\Fahure\TUFEGA~1.EXE [2013-04-29] () Task: {0C106D58-FE1E-4728-B2B3-5B9DCE6DB693} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION Task: {0EE03C25-3BDA-4B1E-B4FA-42AF99101BA6} - System32\Tasks\4504421545044215 => C:\Users\CHIQUITA\AppData\Local\slovaks.exe [2018-01-30] () <==== ATTENTION Task: {0F4FC3F5-C559-488F-867D-F74A8E37D821} - System32\Tasks\5687540856875408 => C:\Users\CHIQUITA\AppData\Local\modifier.exe [2018-02-04] () <==== ATTENTION Task: {2233B7ED-3A76-4884-86F1-0B57893D2219} - System32\Tasks\CqzrSgQNenJpPy => rundll32 "C:\Program Files (x86)\CRzlyHUwXjzU2\RnRAVBlRDxYvU.dll",#1 Task: {22FD8052-B685-4441-B1B9-4223AA822D8C} - System32\Tasks\56875408 => C:\Users\CHIQUITA\AppData\Local\flamers.exe [2018-02-04] () <==== ATTENTION Task: {2A40E4E3-37E5-4A38-B8B9-B49B990C1151} - System32\Tasks\ts56875408568754085687540856875408 => C:\Users\CHIQUITA\AppData\Local\modifier.exe [2018-02-04] () Task: {2D984E9A-2C18-4140-A747-CA46953A53E6} - System32\Tasks\tsk81792283k81792283 => C:\Program Files (x86)\ewen\ewen.exe [2018-02-04] (kitchenware) Task: {301E966A-C128-4396-8E81-0DAED0343897} - System32\Tasks\6067731060677310 => C:\Program Files (x86)\pickerel\slovaks.exe [2018-01-30] () <==== ATTENTION Task: {3269A1C4-432B-4B9F-8CC0-98E7BD54224D} - System32\Tasks\ga8613221686132216 => C:\Users\CHIQUITA\AppData\Local\cowl.exe [2018-01-29] () Task: {386B2925-ADCC-45BE-A382-CC1FDA87C22A} - System32\Tasks\{742E5F83-53FC-4C7F-8C09-1A4DED3E2342} => C:\Users\CHIQUITA\AppData\Roaming\Microsoft\Hoyebao\hoyeba.exe [2018-01-29] () Task: {3985BA45-9112-453D-AD6F-C1DE827B6DE8} - System32\Tasks\{BE26245C-156F-419F-AF4D-41206129F1AC} => cmd.exe /C "start /MIN C:\WINDOWS\system32\cscript.exe //E:javascript "C:\Users\CHIQUITA\AppData\Local\Microsoft\hoyeba.wpl"" Task: {3A59ACD5-E2BC-439D-BC3F-D3EFB2F89CC3} - System32\Tasks\System Healer Delayed => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: {3D2E585B-9353-4114-89CB-6255055FD1FB} - System32\Tasks\k14950164 => C:\Program Files (x86)\shielding\shielding.exe [2018-01-30] (wristwatch) Task: {3E008796-BC35-4DEC-8D2C-95F134FF9718} - System32\Tasks\ts45044215450442154504421545044215 => C:\Users\CHIQUITA\AppData\Local\slovaks.exe [2018-01-30] () Task: {3F9A2B12-E0F7-4EFB-AAAB-4E37ECDD9067} - System32\Tasks\45044215 => C:\Users\CHIQUITA\AppData\Local\boatwright.exe [2018-01-30] () <==== ATTENTION Task: {4026CA38-63F6-4FCC-A698-4EA84E95157E} - System32\Tasks\ga11024734110247341102473411024734 => C:\Program Files (x86)\surnames\dominator.exe [2018-01-29] () Task: {412592BD-2C01-4EC4-83F2-ABE377894821} - System32\Tasks\8179228381792283 => C:\Program Files (x86)\Acetyl\modifier.exe [2018-02-04] () <==== ATTENTION Task: {4443CE31-2AA2-4CBC-8656-FDF9B6E3D8FB} - System32\Tasks\ts1495016414950164 => C:\Program Files (x86)\Joe\boatwright.exe [2018-01-30] () Task: {465F0857-F07F-4377-92D7-EC5774DCB906} - System32\Tasks\TIxlCoAp0uLa => tixlcoap0ula.exe Task: {4CD3AC77-C03C-465F-B51B-B5699CBEA223} - System32\Tasks\ts81792283817922838179228381792283 => C:\Program Files (x86)\Acetyl\modifier.exe [2018-02-04] () Task: {4F6E85A2-A272-443B-94C5-A5675ABFB0F6} - System32\Tasks\ppUtanwSUMCtAeVdjDJ2 => rundll32 "C:\Program Files (x86)\abmzSTWtfatSC\vAuNEiP.dll",#1 Task: {5084C421-8B34-4547-9BCA-2EA19482F8E3} - System32\Tasks\ts4504421545044215 => C:\Users\CHIQUITA\AppData\Local\boatwright.exe [2018-01-30] () Task: {51EC2ED9-B75F-4041-B1F1-47B81AA63CB5} - System32\Tasks\ga86132216861322168613221686132216 => C:\Users\CHIQUITA\AppData\Local\dominator.exe [2018-01-29] () Task: {52852C42-47D2-4810-BA26-B1744C029BE5} - System32\Tasks\0e58906936a1b7540381a892a8428cf6 => sc start 0e58906936a1b7540381a892a8428cf6 <==== ATTENTION Task: {56FDCA12-3948-4E27-9986-F223CB4E2A9A} - System32\Tasks\ts6067731060677310 => C:\Program Files (x86)\Lieve\boatwright.exe [2018-01-30] () Task: {5A4EAD33-F84E-40A4-B709-6D105676BB44} - System32\Tasks\k7285968 => C:\Program Files (x86)\sojourner\sojourner.exe [2018-01-29] (ras) Task: {62F2FAB0-1328-43D0-8D53-C56CB2565598} - System32\Tasks\ga1102473411024734 => C:\Program Files (x86)\Dde\cowl.exe [2018-01-29] () Task: {658FAF31-887F-4C3A-96C9-1A2AC08AE43F} - System32\Tasks\14950164 => C:\Program Files (x86)\Joe\boatwright.exe [2018-01-30] () <==== ATTENTION Task: {6622D1A4-CC63-4B51-B84E-0B8B9355A597} - System32\Tasks\pmehjwpjictfjip => C:\Users\CHIQUITA\AppData\Roaming\Microsoft\Hoyebao\pmehjwpjictfjip.bat [2018-01-29] () <==== ATTENTION Task: {6A9E5C5B-1D8F-45CE-ACD8-A8DE000F1165} - System32\Tasks\gak7285968k7285968 => C:\Program Files (x86)\sojourner\sojourner.exe [2018-01-29] (ras) Task: {70CEBBAC-A80F-472C-A917-85A7B4315815} - System32\Tasks\Event Viewer Tasks\Microsoft-Windows-DeviceSetupManager_Admin_Microsoft-Windows-DeviceSetupManager_201 => C:\Windows\System32\WinMetadata\Windows.Web.winmd [2013-08-21] () Task: {715B93BD-5D03-4482-9800-4C4A720FD2C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-24] (Google Inc.) Task: {7B14DC69-5ABA-40D2-9F42-DBDD325C78C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-24] (Google Inc.) Task: {84660152-D37E-4237-A086-BEB45CA39BC5} - System32\Tasks\ts8179228381792283 => C:\Program Files (x86)\Acetyl\flamers.exe [2018-02-04] () Task: {85014C71-CBF4-47AA-AF0C-EAA82CDD1E48} - System32\Tasks\60677310 => C:\Program Files (x86)\Lieve\boatwright.exe [2018-01-30] () <==== ATTENTION Task: {86C297D7-028F-47D5-86A7-CB2E72BF2E18} - System32\Tasks\11024734 => C:\Program Files (x86)\Dde\cowl.exe [2018-01-29] () <==== ATTENTION Task: {90B47D3B-6FC5-44DE-9B53-A8584F0BB5F1} - System32\Tasks\VSlPZtlhxGEHcXl2 => rundll32 "C:\Program Files (x86)\rPUXzMQWU\nABRxv.dll",#1 Task: {95F9D66B-054F-45FD-808B-EB441F006436} - System32\Tasks\7643942376439423 => C:\Program Files (x86)\duking\modifier.exe [2018-02-04] () <==== ATTENTION Task: {9930A3F7-53F6-4F01-AE5E-8D256316220E} - System32\Tasks\BitX => C:\Program Files (x86)\BitX\BitXSplash.exe Task: {9A9E86BB-B2F1-41B2-9B2E-DE74AEA7DBA5} - System32\Tasks\ts7643942376439423 => C:\Program Files (x86)\Niceness\flamers.exe [2018-02-04] () Task: {A0F09DCF-569D-4EB8-A874-E2447F3B97E7} - System32\Tasks\VHDezYAiMmhSpjSVJ2 => rundll32 "C:\Program Files (x86)\jtPeraHZWlxuYtVRBkR\FSAVSmm.dll",#1 Task: {A3C2450F-0466-4196-A99E-72136EA567AB} - System32\Tasks\LaCieS => C:\Disk\WebService.exe [2017-09-18] (TODO: ) Task: {A5CB337D-5ED8-4BBF-8256-ECA396F9E242} - System32\Tasks\1495016414950164 => C:\Program Files (x86)\Joe\slovaks.exe [2018-01-30] () <==== ATTENTION Task: {B3619031-9F5F-4ACB-A78F-26BE1ED428C9} - System32\Tasks\1102473411024734 => C:\Program Files (x86)\surnames\dominator.exe [2018-01-29] () <==== ATTENTION Task: {B4FA7B4A-EAFE-4479-80CC-6D64A033ED4E} - System32\Tasks\72859687285968 => C:\Program Files (x86)\Quacks\dominator.exe [2018-01-29] () <==== ATTENTION Task: {B78AF911-D2EF-40A5-87BB-4182C606A590} - System32\Tasks\ts14950164149501641495016414950164 => C:\Program Files (x86)\Joe\slovaks.exe [2018-01-30] () Task: {BCA2A7F3-F61C-4838-BF66-9E85D371457E} - System32\Tasks\bVyBIwMCwVjnlcc2 => rundll32 "C:\Program Files (x86)\EIVqbhZCU\cWmaSr.dll",#1 Task: {BD06565D-D514-4718-A981-66F2937B007D} - System32\Tasks\FaNPVTFtuhKDYGtTD2 => rundll32 "C:\Program Files (x86)\QzeHcYPJTlaRogMtwuR\uUaUkOA.dll",#1 Task: {C1167AC8-1478-4088-AFE9-0E81160F785D} - System32\Tasks\ga72859687285968 => C:\Program Files (x86)\Quacks\cowl.exe [2018-01-29] () Task: {C36DEA49-D82D-4254-BC18-38602C9A2659} - System32\Tasks\76439423 => C:\Program Files (x86)\Niceness\flamers.exe [2018-02-04] () <==== ATTENTION Task: {C5EEE8BE-4092-4553-B729-494979B133CC} - System32\Tasks\86132216 => C:\Users\CHIQUITA\AppData\Local\cowl.exe [2018-01-29] () <==== ATTENTION Task: {C6016007-ACE0-4670-BA33-958F19166C90} - System32\Tasks\81792283 => C:\Program Files (x86)\Acetyl\flamers.exe [2018-02-04] () <==== ATTENTION Task: {C6BAA507-7952-409F-97BB-C022A9C9875D} - System32\Tasks\8613221686132216 => C:\Users\CHIQUITA\AppData\Local\dominator.exe [2018-01-29] () <==== ATTENTION Task: {CA7D9F19-7F36-4FA8-A642-094A22149A50} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation) Task: {D16F816C-0908-4BC3-BD46-B015CFB3A403} - System32\Tasks\RjugMwUzTsQQHAQNApl2 => rundll32 "C:\Program Files (x86)\OahiAhLMPlKqC\FOzibMF.dll",#1 Task: {E06451D3-8A87-461F-A1D3-DDE67673BDFE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated) Task: {E2704E98-6836-40CA-AFEC-9AFC25C97102} - System32\Tasks\BitX Updater Service => C:\Program Files (x86)\BitX\BitXUpdaterService.exe Task: {ED5AC775-E654-4FE3-8D77-CE760E067536} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation) Task: {EF4287A4-A734-494C-B517-04B6A419E2E7} - System32\Tasks\tsk14950164k14950164 => C:\Program Files (x86)\shielding\shielding.exe [2018-01-30] (wristwatch) Task: {F014B14D-C0FB-4E89-BCA6-912FA0A0E73F} - System32\Tasks\ga7285968728596872859687285968 => C:\Program Files (x86)\Quacks\dominator.exe [2018-01-29] () Task: {F35B909B-FC6D-4910-9299-7DDB03B5C689} - System32\Tasks\ts5687540856875408 => C:\Users\CHIQUITA\AppData\Local\flamers.exe [2018-02-04] () Task: {FBBC0A9A-DA0D-46D3-94DB-7950C332022C} - System32\Tasks\ts60677310606773106067731060677310 => C:\Program Files (x86)\pickerel\slovaks.exe [2018-01-30] () Task: {FF2883CA-5E66-4700-824A-18E054C5B58C} - System32\Tasks\CcUoDIeswNjImb => rundll32 "C:\Program Files (x86)\PAaFRntpKTdU2\PcxWKmmaASWrV.dll",#1 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\WindowsTimeSync.job => powershell.exeJ-executionpolicy bypass -file C:\Users\CHIQUITA\AppData\Local\Temp\\d.ps <==== ATTENTION Task: C:\WINDOWS\Tasks\{3B74BAD7-D8B4-7942-D1AE-7B90EC6CE651}.job => C:\Users\CHIQUITA\AppData\Roaming\Fahure\TUFEGA~1.EXE ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-01-29 04:01 - 2018-01-29 04:00 - 000111616 __RSH () C:\WINDOWS\SysWOW64\hssad\ddfsf.exe 2018-01-29 03:52 - 2017-12-06 13:27 - 002308096 ___SH () C:\Users\CHIQUITA\AppData\Roaming\tmp546.dat ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 05:25 - 2018-01-29 04:19 - 000001326 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 mydownloaddomain.com 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 texttotalk.org 127.0.0.1 gambling577.xyz 127.0.0.1 htagdownload.space 127.0.0.1 mybcnmonetize.com 127.0.0.1 360devtraking.website 127.0.0.1 dscdn.pw 127.0.0.1 bcnmonetize.go2affise.com 127.0.0.1 beautifllink.xyz ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-344180634-2788314874-1676771043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CHIQUITA\Desktop\IMG_0372.JPG DNS Servers: 82.163.143.174 - 82.163.142.176 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: BitXService => 2 MSCONFIG\Services: TIxlCoAp0uLa Updater => 2 MSCONFIG\Services: WindscribeService => 2 HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "maitresmaitres" HKLM\...\StartupApproved\Run: => "maitres" HKLM\...\StartupApproved\Run: => "maitresleprosy" HKLM\...\StartupApproved\Run: => "gplyra" HKLM\...\StartupApproved\Run32: => "AnonymizerGadget" HKLM\...\StartupApproved\Run32: => "shomronshomron" HKLM\...\StartupApproved\Run32: => "shomron" HKLM\...\StartupApproved\Run32: => "shomronmonetarist" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\StartupFolder: => "farrell.lnk" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\StartupFolder: => "farrellfarrell.lnk" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "5KPlayer" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "F8IP17417Z73NJI" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "XA3PD3XQVIC8R0X" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "PW980XP6DL1VJ97" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "YMBBXJJZ6XL68I9" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "4ZOUIW626E965A6" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "BMDTSKVV3OTF0O0" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "0GMSX11PQBTXYIL" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "I0147AKER1PWVAO" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "preppie" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "leprosyleprosy" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "leprosy" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "monetaristmonetarist" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "monetarist" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "leprosymaitres" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "monetaristshomron" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "360473" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "9451324" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "4417670" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "6363869" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "9507379" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "5057101" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "3049555" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "2649095" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "1082554" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "5184650" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "1728788" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "8025198" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "3863559" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "9009265" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "9484961" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "wqbmlhma" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "LSYG7UV2NE2K71H" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "8DRQIPYPGG1RT28" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "7YGGQ5LI6DIWY6L" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "WMBVGLA1S8XHQRM" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "3JBFGORHK66ZZIB" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "pdp" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "9IKEZ231UQVFBQD" HKU\S-1-5-21-344180634-2788314874-1676771043-1001\...\StartupApproved\Run: => "YeaDesktop" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{AA78D4F9-D797-4236-9E05-C4423F67FE38}C:\users\chiquita\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\chiquita\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{80EC0D1F-FE8F-4A1A-B3AA-BC035F555BED}C:\users\chiquita\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\chiquita\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [TCP Query User{24356F4E-EACF-4DB9-BF00-8793798530AD}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe FirewallRules: [UDP Query User{1745F719-DD78-436D-8E60-B91A46DA6DFF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe FirewallRules: [{12F8A6B0-E352-4689-B26C-A21BF3716F47}] => (Allow) C:\Program Files (x86)\Niceness\flamers.exe FirewallRules: [{00618E56-2C88-4D0E-B7EE-5803D6FE78E4}] => (Allow) C:\Program Files (x86)\Acetyl\flamers.exe FirewallRules: [{C062C03F-3FE7-483C-9934-C8849BBE3CC8}] => (Allow) C:\Program Files (x86)\duking\modifier.exe FirewallRules: [{5B4ECA3B-DB06-4578-A4F0-98306033033A}] => (Allow) C:\Program Files (x86)\Acetyl\modifier.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/04/2018 05:04:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18817, time stamp: 0x59b18749 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000005 Fault offset: 0x00040e72 Faulting process id: 0x1978 Faulting application start time: 0x01d39e1d13e46786 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 8cf5cdf6-0a10-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 05:04:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 760 Start Time: 01d39e1cd7a01d59 Termination Time: 562 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: 78eef7fd-0a10-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 05:01:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 17d4 Start Time: 01d39e1c20469046 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 1c145f8e-0a10-11e8-829d-645a04d25d8d Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/04/2018 05:01:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHIQUITA) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/04/2018 04:57:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program shielding.exe version 2.7.4.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f50 Start Time: 01d39e142d864e9c Termination Time: 60000 Application Path: C:\Program Files (x86)\shielding\shielding.exe Report Id: 67584236-0a0f-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 04:57:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TssSrv.exe, version: 1.0.1.1, time stamp: 0x526514d5 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000374 Fault offset: 0x000e6214 Faulting process id: 0xbd8 Faulting application start time: 0x01d39e147cffe1b2 Faulting application path: C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 7d813819-0a0f-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 04:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program sojourner.exe version 9.2.4.113 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b2c Start Time: 01d39e1b6b30a147 Termination Time: 15505 Application Path: C:\Program Files (x86)\sojourner\sojourner.exe Report Id: 5b42a8f1-0a0f-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 04:55:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 31a4 Start Time: 01d39e1bfc4e0b27 Termination Time: 398 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: 46a353e2-0a0f-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 04:50:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program sojourner.exe version 9.2.4.113 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 26c4 Start Time: 01d39e1976b01e7d Termination Time: 55650 Application Path: C:\Program Files (x86)\sojourner\sojourner.exe Report Id: 4692ca81-0a0e-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: Error: (02/04/2018 04:50:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFEGA~1.EXE, version: 3.8.35.78, time stamp: 0x55493fd2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x293c Faulting application start time: 0x01d39e1b40985b05 Faulting application path: C:\Users\CHIQUITA\AppData\Roaming\Fahure\TUFEGA~1.EXE Faulting module path: unknown Report Id: 8da50563-0a0e-11e8-829d-645a04d25d8d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (02/04/2018 06:18:20 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 06:08:20 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 06:06:15 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:58:20 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:53:32 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:48:20 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:40:55 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (02/04/2018 05:40:55 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:40:47 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/04/2018 05:40:23 PM) (Source: DCOM) (EventID: 10005) (User: CHIQUITA) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 3558U @ 1.70GHz Percentage of memory in use: 52% Total physical RAM: 4008.02 MB Available physical RAM: 1891.6 MB Total Virtual: 4776.02 MB Available Virtual: 2707.11 MB ==================== Drives ================================ Drive c: (TI10689400I) (Fixed) (Total:454.24 GB) (Free:399.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================