This topic is lockedAha, limited Tech Support until 4/29/2015!
Malware or Virus?
Started by
flowerchild552008
, Apr 17 2015 08:46 PM
#32
Posted 18 April 2015 - 09:35 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
OK.
LOL
Lets run System File Checker from a command prompt. A command prompt is a black window to keep it simple. System file check will check to see if system files are in the right place.
To do this;
Open an elevated command prompt, on your keyboard press the Windowslogo key + X to open the Power user Tasks menu;
When the menu is open click on the "Command Prompt (Admin)" menu option. If you use receive a User Account Control prompt, please allow it to continue. You will now see an elevated command prompt black window.
Now
"copy" the command below with the mouse;
sfc /scannow
Now
Put your mouse inside the black command window and right click and paste, hit enter on the keyboard
Let me know what the results are and if it's unable to fix anything.
Joe
LOL
Lets run System File Checker from a command prompt. A command prompt is a black window to keep it simple. System file check will check to see if system files are in the right place.
To do this;
Open an elevated command prompt, on your keyboard press the Windowslogo key + X to open the Power user Tasks menu;
When the menu is open click on the "Command Prompt (Admin)" menu option. If you use receive a User Account Control prompt, please allow it to continue. You will now see an elevated command prompt black window.
Now
"copy" the command below with the mouse;
sfc /scannow
Now
Put your mouse inside the black command window and right click and paste, hit enter on the keyboard
Let me know what the results are and if it's unable to fix anything.
Joe
#33
Posted 18 April 2015 - 10:10 AM
flowerchild552008
- Topic Starter
-
- Member
-
- 123 posts
Member
Windows Resource Protection found corrupt files but was unable to fix dome of them.
Details are included in the CBS,Log windir\Logs\CBS\CBS.log. For example: C:\Widows\Logs\CBS\CBS.log
Note that logging is currently not supported in offline servicing scenarios.
#34
Posted 18 April 2015 - 10:20 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Windows Resource Protection found corrupt files but was unable to fix dome of them.
OK.
Now
We run another new command to see if we can fix that issue with corrupt files.
Copy this command in bold ---> Dism /Online /Cleanup-Image /RestoreHealth then paste it into the command prompt window just like you did before, hit enter.
Then
Restart the PC afterwards, and try the sfc /scannow command again.
If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 times restarting the PC after each time to completely fix everything that it's able to.
Joe
#35
Posted 18 April 2015 - 01:41 PM
flowerchild552008
- Topic Starter
-
- Member
-
- 123 posts
Member
Joe,
Third time was not a charm. 
Same message as before. What now?
Deb
#36
Posted 18 April 2015 - 01:47 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Let me think about this and what to do next.
Is it possible to post a new set of FRST logs..
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Joe
Is it possible to post a new set of FRST logs..
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply. Or in your case attach them.
Joe
#37
Posted 18 April 2015 - 01:49 PM
flowerchild552008
- Topic Starter
-
- Member
-
- 123 posts
Member
Should I delete the originals?
#39
Posted 18 April 2015 - 02:18 PM
flowerchild552008
- Topic Starter
-
- Member
-
- 123 posts
Member
We are back to the error I originally received last night with trying to paste the logs. I am attaching as before.
Attached Files
-
FRST.txt 451.83KB
132 downloads
-
Addition.txt 22.5KB
146 downloads
#40
Posted 18 April 2015 - 02:23 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
I know windows 8 has an issue with that it will always do it. Let me look these over. There's 2 more restore points on the machine and I 'm thinking about maybe trying another one. Let me have a moment to look over.
Restore points
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
15-04-2015 02:47:09 Windows Update ------That's the one we tried.
Thanks
Joe
Restore points
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
15-04-2015 02:47:09 Windows Update ------That's the one we tried.
Thanks
Joe
#42
Posted 18 April 2015 - 02:29 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
I'm pasting the logs in, it's easier me that way.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Debra (administrator) on MYBABY on 18-04-2015 15:54:18
Running from C:\Users\Debra\Desktop
Loaded Profiles: Debra (Available profiles: Debra)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mindspark) C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [GamingWonderland AppIntegrator 32-bit] => C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [GamingWonderland AppIntegrator 64-bit] => C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator64.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Run: [cdloader] => C:\Users\Debra\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...47&ocid=U147DHP
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 InboxAce_1gService; C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe [90696 2014-10-09] (Mindspark)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 15:54 - 2015-04-18 15:54 - 00011928 _____ () C:\Users\Debra\Desktop\FRST.txt
2015-04-18 15:52 - 2015-04-18 15:52 - 00000000 ____D () C:\Users\Debra\Desktop\FRST-OlderVersion
2015-04-18 14:56 - 2015-04-18 14:56 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-17 22:36 - 2015-04-18 00:43 - 00013824 ___SH () C:\Users\Debra\Desktop\Thumbs.db
2015-04-17 21:20 - 2015-04-18 15:54 - 00000000 ____D () C:\FRST
2015-04-17 21:19 - 2015-04-18 15:52 - 02098176 _____ (Farbar) C:\Users\Debra\Desktop\FRST64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 15:33 - 2014-09-11 19:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{75636260-DEBE-40AC-BABA-9EE9E28B6453}
2015-04-18 15:02 - 2014-09-11 21:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-18 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-18 14:55 - 2014-09-11 19:17 - 00000000 __RDO () C:\Users\Debra\OneDrive
2015-04-18 14:55 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 14:54 - 2013-08-22 10:46 - 00021443 _____ () C:\Windows\setupact.log
2015-04-18 14:26 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-18 13:04 - 2014-09-11 21:12 - 02094725 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 13:03 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 12:16 - 2014-09-11 19:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298665756-2822785880-394653188-1001
2015-04-18 11:35 - 2014-09-11 21:20 - 00000000 ____D () C:\ProgramData\PocketCloud
2015-04-18 10:03 - 2014-09-11 19:47 - 00001039 _____ () C:\Users\Debra\Desktop\magicJack.lnk
2015-04-18 10:03 - 2014-09-11 19:47 - 00001025 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-04-18 10:03 - 2014-09-11 19:24 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\mjusbsp
2015-04-18 03:29 - 2014-12-10 23:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-18 03:29 - 2014-09-17 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-18 03:29 - 2014-09-11 19:16 - 00000000 ____D () C:\ProgramData\Atheros
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-18 03:29 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-18 03:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2015-04-18 00:50 - 2014-09-19 15:51 - 00000000 ____D () C:\ProgramData\softthinks
2015-04-18 00:42 - 2014-03-18 05:44 - 00047264 _____ () C:\Windows\PFRO.log
2015-04-17 13:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 08:29 - 2014-09-11 21:27 - 00000000 ____D () C:\ProgramData\Temp
2015-04-16 16:17 - 2015-02-11 14:00 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-04-16 04:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 20:59 - 2014-09-14 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 20:58 - 2014-09-14 03:14 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 23:39 - 2014-11-12 09:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-13 20:44 - 2014-09-11 19:16 - 00000000 ____D () C:\Users\Debra\Documents\Bluetooth Folder
2015-04-13 19:24 - 2014-09-17 07:48 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-09-17 07:48 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 12:23 - 2014-09-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-10 20:31 - 2014-09-12 08:40 - 00000000 ____D () C:\Users\Debra\AppData\Local\CrashDumps
2015-04-04 15:42 - 2014-09-11 19:15 - 00000000 ____D () C:\Users\Debra
2015-04-03 22:53 - 2014-03-18 05:53 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 16:21 - 2014-09-11 21:31 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-22 17:31 - 2013-08-22 11:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2015-03-22 17:23 - 2014-03-18 05:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Com
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\IME
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-19 15:57 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-03-19 15:57 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
==================== Files in the root of some directories =======
2014-09-11 21:21 - 2014-09-11 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-11 21:30 - 2014-09-11 21:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-11 21:27 - 2014-09-11 21:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-11 21:28 - 2014-09-11 21:29 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-11 21:29 - 2014-09-11 21:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-11 21:27 - 2014-09-11 21:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 03:42
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by Debra at 2015-04-18 15:55:53
Running from C:\Users\Debra\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
magicJack (HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Zuma Deluxe (HKLM-x32\...\110111700) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
15-04-2015 02:47:09 Windows Update
18-04-2015 02:43:37 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2880ED1A-15A0-4555-844C-E9F35174FDDA} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {4F87FBFF-80E6-4BB9-98B7-33DA97702C24} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5377634F-D342-445C-A3E4-0693DADF806C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {57D95491-86BF-408E-A86C-ACAE7E621CB4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {60E2D18D-F65E-4EF8-84C2-7EF5CAA2FC80} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6E19D656-0FE4-4831-8F49-9B470E78EEFB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {79C905F8-00E8-42E2-9EC5-EB54A01E34CA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {859CB807-BE73-4F88-9A41-0E69F90A339D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {86FF41E5-4B59-470D-8C17-0E2568A7D582} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8DB37384-B2C4-4CA9-83DE-456FBF3DED62} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {B0DF1F35-5F98-4928-980C-7D734C9A8342} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {CA0F8B01-0665-457D-BE09-55DFDF001344} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {EEDCDC8B-2114-4DFE-9422-014E063A3167} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FF8FD182-C151-4711-A979-574638ABCAF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) ==============
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-09-05 02:20 - 2013-09-05 02:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 02:24 - 2013-09-05 02:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-09-11 21:32 - 2014-04-30 13:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-09-11 21:28 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-11 21:20 - 2013-12-09 18:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-11 21:32 - 2013-12-17 20:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-11 21:32 - 2012-11-26 02:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-11 21:32 - 2012-11-26 02:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Debra\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1298665756-2822785880-394653188-500 - Administrator - Disabled)
Debra (S-1-5-21-1298665756-2822785880-394653188-1001 - Administrator - Enabled) => C:\Users\Debra
Guest (S-1-5-21-1298665756-2822785880-394653188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298665756-2822785880-394653188-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/18/2015 02:55:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x5b4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 02:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x9b0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xb20
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:31:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x990
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xc14
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 09:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xff0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 09:05:59 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070780.
Error: (04/18/2015 03:00:46 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070780.
Error: (04/18/2015 03:00:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xacc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xb68
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
System errors:
=============
Error: (04/18/2015 02:55:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 02:27:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:59:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:30:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:04:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 00:55:48 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:51:46 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:47:44 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:43:39 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 09:05:50 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Microsoft Office Sessions:
=========================
Error: (04/18/2015 02:55:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f5b401d07a093ea8ceeaC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll7c9ce181-e5fc-11e4-829d-142d27a2cc5c
Error: (04/18/2015 02:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f9b001d07a0551be3571C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll9466cd90-e5f8-11e4-829c-142d27a2cc5c
Error: (04/18/2015 01:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fb2001d07a016370faf1C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dlla4e2f861-e5f4-11e4-829b-142d27a2cc5c
Error: (04/18/2015 01:31:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f99001d079fd70d5ecb7C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dllb43a6701-e5f0-11e4-829a-142d27a2cc5c
Error: (04/18/2015 01:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fc1401d079f9cfdc1e61C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll0e096a13-e5ed-11e4-8299-142d27a2cc5c
Error: (04/18/2015 09:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fff001d079d8695bc1fdC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dlla81ce002-e5cb-11e4-8298-142d27a2cc5c
Error: (04/18/2015 09:05:59 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070780
Error: (04/18/2015 03:00:46 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070780
Error: (04/18/2015 03:00:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497facc01d079a550d2547fC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll9e77cb67-e598-11e4-8297-142d27a2cc5c
Error: (04/18/2015 01:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fb6801d0799927ee9b2bC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll669a440a-e58c-11e4-8296-142d27a2cc5c
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4012.95 MB
Available physical RAM: 2135.56 MB
Total Pagefile: 5612.95 MB
Available Pagefile: 3418.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:458 GB) (Free:423.37 GB) NTFS
Drive d: () (Fixed) (Total:3.73 GB) (Free:3.5 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:6.38 GB) (Free:0.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B87D9F38)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: A9573C8B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Debra (administrator) on MYBABY on 18-04-2015 15:54:18
Running from C:\Users\Debra\Desktop
Loaded Profiles: Debra (Available profiles: Debra)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mindspark) C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [GamingWonderland AppIntegrator 32-bit] => C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [GamingWonderland AppIntegrator 64-bit] => C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator64.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Run: [cdloader] => C:\Users\Debra\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...47&ocid=U147DHP
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @InboxAce_1g.com/Plugin -> C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 InboxAce_1gService; C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe [90696 2014-10-09] (Mindspark)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 15:54 - 2015-04-18 15:54 - 00011928 _____ () C:\Users\Debra\Desktop\FRST.txt
2015-04-18 15:52 - 2015-04-18 15:52 - 00000000 ____D () C:\Users\Debra\Desktop\FRST-OlderVersion
2015-04-18 14:56 - 2015-04-18 14:56 - 00000000 ___RD () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-17 22:36 - 2015-04-18 00:43 - 00013824 ___SH () C:\Users\Debra\Desktop\Thumbs.db
2015-04-17 21:20 - 2015-04-18 15:54 - 00000000 ____D () C:\FRST
2015-04-17 21:19 - 2015-04-18 15:52 - 02098176 _____ (Farbar) C:\Users\Debra\Desktop\FRST64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 15:33 - 2014-09-11 19:24 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{75636260-DEBE-40AC-BABA-9EE9E28B6453}
2015-04-18 15:02 - 2014-09-11 21:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-18 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-18 14:55 - 2014-09-11 19:17 - 00000000 __RDO () C:\Users\Debra\OneDrive
2015-04-18 14:55 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 14:54 - 2013-08-22 10:46 - 00021443 _____ () C:\Windows\setupact.log
2015-04-18 14:26 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-18 13:04 - 2014-09-11 21:12 - 02094725 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 13:03 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 12:16 - 2014-09-11 19:21 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298665756-2822785880-394653188-1001
2015-04-18 11:35 - 2014-09-11 21:20 - 00000000 ____D () C:\ProgramData\PocketCloud
2015-04-18 10:03 - 2014-09-11 19:47 - 00001039 _____ () C:\Users\Debra\Desktop\magicJack.lnk
2015-04-18 10:03 - 2014-09-11 19:47 - 00001025 _____ () C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-04-18 10:03 - 2014-09-11 19:24 - 00000000 ____D () C:\Users\Debra\AppData\Roaming\mjusbsp
2015-04-18 03:29 - 2014-12-10 23:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-18 03:29 - 2014-09-17 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-18 03:29 - 2014-09-11 19:16 - 00000000 ____D () C:\ProgramData\Atheros
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 03:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-18 03:29 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-18 03:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2015-04-18 00:50 - 2014-09-19 15:51 - 00000000 ____D () C:\ProgramData\softthinks
2015-04-18 00:42 - 2014-03-18 05:44 - 00047264 _____ () C:\Windows\PFRO.log
2015-04-17 13:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-17 08:29 - 2014-09-11 21:27 - 00000000 ____D () C:\ProgramData\Temp
2015-04-16 16:17 - 2015-02-11 14:00 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-04-16 04:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 20:59 - 2014-09-14 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 20:58 - 2014-09-14 03:14 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 23:39 - 2014-11-12 09:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-13 20:44 - 2014-09-11 19:16 - 00000000 ____D () C:\Users\Debra\Documents\Bluetooth Folder
2015-04-13 19:24 - 2014-09-17 07:48 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-09-17 07:48 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 12:23 - 2014-09-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-10 20:31 - 2014-09-12 08:40 - 00000000 ____D () C:\Users\Debra\AppData\Local\CrashDumps
2015-04-04 15:42 - 2014-09-11 19:15 - 00000000 ____D () C:\Users\Debra
2015-04-03 22:53 - 2014-03-18 05:53 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 16:21 - 2014-09-11 21:31 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-22 17:31 - 2013-08-22 11:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2015-03-22 17:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2015-03-22 17:23 - 2014-03-18 05:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Com
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\IME
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-22 17:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 17:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-22 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-19 15:57 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-03-19 15:57 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
==================== Files in the root of some directories =======
2014-09-11 21:21 - 2014-09-11 21:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-11 21:30 - 2014-09-11 21:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-11 21:27 - 2014-09-11 21:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-11 21:28 - 2014-09-11 21:29 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-11 21:29 - 2014-09-11 21:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-11 21:27 - 2014-09-11 21:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-18 03:42
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2015 01
Ran by Debra at 2015-04-18 15:55:53
Running from C:\Users\Debra\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
magicJack (HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Zuma Deluxe (HKLM-x32\...\110111700) (Version: - Oberon Media)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
15-04-2015 02:47:09 Windows Update
18-04-2015 02:43:37 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2880ED1A-15A0-4555-844C-E9F35174FDDA} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {4F87FBFF-80E6-4BB9-98B7-33DA97702C24} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5377634F-D342-445C-A3E4-0693DADF806C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {57D95491-86BF-408E-A86C-ACAE7E621CB4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {60E2D18D-F65E-4EF8-84C2-7EF5CAA2FC80} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6E19D656-0FE4-4831-8F49-9B470E78EEFB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {79C905F8-00E8-42E2-9EC5-EB54A01E34CA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {859CB807-BE73-4F88-9A41-0E69F90A339D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {86FF41E5-4B59-470D-8C17-0E2568A7D582} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8DB37384-B2C4-4CA9-83DE-456FBF3DED62} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {B0DF1F35-5F98-4928-980C-7D734C9A8342} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {CA0F8B01-0665-457D-BE09-55DFDF001344} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {EEDCDC8B-2114-4DFE-9422-014E063A3167} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FF8FD182-C151-4711-A979-574638ABCAF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) ==============
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-09-11 21:32 - 2014-03-12 15:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-09-05 02:20 - 2013-09-05 02:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 02:24 - 2013-09-05 02:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-09-11 21:32 - 2014-04-30 13:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-09-11 21:28 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-11 21:20 - 2013-12-09 18:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-11 21:32 - 2013-12-17 20:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-11 21:32 - 2012-11-26 02:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-11 21:32 - 2012-11-26 02:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Debra\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1298665756-2822785880-394653188-500 - Administrator - Disabled)
Debra (S-1-5-21-1298665756-2822785880-394653188-1001 - Administrator - Enabled) => C:\Users\Debra
Guest (S-1-5-21-1298665756-2822785880-394653188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298665756-2822785880-394653188-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/18/2015 02:55:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x5b4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 02:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x9b0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xb20
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:31:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0x990
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xc14
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 09:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xff0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 09:05:59 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070780.
Error: (04/18/2015 03:00:46 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070780.
Error: (04/18/2015 03:00:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xacc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (04/18/2015 01:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0x80270249
Fault offset: 0x00000000002f497f
Faulting process id: 0xb68
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
System errors:
=============
Error: (04/18/2015 02:55:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 02:27:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:59:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:30:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 01:04:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/18/2015 00:55:48 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:51:46 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:47:44 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 00:43:39 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller
Error: (04/18/2015 09:05:50 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Microsoft Office Sessions:
=========================
Error: (04/18/2015 02:55:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f5b401d07a093ea8ceeaC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll7c9ce181-e5fc-11e4-829d-142d27a2cc5c
Error: (04/18/2015 02:27:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f9b001d07a0551be3571C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll9466cd90-e5f8-11e4-829c-142d27a2cc5c
Error: (04/18/2015 01:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fb2001d07a016370faf1C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dlla4e2f861-e5f4-11e4-829b-142d27a2cc5c
Error: (04/18/2015 01:31:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497f99001d079fd70d5ecb7C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dllb43a6701-e5f0-11e4-829a-142d27a2cc5c
Error: (04/18/2015 01:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fc1401d079f9cfdc1e61C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll0e096a13-e5ed-11e4-8299-142d27a2cc5c
Error: (04/18/2015 09:05:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fff001d079d8695bc1fdC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dlla81ce002-e5cb-11e4-8298-142d27a2cc5c
Error: (04/18/2015 09:05:59 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070780
Error: (04/18/2015 03:00:46 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070780
Error: (04/18/2015 03:00:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497facc01d079a550d2547fC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll9e77cb67-e598-11e4-8297-142d27a2cc5c
Error: (04/18/2015 01:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c458027024900000000002f497fb6801d0799927ee9b2bC:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll669a440a-e58c-11e4-8296-142d27a2cc5c
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4012.95 MB
Available physical RAM: 2135.56 MB
Total Pagefile: 5612.95 MB
Available Pagefile: 3418.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:458 GB) (Free:423.37 GB) NTFS
Drive d: () (Fixed) (Total:3.73 GB) (Free:3.5 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:6.38 GB) (Free:0.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B87D9F38)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: A9573C8B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================
#43
Posted 18 April 2015 - 02:32 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Deb,
Take a break for a while...
Thanks
Joe
Take a break for a while...
Thanks
Joe
#44
Posted 18 April 2015 - 02:38 PM
flowerchild552008
- Topic Starter
-
- Member
-
- 123 posts
Member
Ok. I have saltwater to make!
Thank you for all this!
Deb
#45
Posted 18 April 2015 - 04:39 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Lets try another restore point and see if we get the same error.
These are the 2 restore points below that the log says we / you have.
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
Joe
These are the 2 restore points below that the log says we / you have.
02-04-2015 03:39:49 Scheduled Checkpoint
09-04-2015 05:16:54 Scheduled Checkpoint
Joe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
