JoePGM

thanks for help from MysterFCM and CatByte. I just checked the FixList.txt and I see it goint to clean up the XRD manager, that is one of the tools from my monitor calibration software, I think I have to keep that, is it? Please advice, thanks!

The Chrome problem was happened a weeks before, during this week I have seek for your specialist help, and here I have included a FRST log, do you think my system is clean now? FRST.txt Addition.txt

what is installRex and how to remove?

so my system still totally in all-safe and clean?

thanks for your reply! you make me feel safe! my Malwarebyte reporting the NZXT CAM, Kaspersky and Chrome also get similar malicious action, they are all not any P2P software.... (I have attached the MBAM export list showing these events) malwarebyte_log.txt MBAM.txt

the NZXT CAM is the official software from NZXT which control and monitor and All-in-one watercooling blocks. I download it from NZXT official website. I'm afraid if my system is actually get infected but those virus/malware keeps hiding out, and randomly connect to outer world and show these "malicious IP connection" Is my system safe ?

So am I get infected????

Hi Malwarebyte, I have my system cleanup by your advisor few days before but now something come back, these application try to reach an external IP and reports malicious action by Malwarebyte, are they false positive? I have mentioned the similar problem before in my post#6 here: https://forums.malwarebytes.org/index.php?/topic/168043-syswow64-cmdexe-possible-malware-hijack/page-2 Any idea?? MBAM.txt

Hello Malwarebyte, I have seek for help from "Malware Removal Help" forum before about Malwarebyte report similar malicious IP. After the clean up task from your advisor, some IP still occur, I'm not sure if they are safe or not, could you please check? Thank you.MBAM.txt

I have report the similar case at my post #6 I have once again scan my PC with malwarebyte and kaspersky, can't find anything. But it is weird that malwarebye keep report malicious action, right?

Hi TwinHeadedEagle, my system come back something like this, these application try to reach an external IP and reports malicious action by Malwarebyte Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 05/05/2015 10:44:25 PM, SYSTEM, X99, Manual, Remediation Database, 2014.12.6.1, 2015.4.22.1, Update, 05/05/2015 10:44:25 PM, SYSTEM, X99, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1, Update, 05/05/2015 10:44:27 PM, SYSTEM, X99, Manual, Malware Database, 2015.3.7.4, 2015.5.5.4, Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malware Protection, Starting, Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malware Protection, Started, Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, Protection, 05/05/2015 10:45:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, Update, 05/05/2015 10:51:55 PM, SYSTEM, X99, Manual, Malware Database, 2015.5.5.4, 2015.5.5.5, Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Refresh, Starting, Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Malicious Website Protection, Stopping, Protection, 05/05/2015 10:51:55 PM, SYSTEM, X99, Protection, Malicious Website Protection, Stopped, Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Refresh, Success, Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, Protection, 05/05/2015 10:51:58 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, Scan, 05/05/2015 10:56:48 PM, SYSTEM, X99, Manual, Start:05/05/2015 10:52:07 PM, Duration:4 min 41 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malware Protection, Starting, Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malware Protection, Started, Protection, 05/05/2015 10:04:50 PM, SYSTEM, X99, Protection, Malicious Website Protection, Starting, Protection, 05/05/2015 10:05:08 PM, SYSTEM, X99, Protection, Malicious Website Protection, Started, Detection, 05/05/2015 10:06:15 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 166.78.246.145, 1147, Outbound, C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe, Detection, 05/05/2015 10:06:15 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 166.78.246.145, 1147, Outbound, C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe, Detection, 05/05/2015 11:11:04 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 213.226.201.226, 6881, Outbound, D:\Games\World_of_Tanks\WoTLauncher.exe, Detection, 05/05/2015 11:11:04 PM, SYSTEM, X99, Protection, Malicious Website Protection, IP, 213.226.201.226, 6881, Outbound, D:\Games\World_of_Tanks\WoTLauncher.exe, (end) Any idea??

Alright, thanks again TwinHeadedEagle!

After reinstall Chrome browser, the Kaspersky Protection extension no longer clickable and usable, and the CMD.exe also disappear from my service. I doubt the IAT Hook is something related inside......

So.... what should I do?

Just reinstalled Chrome, that IAT Hook is not occur. But as I said, it re-occur in random..... should I alert of it?

OHH.... somethings come back

Thank you dude! Enjoy a beer! Cheers

Many thanks TwinHeadedEagle. I try to surfing web as safety as possible, but I find that I suffer the same IAT HOOK and Malicious Outbound twice in a month... I doubt there will be happen again very soon. Any good tools I could try for first-aid if I suffer the same next time?

the CMD.EXE now still running in background. As I said it seems like linked to the Kaspersky Protection chrome extension, if I remove this extension, the CMD.EXE will gone, do you think it is trustable?

my system seems stable now, many thanks TwinHeadedEagle. But I still have the following questions: 1. What is that CMD.EXE running behind? Is that part of Kaspersky service?2. Is my system infected with malware/rootkit ? Many thanks!

here is the log zoek-results.log

something detected in RougeKiller this morning, nothing is detected before, this is exactly the same malicious item I have 3 weeks before:

(UPDATE) some malicious action started on my machine, I have attached a log. I have got similar situation 3 weeks before, back to the date I have a fresh clean of windows, unfortunately the similar issue come back now malwarebyte_log.txt

Thanks, here are the logs Addition.txt FRST.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01 Ran by Solution at 2015-05-02 02:31:34 Running from C:\Users\Solution\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1859955418-491830460-2377010485-500 - Administrator - Disabled) Guest (S-1-5-21-1859955418-491830460-2377010485-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1859955418-491830460-2377010485-1003 - Limited - Enabled) Solution (S-1-5-21-1859955418-491830460-2377010485-1001 - Administrator - Enabled) => C:\Users\Solution ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark) 3DMark (Version: 1.4.828.0 - Futuremark) Hidden AIDA64 Extreme v4.50 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.50 - FinalWire Ltd.) Bandizip (HKLM\...\Bandizip) (Version: 5.05 - Bandisoft.com) Bloody5 (HKLM-x32\...\Bloody3) (Version: 15.04.0004 - Bloody) CAM (HKLM-x32\...\{46DA8827-18F8-4489-882C-4ACE5ECE524E}) (Version: 1.2.4 - NZXT) CH Control Manager Software (HKLM-x32\...\CHControlManager_is1) (Version: - ) CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World) CrystalDiskMark 3.0.3b Shizuku Edition (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World) dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate) dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate) EaseUS Todo Backup Free 8.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd) Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments) EVGA E-LEET Tuning Utility X (HKLM-x32\...\{13223B74-593A-4633-9B3D-BADF9C29DECD}) (Version: 0.9.0 - EVGA Corporation) EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA) EVGA PrecisionX 16 (HKLM-x32\...\{0D30CA95-DFB2-4130-AF57-6E0D324DDB05}) (Version: 5.3.3 - EVGA Corporation) foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski) Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Honeyview (HKLM\...\Honeyview) (Version: 5.11 - Bandisoft.com) i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.5.6 - X-Rite) Intel Extreme Tuning Utility (HKLM-x32\...\{ffa8daa3-4912-4a4a-aac4-a0549064268b}) (Version: 5.1.1.25 - Intel Corporation) Intel Extreme Tuning Utility (x32 Version: 5.1.1.25 - Intel Corporation) Hidden Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation) Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-GB)) (Version: 31.6.0 - Mozilla) MPC-BE x64 1.4.5.315 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.4.5.315 - MPC-BE Team) NaturalPoint USB Drivers x64 (HKLM\...\{B408139D-04D6-4464-A979-D335E48F7063}) (Version: 2.50.0000 - NaturalPoint) Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.) NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation) NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PlanetSide 2 (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment) Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.30171 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden SIGMA_PhotoPro 6.2 (HKLM-x32\...\SIGMA_PhotoPro) (Version: 6.2 - SIGMA corporation) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TrackIR 5 (HKLM-x32\...\{2f2e6053-043c-4d69-94d0-4d42304ea4ee}) (Version: 5.2.0200 - NaturalPoint) Tt eSPORTS MEKA G Unit Illuminated gaming keyboard Driver V1.0 (HKLM-x32\...\{B309FBB9-A400-4865-BD46-29276E27B94A}}_is1) (Version: - Ttesports Inc.) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis) World of Tanks (HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team) X-Rite Device Services Manager (HKLM-x32\...\{64285C74-388D-4147-B215-54B34AFBF0CA}) (Version: 2.3.82 - X-Rite) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1859955418-491830460-2377010485-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-1859955418-491830460-2377010485-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com) ==================== Restore Points ========================= 23-04-2015 10:15:14 Removed NVIDIA PhysX 25-04-2015 23:39:42 Installed DirectX 28-04-2015 07:16:14 Installed DirectX ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {5B575C9A-5E93-44A5-B42F-E81CB8DC134E} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23] (X-Rite Inc.) Task: {7A86AF45-9CF3-470E-89FC-0213ED07570B} - \Optimize Start Menu Cache Files-S-1-5-21-1859955418-491830460-2377010485-1001 No Task File <==== ATTENTION Task: {7D4510EE-8104-414C-A144-44A75B7EE6B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {805E23A3-7A06-4C00-89D4-DD09BA48E74D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.) Task: {87711507-A234-4326-B918-03CEFA5DC1C7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {96160A96-454E-41C5-957A-3A3AF3BE3607} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe [2015-02-13] () Task: {96985BA1-9E42-44BC-9093-EC59A84957C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {AAD2010C-B656-4E4D-9BC4-6AF738B42B49} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-23] (Microsoft Corporation) Task: {C6E1E11C-0935-4C58-B780-BD60A0D21654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.) Task: {DA69D1C3-D108-4A75-B365-42B33F0C7269} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-07 20:28 - 2015-04-08 22:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-04-23 21:32 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2015-03-07 16:07 - 2014-01-21 17:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe 2015-04-23 20:58 - 2015-04-17 16:42 - 18910208 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe 2015-03-07 16:01 - 2012-02-13 16:11 - 01672704 _____ () C:\Program Files (x86)\Ttesports\MEKA G UNIT Illuminated\MEKA G Unit HID.exe 2015-02-13 12:13 - 2015-02-13 12:13 - 07703016 _____ () C:\Program Files (x86)\NZXT\CAM\CAM_Client.exe 2015-04-23 21:32 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe 2015-03-07 16:51 - 2015-03-07 16:51 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2015-04-23 21:31 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2015-04-23 21:31 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2015-04-23 21:31 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2015-04-23 21:31 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2015-04-23 21:31 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll 2014-06-23 18:06 - 2014-06-23 18:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll 2014-06-23 18:06 - 2014-06-23 18:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll 2015-04-23 21:32 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2015-04-23 10:11 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-03-07 16:07 - 2014-01-21 17:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll 2015-04-23 20:58 - 2013-04-03 18:29 - 00085504 _____ () C:\Program Files (x86)\Bloody5\Bloody5\DLL\DLL_ZoomControl.dll 2015-04-23 20:58 - 2014-01-10 17:48 - 04260352 _____ () C:\Program Files (x86)\Bloody5\Bloody5\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll 2015-04-29 22:33 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-04-29 22:33 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-02-13 12:14 - 2015-05-02 01:55 - 00032768 _____ () C:\Program Files (x86)\NZXT\CAM\GPULoadAPI.dll 2015-04-23 21:32 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll 2015-04-23 21:32 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll 2015-04-23 21:32 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll 2015-04-23 21:32 - 2015-03-14 12:05 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll 2015-04-29 22:33 - 2015-04-28 03:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Solution\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-1859955418-491830460-2377010485-1001\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1859955418-491830460-2377010485-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Solution\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{527229AA-4AF7-4091-BC44-8631EFC512DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{BE47152C-F695-4D1D-A455-3156E55E984B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{951D7608-200E-4480-8FA4-92C4ED3980A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{A628C5C6-7EB7-45D8-92DA-16461043746F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{933E7C77-2B46-406C-A1C9-186BA85D9ABC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{67F962D6-F159-41DB-9CF5-89B8EC1291F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EDEAA550-3FF2-476E-9EE3-491C48043B57}] => (Allow) LPort=8080 FirewallRules: [{5F0DFB33-4858-4D21-A01B-749853043602}] => (Allow) LPort=2333 FirewallRules: [TCP Query User{18194263-BA42-4AD7-8E2C-B82F1C87C346}E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe] => (Allow) E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe FirewallRules: [uDP Query User{4F5F5A71-3E5C-49FA-B7F3-0D4D0EEF9B7E}E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe] => (Allow) E:\source\d-link 320l add-on\dns-320l_sw_revall_storageutility_windows_5-1-0-3_all_en_20120706\d-link storage utility(5.1.0.3)_20120215.exe FirewallRules: [{DBFEF501-06F4-43BC-9930-F3272E842093}] => (Allow) LPort=5454 FirewallRules: [{560176B1-0634-4F74-AE06-2F9FD5FD3128}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [TCP Query User{0B1859E5-AE3B-4086-8060-A1C8B81017B3}C:\users\solution\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\solution\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{C0E32EC8-4B5C-4E66-8104-233A9907EC5C}C:\users\solution\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\solution\appdata\roaming\spotify\spotify.exe FirewallRules: [{7844BB8F-362A-4321-9F95-490D4965DC6F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe FirewallRules: [{6D7A18A4-300C-4E5A-8538-B0A41285790F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{A21985A9-970A-47C3-BFB2-C40F5AA12285}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{63C5802D-2A38-4201-8D6B-E660ACC806C7}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{4AB7E6D3-BB87-4FBA-9197-AA32C2A38B5D}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{F9B3B913-2ED2-41F7-8761-14EC6D69905A}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{83763C35-F5F8-4E25-B556-200AA819334F}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{CACE2406-04FC-42AD-91AD-DB91428ABEDE}] => (Allow) D:\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe FirewallRules: [{9C06340A-078E-4076-A0D0-45478319E8AF}] => (Allow) D:\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe FirewallRules: [{26D85F4D-6463-4A0E-917D-286A39D97D37}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe FirewallRules: [{1112D57A-3C6E-44B0-8BD1-4DB291939C1E}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe FirewallRules: [{CDAD5E5C-2FD8-4331-837B-EAECF68E8C6C}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe FirewallRules: [{79A78CBB-4D8C-44F3-AA40-0ECC3C75627D}] => (Allow) D:\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe FirewallRules: [{04D1EF47-2595-416B-9F44-DAD7B695629C}] => (Allow) D:\Steam\steamapps\common\Tomb Raider\TombRaider.exe FirewallRules: [{77FA6287-7081-4B9F-BFFD-5227EB9AFF1E}] => (Allow) D:\Steam\steamapps\common\Tomb Raider\TombRaider.exe FirewallRules: [TCP Query User{5F59CA6C-0010-40DE-9766-503CCCAB1833}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe FirewallRules: [uDP Query User{3E4D6583-ED64-4D98-9ECC-2769059ADC7C}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe FirewallRules: [{396DED36-35C1-4158-B7B4-A0A424331A80}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{7A5476B9-9CB9-4C06-923D-8FCF55C64F65}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{45AF83F7-F042-48F0-A32E-C13AE4A0D808}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{9273F2E0-C810-4BA1-8DB9-45D4AB5CC927}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{E36C3496-C022-4DA9-B429-086FA691B94F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{67479C2F-DC81-419F-8A09-A329397CBFD9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{593C44F5-25B0-4DBE-9F2F-F1DB920F346A}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{44E39CF5-F84C-4B20-ADAC-F2C57E0AF1CA}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe FirewallRules: [{21526613-9DF0-4BD1-ACCA-A52C88925FB7}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe FirewallRules: [{57E623AA-4422-41D9-B454-A10F46F0318F}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe FirewallRules: [{245CBA4C-8ACB-4E28-9510-01CA161AC038}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe FirewallRules: [{4E03B313-F094-4FE4-9B21-BA08A0BCC143}] => (Allow) D:\Frontier\EDLaunch\EDLaunch.exe FirewallRules: [TCP Query User{EF2B2373-E38F-42E7-8F44-29E9B1AAC9A6}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [uDP Query User{A0F70403-11B1-4482-8B07-7C3EE3E2DD63}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [TCP Query User{A076A36F-5475-4358-A9EB-8FE125BA2F79}D:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) D:\steam\steamapps\common\dead island\deadislandgame.exe FirewallRules: [uDP Query User{AFFDD373-CD8C-469D-9CD8-A9DF2A3459A5}D:\steam\steamapps\common\dead island\deadislandgame.exe] => (Allow) D:\steam\steamapps\common\dead island\deadislandgame.exe FirewallRules: [{1C650456-5C82-4A08-9EFE-C30A6574609C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4F155C15-0CB3-4223-8EE0-4B6E5575AC7C}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [{C0DCC757-9D1C-450B-9C29-CD49A552AAAD}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [{E1965F69-4347-4C57-9FF6-1F98AC8614A7}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe FirewallRules: [{DEF401F6-5A74-41B3-85FB-10FAF8F11746}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe FirewallRules: [{A2E14456-7B34-4C6D-B9C2-59CE362B3840}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{77F66B83-5C88-4382-8140-E1E37CAC18FA}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{5C3259CF-F4C6-4ECF-A98C-7F2A7A800EF1}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{3A80DB60-8D99-49CA-A7B2-65788B0CC39B}] => (Allow) D:\Steam\steamapps\common\The Forest\TheForest.exe FirewallRules: [{48FFF7A9-17F1-45B5-A080-DBFCAEDE7BB4}] => (Allow) D:\Steam\steamapps\common\Risen 2\system\Risen2.exe FirewallRules: [{AA5EC780-3014-4A26-BD9E-BEB0DFC69235}] => (Allow) D:\Steam\steamapps\common\Risen 2\system\Risen2.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/02/2015 01:55:42 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (05/01/2015 09:35:01 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/29/2015 11:15:55 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/28/2015 10:56:36 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/28/2015 07:16:20 AM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001AC,0x00530194,0000000000000000,0,0000001D94FD0080,4096,[0]). Operation: Query Shadow Copies Error: (04/27/2015 09:43:59 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/26/2015 09:53:17 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/24/2015 09:50:15 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/23/2015 09:26:30 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (04/23/2015 10:43:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. System errors: ============= Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (05/02/2015 01:55:09 AM) (Source: DCOM) (EventID: 10016) (User: X99) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}X99SolutionS-1-5-21-1859955418-491830460-2377010485-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (05/02/2015 01:54:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s). Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Extreme Tuning Utility Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/02/2015 01:54:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (05/02/2015 01:55:42 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (05/01/2015 09:35:01 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/29/2015 11:15:55 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/28/2015 10:56:36 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/28/2015 07:16:20 AM) (Source: VSS) (EventID: 12305) (User: ) Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001AC,0x00530194,0000000000000000,0,0000001D94FD0080,4096,[0]) Operation: Query Shadow Copies Error: (04/27/2015 09:43:59 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/26/2015 09:53:17 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/24/2015 09:50:15 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (04/23/2015 09:26:30 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (04/23/2015 10:43:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement ==================== Memory info =========================== Processor: Intel® Core i7-5820K CPU @ 3.30GHz Percentage of memory in use: 19% Total physical RAM: 16307.71 MB Available physical RAM: 13098.65 MB Total Pagefile: 18739.71 MB Available Pagefile: 14035.78 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.13 GB) (Free:202.14 GB) NTFS Drive d: () (Fixed) (Total:476.81 GB) (Free:145.63 GB) NTFS Drive e: () (Fixed) (Total:2794.39 GB) (Free:2657.2 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================