Jump to content

Recommended Posts

Hi,

 

Following on from this discussion - https://forums.malwarebytes.org/index.php?/topic/175888-malwarebytes-has-stopped-working/#entry1006171- I am posting FRST logs.

 

Basically MBAM Pro stops working when I attempt to scan. MBAM appears to run normally when I manually restart the program.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Tom (administrator) on LAPTOP (10-12-2015 09:44:57)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\VSSX64.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494352 2015-01-27] (Entertainment Experience)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383392 2013-03-13] (Citrix Systems, Inc.)
HKU\S-1-5-21-1218068200-1399591766-2818559320-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-07-27] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-07-27] (SoftThinks SAS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8e74a009-8cb0-471e-b1ad-0f1b3511fdb2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1218068200-1399591766-2818559320-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1218068200-1399591766-2818559320-1001 -> DefaultScope {91CADE3D-4148-499E-A9D4-1E94CF69770D} URL = 
SearchScopes: HKU\S-1-5-21-1218068200-1399591766-2818559320-1001 -> {91CADE3D-4148-499E-A9D4-1E94CF69770D} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-03-13] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-03-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ie/
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Google Hangouts) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [94568 2015-12-03] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 My Dell Learning Center; C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe [22528 2015-01-22] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-05] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2081992 2015-07-29] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2015-01-08] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-12-05] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-12-05] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-10 09:44 - 2015-12-10 09:45 - 00018087 _____ C:\Users\Tom\Desktop\FRST.txt
2015-12-09 21:16 - 2015-12-10 09:44 - 00000000 ____D C:\FRST
2015-12-09 21:16 - 2015-12-09 21:16 - 01696144 _____ (Malwarebytes) C:\Users\Tom\Desktop\mbam-check-2.3.0.0.exe
2015-12-09 21:15 - 2015-12-09 21:16 - 02369024 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-12-09 20:34 - 2015-10-30 07:19 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-09 20:34 - 2015-10-30 07:19 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 20:00 - 2015-12-09 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-09 20:00 - 2015-12-09 20:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-09 20:00 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-09 20:00 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-09 20:00 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-09 19:58 - 2015-12-09 19:59 - 22908888 _____ (Malwarebytes ) C:\Users\Tom\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-09 18:43 - 2015-12-09 18:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-09 17:18 - 2015-12-09 17:19 - 00000000 ____D C:\Users\Tom\Documents\CVs etc
2015-12-08 11:55 - 2015-12-08 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-08 11:52 - 2015-12-08 11:52 - 00000000 ____D C:\Windows.old
2015-12-08 11:49 - 2015-12-08 11:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-08 11:44 - 2015-12-08 11:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-08 11:44 - 2015-12-08 11:44 - 00000000 ____D C:\Program Files\MSBuild
2015-12-08 11:44 - 2015-12-08 11:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-08 11:44 - 2015-12-08 04:12 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-08 11:44 - 2015-10-24 01:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-08 11:44 - 2015-10-24 01:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-08 11:44 - 2015-10-24 01:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-08 11:43 - 2015-10-24 01:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-08 11:43 - 2015-10-24 01:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-08 11:43 - 2015-10-24 01:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-08 07:08 - 2015-12-08 07:08 - 00000000 ____D C:\Users\Tom\AppData\Local\ActiveSync
2015-12-08 07:06 - 2015-12-08 07:06 - 00000020 ___SH C:\Users\Tom\ntuser.ini
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-08 04:22 - 2015-12-08 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-08 04:17 - 2015-12-09 20:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-08 04:11 - 2015-12-08 04:11 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-08 04:11 - 2015-12-08 04:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-12-08 04:11 - 2015-12-08 04:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-12-08 04:06 - 2015-12-08 04:12 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-08 04:04 - 2015-12-08 21:36 - 00000000 ____D C:\Users\Tom
2015-12-08 04:04 - 2015-12-08 04:04 - 00000000 _SHDL C:\Users\Tom\My Documents
2015-12-08 04:04 - 2015-12-08 04:04 - 00000000 _SHDL C:\Users\Tom\Documents\My Videos
2015-12-08 04:04 - 2015-12-08 04:04 - 00000000 _SHDL C:\Users\Tom\Documents\My Pictures
2015-12-08 04:04 - 2015-12-08 04:04 - 00000000 _SHDL C:\Users\Tom\Documents\My Music
2015-12-08 04:01 - 2015-12-10 08:04 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-08 04:01 - 2015-12-08 04:01 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-12-08 04:01 - 2015-12-08 04:01 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-08 04:01 - 2015-12-08 04:01 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-08 04:01 - 2015-12-08 04:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-08 04:01 - 2015-12-08 04:01 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-08 04:01 - 2015-12-08 04:01 - 00000000 ____D C:\Program Files\Realtek
2015-12-08 04:01 - 2015-07-17 22:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-08 04:01 - 2015-07-17 22:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-08 04:00 - 2015-12-08 04:06 - 00000000 ____D C:\Program Files\Intel
2015-12-08 03:59 - 2015-12-08 03:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-12-08 03:59 - 2015-10-30 07:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-08 03:56 - 2015-12-09 20:33 - 00372056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-05 18:32 - 2015-12-05 18:32 - 72130584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2015-12-05 18:32 - 2015-12-05 18:32 - 13242880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 13078352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 12126952 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-12-05 18:32 - 2015-12-05 18:32 - 04518136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-12-05 18:32 - 2015-12-05 18:32 - 03709056 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2015-12-05 18:32 - 2015-12-05 18:32 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 03269440 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 02999808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 02935544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 02880873 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-12-05 18:32 - 2015-12-05 18:32 - 02856704 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 02719992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-12-05 18:32 - 2015-12-05 18:32 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 02001056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01991784 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01766136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01764432 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01416832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01351176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01231248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01183352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 01015608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00930848 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00896744 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2015-12-05 18:32 - 2015-12-05 18:32 - 00784312 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00759208 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00693032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00692520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00659872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00657304 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00591640 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00588120 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00545824 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00422432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00342280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00339136 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00283928 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00263952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2015-12-05 18:32 - 2015-12-05 18:32 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00242448 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00232712 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00212256 _____ (Waves Audio) C:\WINDOWS\system32\MaxxAudioVienna264.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00187280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00174632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00131024 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00108696 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00084048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00079296 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2015-12-05 18:32 - 2015-12-05 18:32 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-12-01 21:45 - 2015-12-09 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 20:41 - 2015-11-28 20:41 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-11-14 09:03 - 2015-11-14 09:03 - 00000023 _____ C:\Users\Tom\Desktop\mbam.txt
2015-11-13 16:33 - 2015-12-08 23:25 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-11-13 16:33 - 2015-12-08 04:17 - 00003814 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-13 16:33 - 2015-12-08 04:17 - 00002984 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-11-13 16:33 - 2015-11-13 16:33 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Dell
2015-11-13 16:33 - 2015-11-13 16:33 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-13 16:33 - 2015-11-13 16:33 - 00000000 ____D C:\Program Files\Dell Support Center
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-10 09:44 - 2015-10-30 06:28 - 00000000 ____D C:\Windows
2015-12-10 09:22 - 2015-08-02 19:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 09:19 - 2015-07-21 18:53 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 09:09 - 2015-05-27 03:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-12-10 08:04 - 2015-07-21 18:53 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 08:04 - 2015-07-21 18:42 - 00000000 __SHD C:\Users\Tom\IntelGraphicsProfiles
2015-12-09 21:51 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-09 21:18 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-09 21:14 - 2015-08-07 18:37 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-09 20:33 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-09 20:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-09 20:31 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-09 20:31 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-09 20:23 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 18:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-09 17:15 - 2015-07-21 19:44 - 00000000 ____D C:\Users\Tom\AppData\Roaming\uTorrent
2015-12-09 14:03 - 2015-08-06 21:20 - 00094736 _____ C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-09 10:50 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-09 08:35 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-09 03:39 - 2015-10-15 06:23 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 22:53 - 2015-08-07 20:29 - 00000000 ____D C:\Users\Tom\AppData\Local\Comms
2015-12-08 21:24 - 2015-07-24 23:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 21:17 - 2015-07-24 23:05 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:03 - 2015-07-21 18:43 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2015-12-08 20:59 - 2015-08-07 20:33 - 00002372 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-08 20:59 - 2015-08-01 10:12 - 00000000 __RDO C:\Users\Tom\OneDrive
2015-12-08 20:58 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-08 11:55 - 2015-10-30 07:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-08 07:06 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-08 07:06 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-08 07:06 - 2015-07-21 18:26 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-08 04:23 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-08 04:22 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-08 04:21 - 2015-08-07 17:50 - 00019053 _____ C:\WINDOWS\diagwrn.xml
2015-12-08 04:21 - 2015-08-07 17:50 - 00019053 _____ C:\WINDOWS\diagerr.xml
2015-12-08 04:20 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-08 04:20 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-08 04:18 - 2015-08-07 18:38 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-08 04:17 - 2015-10-23 18:51 - 00002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-12-08 04:17 - 2015-10-10 11:29 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-08 04:17 - 2015-07-24 20:38 - 00003276 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-12-08 04:17 - 2015-07-21 18:53 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-08 04:17 - 2015-07-21 18:53 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-08 04:17 - 2015-07-21 18:48 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1218068200-1399591766-2818559320-1001
2015-12-08 04:17 - 2015-05-27 03:47 - 00003046 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-12-08 04:17 - 2015-05-27 03:47 - 00002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-12-08 04:17 - 2015-05-27 03:37 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2015-12-08 04:17 - 2015-05-27 03:37 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-12-08 04:17 - 2015-05-27 03:26 - 00002342 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2015-12-08 04:16 - 2015-10-30 07:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-08 04:12 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-08 04:12 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-08 04:12 - 2015-08-15 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-08 04:12 - 2015-08-03 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-08 04:12 - 2015-07-21 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-08 04:12 - 2015-05-27 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB
2015-12-08 04:12 - 2015-05-27 03:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-08 04:12 - 2015-05-27 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueColor
2015-12-08 04:12 - 2015-05-27 03:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-12-08 04:11 - 2015-07-10 09:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-08 04:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-12-08 04:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-12-08 04:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-12-08 04:09 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-08 04:09 - 2015-05-27 03:42 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-08 04:09 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-08 04:09 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-12-08 04:08 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-08 04:07 - 2015-10-30 09:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-08 04:07 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-08 04:07 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-08 04:07 - 2015-10-03 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-08 04:07 - 2015-08-03 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-12-08 04:07 - 2015-07-21 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-08 04:07 - 2015-05-27 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Dell
2015-12-08 04:07 - 2015-05-27 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-08 04:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-08 04:06 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-08 04:06 - 2015-05-27 03:47 - 00000000 ____D C:\Program Files\Intel Corporation
2015-12-08 04:04 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-08 03:56 - 2015-10-30 09:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-08 03:31 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-07 20:43 - 2015-10-16 06:34 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2015-12-05 20:43 - 2015-05-27 03:48 - 00000000 ____D C:\Program Files\Dell
2015-12-05 16:17 - 2015-08-15 20:15 - 00000000 ____D C:\Users\Tom\AppData\Roaming\vlc
2015-12-05 14:15 - 2015-08-15 20:15 - 00000000 ____D C:\Users\Tom\AppData\Roaming\dvdcss
2015-11-29 10:10 - 2015-10-07 19:23 - 00000000 ____D C:\Users\Tom\Documents\DHRM
2015-11-27 22:37 - 2015-10-10 11:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-14 23:24 - 2015-10-03 15:08 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2015-08-16 10:19 - 2015-08-16 10:19 - 0000000 _____ () C:\Users\Tom\AppData\Local\{402FEA76-CBF9-4DA3-978A-90429DAEBF60}
2015-12-08 04:01 - 2015-12-08 04:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-27 03:40 - 2015-05-27 03:40 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-05-27 03:37 - 2015-05-27 03:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-05-27 03:38 - 2015-05-27 03:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-05-27 03:39 - 2015-05-27 03:40 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-05-27 03:36 - 2015-05-27 03:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-08 03:56
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Tom (2015-12-10 09:45:47)
Running from C:\Users\Tom\Desktop
Windows 10 Home (X64) (2015-12-08 04:22:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1218068200-1399591766-2818559320-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1218068200-1399591766-2818559320-503 - Limited - Disabled)
Guest (S-1-5-21-1218068200-1399591766-2818559320-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1218068200-1399591766-2818559320-1003 - Limited - Enabled)
Tom (S-1-5-21-1218068200-1399591766-2818559320-1001 - Administrator - Enabled) => C:\Users\Tom
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.100.7 - Citrix Systems, Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.0.22 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{243E6515-D9FC-4A52-80A8-64E286CCDDCD}) (Version: 3.0.900.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\InstallShield_{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.)
Dell Power Manager Lite (x32 Version: 1.0.0.1 - Compal Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fbf500b4-f515-42af-b355-6f006f6c2359}) (Version: 17.13.11 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5073.103 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
My Dell Learning Center (HKLM\...\{DC451A89-545E-4297-AC2C-9F239CE7D695}) (Version: 1.0.510.0 - Dell Inc.)
Online Plug-in (x32 Version: 13.4.100.7 - Citrix Systems, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sony PC Companion 2.10.281 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.281 - Sony)
True Color (HKLM-x32\...\{992885f0-c469-4089-9719-24e16f896fc1}) (Version: 6.0.0.10 - Entertainment Experience)
True Color (Version: 6.0.0.10 - Entertainment Experience LLC) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-12-2015 21:14:14 Windows Update
08-12-2015 21:15:16 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A3E48B1-75CF-4EBF-A8B0-DB4F860B5EB3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {0D67D305-553B-421C-BCBC-DEFB98E3165E} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {2DEA7D4E-2BD4-4D6B-9A91-8D127EB62D08} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {36741182-6F27-4333-A826-D85383A509D1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {3CF55F81-479B-494A-917D-3D248C95497C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3D94A171-D80C-44DE-AE57-1B1832703400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {48AA57F7-5755-41F8-9917-5D0D95E6CDF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4C57FCD2-901F-4CC5-85CF-05EB5C894ABF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {50ADB7D0-3923-4107-BF4A-7C7654700A0B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {54ECF559-C3F5-4B31-A1FC-F41A81288C7E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {5D46ACEF-7484-4C84-8C97-CC6EBA708FEA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6611C0A0-7371-45CC-8401-0A3DAF1BEB4C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {77304E78-A91A-4EA9-92BB-3E4CD1299D62} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {780A84BB-8FF3-45D2-9076-74825420EBB5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {91172D25-CC5F-4AF8-BAD2-D8D70BE08BB7} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {B49EE3DE-03D7-4FD3-87A1-4F091D1A631B} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {BE4948FE-2AEB-4B88-B00D-2B2FB21FF274} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {BEAE16DE-E653-4DFE-BEC6-470C69040725} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C1857299-5FFC-475F-9E31-FF8F01986365} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C65286D9-8EA3-406D-B455-361B75D00D24} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CF31D9E9-DC22-4EF0-A3CF-CC9D4C8E059F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8B32630-21D8-4D04-B3DF-A0D1646E18F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D9018232-849E-41D9-A007-36DF8D413FB6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD538379-6E49-41EC-9413-80BBBEE7A19D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E0FFA86A-F442-4CA7-B62E-84B6EBB7FE1C} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-05] (Realtek Semiconductor)
Task: {E2E517FD-385C-467A-8CD5-B5F8919B4F89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {FA93BA14-8029-46C7-9269-DAA358C53894} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDFS.job => iv bV cmd /c sc start Dell Foundation Services WORKGROUP LAPTOP
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start My Dell Learning Center WORKGROUP LAPTOP
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-08 04:12 - 2015-01-08 04:12 - 00094160 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2015-01-22 21:37 - 2015-01-22 21:37 - 00022528 _____ () C:\Program Files\Dell\My Dell Learning Center\MDLCSvc.exe
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-11-13 12:52 - 2014-11-13 12:52 - 00466432 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2015-10-30 07:17 - 2015-10-30 07:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-30 07:17 - 2015-10-30 07:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 07:17 - 2015-10-30 07:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 07:17 - 2015-10-30 07:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 21:32 - 2015-12-08 21:32 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 07:18 - 2015-10-30 09:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 07:18 - 2015-10-30 09:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 07:18 - 2015-10-30 09:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 07:18 - 2015-10-30 09:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-10 14:37 - 2014-10-10 14:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-27 03:37 - 2013-03-05 03:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 16:41 - 2013-03-05 16:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-08 21:32 - 2015-12-08 21:32 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-08 21:32 - 2015-12-08 21:33 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-31 15:29 - 2015-07-31 20:58 - 01608432 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-05-27 03:51 - 2012-11-26 03:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-05-27 03:49 - 2014-02-18 19:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-12-09 20:20 - 2015-12-04 21:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-09 20:20 - 2015-12-04 21:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1218068200-1399591766-2818559320-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKU\S-1-5-21-1218068200-1399591766-2818559320-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1218068200-1399591766-2818559320-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{760D1041-E5BF-4A6A-965B-F6308C2D0850}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{115C3F00-93BA-4727-A41D-085023FC6FC6}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E0BC0F4A-F04D-4537-9700-3D38B7E5854C}] => (Block) C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{81496231-2EEB-409A-AEC5-E8BD0679EF81}] => (Block) C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [uDP Query User{AC5CAF36-F61B-41FF-B216-480576834E82}C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [TCP Query User{7275A2ED-E4A6-4B40-BB55-7DABDB3D586F}C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\tom\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{521D0C2A-3A22-4726-9C7E-B2F5EE26D216}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C9226414-BCFC-4B7F-AE55-488D440F133D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F0CE8D70-665E-41B6-8BEA-C6C8D5825513}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{7864B6A4-1188-4EB5-97C3-F3D87EF1F2E6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BE156CA5-BDAE-4A86-B8AC-88A78FCA9A51}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{95A6BA43-3F4C-4721-AD41-9E6B4EE0874D}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{67713371-9410-4349-AF2E-54F56561EBF3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C4120EEC-C05A-48F9-AC34-D179CC09EE02}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F4EB9260-2123-406E-A583-D00C635E4BBD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A1D865D8-6AE0-46E8-BB83-98842286C352}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{43CBC4A1-54E8-4ACC-82D3-8D29DC686D70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2015 09:09:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/10/2015 08:59:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x740
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/09/2015 08:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x2c8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/09/2015 08:34:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/09/2015 08:34:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (12/09/2015 08:34:17 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (12/09/2015 08:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1350
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/09/2015 08:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1514
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/09/2015 07:55:19 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/09/2015 07:55:19 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (12/10/2015 09:01:08 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
 
Error: (12/10/2015 08:07:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (12/09/2015 11:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_af03d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/09/2015 11:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_af03d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/09/2015 11:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_af03d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/09/2015 11:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_af03d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/09/2015 11:34:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/09/2015 11:33:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
 
Error: (12/09/2015 11:09:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
 
Error: (12/09/2015 11:08:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
 
 
CodeIntegrity:
===================================
  Date: 2015-12-09 20:34:55.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-09 10:49:30.574
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-08 21:39:21.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-08 04:17:33.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-08 04:16:10.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-08 03:58:14.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8102.68 MB
Available physical RAM: 5315.5 MB
Total Virtual: 10022.68 MB
Available Virtual: 7004.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.72 GB) (Free:850.44 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:7.97 GB) (Free:0.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 558507CE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 

Any help appreciated.

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

Your PC seems clean. I see no obvious reason why would MalwareBytes behave like this. 
 
 
Let's try to perform Check Disk. Then I want you to run MalwareBytes Clean tool two times and after that install MalwareBytes again. I'll be away for couple of hours from now.
 
 
2eyjdoj.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

Update:

 

Ran the first scan of the newly installed MBAM Pro and it stopped working.

 

The application/ event log for this is:

 

Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1a10
Faulting application start time: 0x01d13444437d089d
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: b5126d13-c2b2-4ff0-9fed-b956b5653095
Faulting package full name: 

Faulting package-relative application ID:  

 

Can this issue be referred elsewhere?

 

Thanks again.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.