Page 2 of 2 First 12
  1. #21
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    Glad removing McAfee took care of the issues you were having. Malwarebytes Anti-Malware is not an antivirus software and will not conflict with Windows Defender. So, to get Windows Defender working, the first thing to do is check that the service is running.

    1. Please follow these steps to start the service:

    • Press “Windows Logo” + “R” keys on the keyboard to open the “Run” command box.
    • Type “Services.msc” in the “Run” command box and press “Enter”.
    • In the “Services” window, search for the “Windows Defender” service from that list.
    • Double-click on it to open its “Properties” window.
    • From its “Properties” window, click on “Start” when the service is stopped and also change its “Startup Type” to “Automatic”.
    • Click on “Apply” and “Ok”.
    • Restart the computer.


    2. To enable Windows Defender do the following:
    • Open Settings and select "Real-time protection". Ensure the box is checked next to "Turn on real-time protection (recommended)"
    • Go to Control Panel\All Control Panel Items\Action Center
    • Expand "Security"
    • If either or both "Spyware and unwanted software protection (Important) and "Virus protection (Important)" have a red bar next to them, click "Turn on now".


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #22
    Sysnative Staff
    BSOD Kernel Dump Analyst
    Contributor
    axe0's Avatar
    Join Date
    May 2015
    Location
    The Netherlands
    Age
    22
    Posts
    692
    • specs System Specs
      • Manufacturer:
        Custom build
      • Motherboard:
        Gigabyte B150-HD3P-CF
      • CPU:
        Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
      • Memory:
        16GB DDR4 Crucial Ballistix Sport LT BLS8G4D240F
      • Graphics:
        Intel(R) HD Graphics 530
      • Sound Card:
        (1) Intel(R) Display Audio (2) Realtek HD Audio
      • Hard Drives:
        Crucial MX200 500GB & 2x Toshiba DT01ACA300
      • Power Supply:
        Corsair RM550x
      • Case:
        Fractal Design Define S
      • Cooling:
        Cooler Master TX3 i
      • Display:
        24" Liyama ProLite XB2483HSU-B2 & 24" Dell Ultrasharp U2414H
      • Operating System:
        Windows 10 Pro

    Re: Errors on my laptop running Windows 8.1

    Windows Defender may be kept disabled if the removal tool didn't do its job correct.
    Malwarebytes can be used alongside most AV's including the standard AV, it doesn't matter if you use the premium version or the free version.

  3. #23
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    Hi, eparvus. Did you get Windows Defender working?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #24

    Re: Errors on my laptop running Windows 8.1

    Morning Corrine

    Sorry for taking so long to reply, I've been off for a few days. Ive just been following your instructions on starting up windows defender and i get the following error:

    Error 577: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Since I've tried this every time i open my recycle bin my screen goes black, I still have the task bar visible at the bottom of the screen and then it opens back onto the desktop.

  5. #25
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    Hi, eparvus.

    Generally, that error is because of leftovers from a previously uninstalled antivirus. The steps that I provided are illustrated at [FIX] Windows Could Not Start The Windows Defender Network Inspection Service On Local Computer. Please be sure you have followed FIX 1 carefully. If not successful, we can check for McAfee leftovers if you would like to provide fresh FRST logs. If you do so, be sure to check "Addition.txt" before starting the scan.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #26

    Re: Errors on my laptop running Windows 8.1

    Hi Corrine

    I followed those instructions but unfortunately no success. I have done another scan and have attached below for you.

    FRST Scan

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by eparvus (administrator) on WORK_LAPTOP (19-04-2016 12:53:23)
    Running from C:\Users\Edan\Desktop\Malware Removal Tools
    Loaded Profiles: eparvus (Available Profiles: eparvus)
    Platform: Windows 8.1 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-05-08] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-12-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-10] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1176632 2015-06-30] (Spotify Ltd)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2014-12-03] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-03-19] ()
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Chromium] => "c:\users\edan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [15698792 2016-02-29] (eM Client s.r.o.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    Startup: C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-17] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1C84DDF6-6053-411B-B1A6-2728C43E35C9}: [DhcpNameServer] 40.42.1.201 40.42.1.203
    Tcpip\..\Interfaces\{4576CB61-C54C-4A88-8779-83836B12E07A}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    SearchScopes: HKLM -> DefaultScope {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-30525436-3099372120-3077259939-1001 -> {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Edan\AppData\Roaming\Mozilla\Firefox\Profiles\t73w7jeu.default
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_suma_16_15&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0CzytA0AtBzz0DtAyD0E0DzztAtAyEtN0D0Tzu0StCyDyCtBtN1L2XzutAtFtBtDtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0A0CtA0AtByEyEtGyBtDtC0CtGyB0FyD0CtGtCtDyEtBtGyEzzyEyByB0C0C0CyEyByCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyB0DyBzy0CyEtGtB0Dzz0BtGyEtDtB0EtG0A0DyDyEtGtCtDyB0F0EtByBzz0EyByEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyEyB%26cr%3D1735998293%26a%3Dwncy_suma_16_15%26os_ver%3D6.3%26os%3DWindows%2B8.1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-16] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-28] () [File not signed]
    S4 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
    S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [115200 2015-04-28] (Advanced Micro Devices) [File not signed]
    S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
    S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
    S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
    S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19928 2015-03-24] ()
    S4 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-05-08] (ELAN Microelectronics Corp.)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S4 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2015-03-26] (Advanced Micro Devices, Inc.)
    S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-11-24] (Toshiba Europe GmbH)
    S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305904 2015-06-10] (Advanced Micro Devices)
    R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
    R3 AmdGpio2; C:\Windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.)
    S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-03-26] (Advanced Micro Devices, Inc. )
    R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-03-26] (Advanced Micro Devices, Inc. )
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-02-13] (Advanced Micro Devices)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24592 2015-05-12] (ELAN Microelectronic Corp.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
    R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [49368 2014-12-17] (Realtek Microelectronics)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4104408 2015-05-14] (Realtek Semiconductor Corporation )
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (Toshiba Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-18 17:00 - 2016-04-18 19:03 - 00000000 ____D C:\Users\Edan\Downloads\I.Am.Wrath.2016.WEB-DL.x264-FGT
    2016-04-18 17:00 - 2016-04-18 17:03 - 00000000 ____D C:\Users\Edan\Downloads\Holidays.2016.WEB-DL.x264-FGT
    2016-04-18 14:28 - 2016-04-18 17:01 - 00000000 ____D C:\Users\Edan\Downloads\London.Has.Fallen.2016.HDRip.KORSUB.x264-STUTTERSHIT
    2016-04-18 13:34 - 2016-04-18 18:39 - 00000000 ____D C:\Users\Edan\Downloads\Colonia.2015.WEB-DL.XviD.MP3-FGT
    2016-04-18 09:24 - 2016-04-18 09:24 - 00001486 _____ C:\Users\Edan\Desktop\MailClient.exe - Shortcut.lnk
    2016-04-17 23:21 - 2016-04-17 23:21 - 00000218 _____ C:\Users\Edan\AppData\Local\recently-used.xbel
    2016-04-16 22:38 - 2016-04-18 09:06 - 00000000 ____D C:\Users\Edan\Desktop\Movies
    2016-04-15 12:17 - 2016-04-15 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-14 20:26 - 2016-04-19 00:34 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E17.HDTV.x264-FLEET[rarbg]
    2016-04-14 12:56 - 2016-04-18 10:43 - 00000000 ____D C:\Users\Edan\Desktop\HSE requirements MECP - Abril 2016
    2016-04-14 12:55 - 2016-04-14 12:55 - 00000000 ____D C:\Users\Edan\AppData\Roaming\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2016-04-14 11:33 - 2016-04-16 22:41 - 00000000 ____D C:\Users\Edan\Downloads\American Crime Story
    2016-04-14 10:39 - 2016-04-19 12:22 - 00000000 ____D C:\Users\Edan\AppData\Roaming\eM Client
    2016-04-14 10:36 - 2016-04-14 10:47 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
    2016-04-14 10:36 - 2016-04-14 10:36 - 00000000 ____D C:\Program Files (x86)\eM Client
    2016-04-11 22:21 - 2016-04-11 22:21 - 00005546 _____ C:\Users\Edan\Desktop\ListChkdskResult.txt
    2016-04-11 22:20 - 2016-04-11 22:20 - 00197679 _____ C:\Users\Edan\Desktop\ListChkdskResult.exe
    2016-04-11 17:00 - 2016-04-11 17:00 - 00000000 ____D C:\Users\Edan\AppData\Roaming\LibreOffice
    2016-04-11 16:58 - 2016-04-14 10:47 - 00001510 _____ C:\Users\Public\Desktop\LibreOffice 5.1.lnk
    2016-04-11 16:58 - 2016-04-11 16:58 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
    2016-04-11 16:55 - 2016-04-11 16:58 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
    2016-04-11 14:19 - 2016-04-11 14:37 - 00000000 ____D C:\Users\Edan\AppData\Local\Chromium
    2016-04-11 14:14 - 2016-04-11 14:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-04-11 13:23 - 2016-04-12 21:31 - 00000000 ____D C:\Users\Edan\AppData\Local\Kingsoft
    2016-04-11 13:23 - 2016-04-11 14:11 - 00000000 ____D C:\Users\Edan\AppData\Roaming\kingsoft
    2016-04-11 12:26 - 2016-04-11 12:26 - 00000000 ____D C:\Windows\SSuite Office Installations
    2016-04-11 11:05 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2016-04-11 11:05 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2016-04-11 11:05 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
    2016-04-11 11:05 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2016-04-11 11:04 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2016-04-11 11:04 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2016-04-11 11:04 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2016-04-11 11:03 - 2016-04-04 07:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-04-11 11:03 - 2016-04-02 14:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-04-11 11:03 - 2016-04-02 14:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-04-11 11:03 - 2016-02-04 19:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
    2016-04-11 11:03 - 2016-01-31 20:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-04-11 11:03 - 2016-01-31 19:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-04-11 11:03 - 2016-01-31 18:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-04-11 11:03 - 2016-01-31 18:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-04-11 11:03 - 2016-01-31 17:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-04-11 11:03 - 2016-01-31 17:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-04-11 11:03 - 2015-12-16 18:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2016-04-11 11:03 - 2015-12-16 17:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2016-04-11 11:03 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
    2016-04-11 11:03 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
    2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
    2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
    2016-04-11 11:03 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2016-04-11 11:03 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2016-04-11 11:03 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
    2016-04-11 11:03 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2016-04-11 11:02 - 2016-02-04 18:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
    2016-04-11 11:02 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2016-04-11 11:02 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
    2016-04-11 11:02 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2016-04-11 10:03 - 2016-04-11 10:48 - 00161707 _____ C:\Windows\system32\sfcdetails.txt
    2016-04-09 03:04 - 2016-04-09 03:04 - 00000000 ____D C:\Program Files (x86)\ESET
    2016-04-07 21:12 - 2016-04-07 21:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Macromedia
    2016-04-07 21:10 - 2016-04-08 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-04-07 21:10 - 2016-04-07 21:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-04-07 11:37 - 2016-04-19 12:53 - 00000000 ____D C:\FRST
    2016-04-07 11:35 - 2016-04-18 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-04-07 11:35 - 2016-04-14 10:47 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-04-07 11:35 - 2016-04-14 10:47 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-04-07 11:35 - 2016-04-07 11:41 - 00000000 ____D C:\Users\Edan\AppData\Local\Mozilla
    2016-04-07 11:34 - 2016-04-16 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-04-07 11:06 - 2016-04-19 12:53 - 00000000 ____D C:\Users\Edan\Desktop\Malware Removal Tools
    2016-04-06 11:35 - 2016-04-06 11:35 - 02884096 _____ (niemiro) C:\Users\Edan\Desktop\SFCFix.exe
    2016-04-05 21:05 - 2016-04-05 21:05 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E10.HDTV.x264-FLEET[rarbg]
    2016-04-05 13:39 - 2016-04-05 13:44 - 00000000 ____D C:\Users\Edan\Desktop\MARTIFER SOLAR
    2016-04-04 20:05 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E10.HDTV.x264-FLEET[rarbg]
    2016-04-04 18:35 - 2016-04-17 16:32 - 00000000 ____D C:\Users\Edan\Downloads\Blue Bloods
    2016-04-04 18:34 - 2016-04-17 16:31 - 00000000 ____D C:\Users\Edan\Downloads\Fresh off the Boat
    2016-04-04 15:24 - 2016-04-14 10:47 - 00001719 _____ C:\Users\Public\Desktop\Recuva.lnk
    2016-04-04 15:24 - 2016-04-04 15:28 - 00000000 ____D C:\Program Files\Recuva
    2016-04-04 15:24 - 2016-04-04 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2016-04-04 15:12 - 2016-04-16 22:39 - 00000000 ____D C:\Users\Edan\Downloads\Vikings
    2016-04-04 13:29 - 2016-04-04 14:05 - 00000000 ____D C:\Users\Edan\Downloads\Bloodline.S01E06.WEBRip.x264-2HD[rarbg]
    2016-04-04 11:35 - 2016-04-04 11:35 - 00872506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-04-02 13:01 - 2016-04-02 13:01 - 00000000 ____D C:\Users\Edan\Desktop\WoW Tank
    2016-04-01 13:49 - 2016-04-01 13:50 - 00000597 _____ C:\DelFix.txt
    2016-04-01 13:45 - 2016-04-01 13:45 - 00000000 ____D C:\ProgramData\ESET
    2016-04-01 13:44 - 2016-04-01 13:44 - 02991832 _____ (ESET) C:\Users\Edan\Desktop\ERARemover_x64.exe
    2016-04-01 10:56 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Mozilla
    2016-04-01 10:53 - 2016-04-01 10:53 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
    2016-04-01 10:51 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Company
    2016-04-01 10:51 - 2016-04-01 10:51 - 00000002 _____ C:\END
    2016-04-01 10:51 - 2016-04-01 10:51 - 00000000 ____D C:\uninst
    2016-04-01 10:50 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\QuickSearch
    2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\KokoMoss
    2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\comoBoss
    2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\Tempfolder
    2016-04-01 10:48 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2016-03-31 11:38 - 2016-03-31 11:38 - 00071658 _____ C:\Users\Edan\Desktop\Copy of Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-19 12:26 - 2015-12-13 16:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-30525436-3099372120-3077259939-1001
    2016-04-19 12:26 - 2014-11-21 00:09 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-19 12:26 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
    2016-04-19 12:23 - 2015-12-14 00:19 - 00000000 ___RD C:\Users\Edan\Dropbox
    2016-04-19 12:22 - 2015-12-15 09:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-19 12:22 - 2015-12-13 16:31 - 00000000 ___DO C:\Users\Edan\OneDrive
    2016-04-19 12:21 - 2015-06-30 03:11 - 00065536 _____ C:\Windows\psp_storage.bin
    2016-04-19 12:21 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-19 12:21 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-04-19 10:53 - 2015-12-13 18:02 - 00000000 ____D C:\Users\Edan\AppData\Local\Battle.net
    2016-04-19 00:39 - 2015-12-16 23:56 - 00000000 ____D C:\Users\Edan\AppData\Roaming\vlc
    2016-04-18 21:32 - 2015-12-13 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-04-18 21:31 - 2015-12-13 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-04-18 11:00 - 2016-02-13 21:03 - 00000000 ____D C:\Users\Edan\AppData\Local\ElevatedDiagnostics
    2016-04-15 12:17 - 2015-12-14 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-04-14 13:57 - 2015-12-14 00:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Dropbox
    2016-04-14 10:47 - 2016-03-01 20:03 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
    2016-04-14 10:47 - 2016-02-26 09:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2016-04-14 10:47 - 2016-01-24 21:36 - 00001288 _____ C:\Users\Public\Desktop\TSMApplication.lnk
    2016-04-14 10:47 - 2016-01-14 21:33 - 00001822 _____ C:\Users\Edan\Desktop\MagicISO.lnk
    2016-04-14 10:47 - 2015-12-19 02:50 - 00001036 _____ C:\Users\Public\Desktop\Notepad++.lnk
    2016-04-14 10:47 - 2015-12-15 09:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-14 10:47 - 2015-12-14 23:10 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-04-14 10:47 - 2015-12-14 00:19 - 00001253 _____ C:\Users\Edan\Desktop\Dropbox.lnk
    2016-04-14 10:47 - 2015-12-14 00:07 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-04-14 10:47 - 2015-12-14 00:07 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-04-14 10:47 - 2015-12-13 18:46 - 00001253 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
    2016-04-14 10:47 - 2015-12-13 18:02 - 00001161 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2016-04-14 10:47 - 2015-12-13 16:25 - 00001453 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-04-14 10:47 - 2015-12-13 16:22 - 00000469 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2016-04-14 10:47 - 2015-12-13 16:22 - 00000467 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00000338 _____ C:\Users\Public\Desktop\Booking.com.lnk
    2016-04-14 10:47 - 2015-06-30 04:05 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    2016-04-14 10:47 - 2015-06-30 04:05 - 00002087 _____ C:\Users\Public\Desktop\eBay.lnk
    2016-04-14 10:47 - 2015-06-30 03:55 - 00002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
    2016-04-14 10:47 - 2015-06-30 03:55 - 00002545 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
    2016-04-14 10:47 - 2015-06-30 03:54 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-04-14 10:47 - 2015-06-30 03:52 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2016-04-14 10:47 - 2015-06-30 03:52 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
    2016-04-14 10:47 - 2015-06-30 03:42 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
    2016-04-13 00:19 - 2015-06-30 04:10 - 00000000 ____D C:\ProgramData\McAfee
    2016-04-13 00:15 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
    2016-04-13 00:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-04-13 00:15 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2016-04-13 00:14 - 2015-06-30 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-04-13 00:14 - 2015-06-29 20:19 - 00000000 ____D C:\Users\Administrator
    2016-04-13 00:13 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Local\Packages
    2016-04-13 00:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-04-12 21:31 - 2013-08-22 15:44 - 05160664 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-12 21:30 - 2015-12-13 22:32 - 00178893 ____H C:\Users\Edan\AppData\Local\IconCache.db.backup
    2016-04-12 21:30 - 2015-06-30 03:14 - 01152326 _____ C:\Windows\SysWOW64\rootpa.e2e
    2016-04-12 21:26 - 2015-12-17 14:36 - 00000000 ____D C:\Users\Edan\AppData\Local\Deployment
    2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2016-04-11 13:25 - 2015-12-13 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-04-11 11:15 - 2016-01-20 12:12 - 00000000 ____D C:\Windows\system32\appraiser
    2016-04-11 11:14 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-04-11 11:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
    2016-04-11 08:41 - 2015-12-13 17:52 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0472D516-BDDE-4B90-A602-E2488620D075}
    2016-04-10 12:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-04-09 08:41 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\Downloaded Program Files
    2016-04-08 19:29 - 2015-06-30 04:25 - 00000000 ____D C:\Windows\OemDrv
    2016-04-08 19:23 - 2015-01-21 19:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-04-08 19:21 - 2014-11-20 23:51 - 00000000 ____D C:\Windows\ShellNew
    2016-04-08 19:20 - 2013-08-22 14:25 - 00000108 _____ C:\Windows\win.ini
    2016-04-08 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-04-08 17:02 - 2015-12-13 23:31 - 00000000 ____D C:\Users\Edan\Documents\Outlook Files
    2016-04-08 14:42 - 2016-02-04 17:27 - 00000000 ____D C:\Users\Edan\Desktop\Fråncis Court
    2016-04-07 21:10 - 2015-12-14 00:06 - 00000000 ____D C:\Users\Edan\AppData\Local\Adobe
    2016-04-07 11:00 - 2015-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Google
    2016-04-06 08:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
    2016-04-05 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
    2016-04-04 16:27 - 2016-01-18 21:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
    2016-04-04 13:29 - 2015-12-13 16:22 - 00000000 ____D C:\Users\Edan
    2016-04-01 16:28 - 2015-12-14 00:07 - 00000000 ____D C:\ProgramData\Adobe
    2016-04-01 16:27 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\Adobe
    2016-04-01 16:27 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Adobe
    2016-04-01 12:55 - 2015-06-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\system32\GWX
    2016-03-22 15:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp

    ==================== Files in the root of some directories =======

    2016-04-17 23:21 - 2016-04-17 23:21 - 0000218 _____ () C:\Users\Edan\AppData\Local\recently-used.xbel

    Some files in TEMP:
    ====================
    C:\Users\Edan\AppData\Local\Temp\ICReinstall_LibreOffice_Setup.exe
    C:\Users\Edan\AppData\Local\Temp\McCSPInstall.dll
    C:\Users\Edan\AppData\Local\Temp\mccspuninstall.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-28 08:32

    ==================== End of FRST.txt ============================

    Addition Scan

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by eparvus (2016-04-19 12:53:52)
    Running from C:\Users\Edan\Desktop\Malware Removal Tools
    Windows 8.1 (X64) (2015-12-13 15:24:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-30525436-3099372120-3077259939-500 - Administrator - Disabled)
    eparvus (S-1-5-21-30525436-3099372120-3077259939-1001 - Administrator - Enabled) => C:\Users\Edan
    Guest (S-1-5-21-30525436-3099372120-3077259939-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{5D393971-8762-D63E-7CEA-69DDDE320E43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Curse Client (HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5110.05 - CyberLink Corp.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
    DTS Sound (HKLM-x32\...\{06086A5E-DEB1-4144-BF3E-5FF616084752}) (Version: 1.02.3300 - DTS, Inc.)
    ELAN Touchpad 11.8.41.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.41.2 - ELAN Microelectronic Corp.)
    eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
    Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
    Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
    Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    OEM Application Profile (HKLM-x32\...\{44A9B4E1-778E-A65A-474C-7892EB03C399}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.35.2015.0401 - REALTEK Semiconductor Corp)
    Realtek Bluetooth Filter Driver Package (x32 Version: 12.35.2015.0401 - REALTEK Semiconductor Corp) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7438 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0005 - REALTEK Semiconductor Corp.)
    REALTEK Wireless LAN Driver (x32 Version: 2.00.0005 - REALTEK Semiconductor Corp.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
    Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{5C2187E2-AC40-4E5A-B92E-98E203C3DD92}) (Version: 1.2.15.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.8.6402 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.12.6402 - Toshiba Corporation)
    TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.3.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.02.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0052 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.10.32001 - Toshiba Corporation)
    Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.7.0 - Toshiba Europe GmbH)
    TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
    WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00AAD2A4-2ABC-4713-9C0B-A4A11962D92F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
    Task: {1B3827E7-F378-4AB3-AE8E-3D143DAF375A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-11-24] (Toshiba Europe GmbH)
    Task: {21748A8D-BDFC-4B8A-80D0-627D64555A8F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
    Task: {3EE4D5CD-C2C8-4B14-9FEC-B635911BAABB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
    Task: {53660912-F046-48F3-9017-951C006BD22B} - System32\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
    Task: {5F009F54-EA0F-47E6-ABBA-5EB7E90B40BE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-01-22] (Realtek Semiconductor)
    Task: {76FA8071-F2A7-4298-AEEB-405B5560D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
    Task: {7872FCD3-C4A6-4807-80FC-03D48DB6C35F} - no filepath
    Task: {8C7DAA11-4D41-4A8F-A98B-5564EA2FB25C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
    Task: {9BF699F6-F6BA-428C-BA21-377F8DD6CA5A} - no filepath
    Task: {A98F1B24-4742-46CF-BD18-0D854035C0C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {AB0C17D8-559D-49DE-A52E-35348F68A0F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
    Task: {B430654E-1D5A-4B8E-920B-F1B68B2A56CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
    Task: {D7002724-3A49-4FD5-865A-3D47C6171C5C} - System32\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
    Task: {DE5A41E1-CD8B-4A83-ACCF-D9AC51D45B4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
    Task: {EDC834CB-190F-46E4-A0BF-90B0FDC118CA} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-03-24] ()
    Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - \Magboffe -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{A914118D-C8B4-43B3-932B-6598A448DFCA} /F:UpdateWORKGROUP\WORK_LAPTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2016-02-12 10:20 - 2016-03-21 22:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-04-15 12:16 - 2016-03-21 22:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-02-12 10:20 - 2016-03-21 22:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-02-12 10:20 - 2016-04-08 19:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-02-12 10:20 - 2016-03-21 22:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-04-15 12:16 - 2016-03-21 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-04-15 12:16 - 2016-03-21 22:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-04-15 12:16 - 2016-03-21 22:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-04-15 12:16 - 2016-04-08 19:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-04-15 12:16 - 2016-04-08 19:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-02-12 10:20 - 2016-03-21 22:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-04-15 12:16 - 2016-03-21 22:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-04-15 12:16 - 2016-03-21 22:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-02-12 10:20 - 2016-04-08 19:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2015-12-14 00:13 - 2016-03-21 22:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-04-14 10:36 - 2016-04-14 10:36 - 00132096 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\722cd74f8a66066098ea61c735149baf\MailClient.Collections.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00490496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\b77a6e44037763274efc0ba5fd83a937\MailClient.Mail.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00933888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\a99a07476b379cbc11675e4f0fe28263\HTMLEditorControl.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00020992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\95ef80005f3068b672ba29c2684c7c34\MailClient.Interop.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00571392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\5045c5bc1ef146ebab396d4cc807ddfd\MailClient.Common.UI.ni.dll
    2016-04-14 10:36 - 2016-04-14 10:36 - 00548864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\f17f4e16b79f2d8c1eb05d4a5a383369\LinqBridge.ni.dll
    2016-02-23 16:57 - 2016-02-23 16:57 - 00642016 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00674304 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\fc2e33a37148cab9373a6d6c7f6ccbfa\HtmlInterop.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00083968 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\bd45bb62ae15ae7cadef05abf7d12c70\SystemCoreTimeZone.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 01575424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\0376368cb4c7ff2dc71d9031ceba9835\WindowsAPICodePack.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00097792 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Sasl\81247e7867f47437ad1441553ccee2f7\MailClient.Sasl.ni.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> amazon.co.uk
    IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
    IE trusted site: HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\amazon.co.uk -> amazon.co.uk

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2016-04-09 16:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdaptiveSleepService => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Amazon 1Button App Service => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: amdacpusrsvc => 2
    MSCONFIG\Services: BTDevManager => 2
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: dts_apo_service => 3
    MSCONFIG\Services: ETDService => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HomeNetSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: McBootDelayStartSvc => 2
    MSCONFIG\Services: mccspsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: mcpltsvc => 2
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MSK80Service => 2
    MSCONFIG\Services: PEFService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: tbaseprovisioning => 2
    MSCONFIG\Services: TemproMonitoringService => 3
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: Update service => 2
    HKLM\...\StartupApproved\Run: => "ETDCtrl"
    HKLM\...\StartupApproved\Run: => "TecoResident"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run: => "TSSSrv"
    HKLM\...\StartupApproved\Run: => "TosWaitSrv"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "TSVU"
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\StartupApproved\Run: => "TSMApplication"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{3508B7B4-CC0A-4AC1-B311-3E692FF9BBD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{BA4D0AD8-14C1-4BD8-A469-04254DAE07AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{2676D1AA-F4EB-4E36-B691-8C9E0E859D60}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{8381C3F8-5895-49E4-9C37-300BD0A7C682}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{4C479A4A-B639-4306-B687-2C6145C1442E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{8AD4B2A5-5E0B-4AEA-8B15-5812D3E14653}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{52AAF94B-31CE-4684-B444-95EFDBCB7F77}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{19A084C7-7EC5-453E-B227-A1BF08E51723}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{C2409380-7405-49C0-B20C-AC8CCEDCE53F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{B593DD88-9E2C-40A2-BC22-6DB2B451E77F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{C43680AA-49C4-4309-880B-6AB23C963303}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{CF78131B-9F3F-44B5-A0E6-05EA67141B05}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{35544114-402A-4492-9AFF-2C48070D58C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1CF16929-8C99-4E38-8B5C-EB720A30FE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{022E2969-C00E-4D50-AE30-BDF908C7BE70}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{FB0E19ED-0157-49E3-871C-E3D26452D328}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{DB42249F-BECA-4667-B1CB-2B10AC8E8A7D}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{BDFD5E13-D5D5-4CFF-A081-044509BFDCFB}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{3940A3DF-0013-4428-9A54-14AE380B3F99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============

    Name: SDA Standard Compliant SD Host Controller
    Description: SDA Standard Compliant SD Host Controller
    Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
    Manufacturer: SDA Standard Compliant SD Host Controller Vendor
    Service: sdbus
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/18/2016 12:47:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
    Exception code: 0xc0000008
    Fault offset: 0x00000000000925fa
    Faulting process ID: 0x1a0
    Faulting application start time: 0xsvchost.exe_PcaSvc0
    Faulting application path: svchost.exe_PcaSvc1
    Faulting module path: svchost.exe_PcaSvc2
    Report ID: svchost.exe_PcaSvc3
    Faulting package full name: svchost.exe_PcaSvc4
    Faulting package-relative application ID: svchost.exe_PcaSvc5

    Error: (04/18/2016 11:24:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: c70

    Start Time: 01d196442d62f1d5

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    Report Id: b039a0e0-054f-11e6-827c-5c93a28d35ed

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2016 09:36:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 45.0.2.5941 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d5c

    Start Time: 01d1983aed5becf9

    Termination Time: 141

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 922d128d-0540-11e6-827c-5c93a28d35ed

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2016 09:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
    Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
    Exception code: 0x80000003
    Fault offset: 0x0000ec22
    Faulting process ID: 0x133c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report ID: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (04/18/2016 09:08:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0xe78
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x64c
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x1584
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x18c0
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:06:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0xa1c
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:06:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x71c
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5


    System errors:
    =============
    Error: (04/19/2016 12:21:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

    Error: (04/19/2016 12:21:40 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

    Error: (04/19/2016 11:58:56 AM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/19/2016 11:52:36 AM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/19/2016 11:31:07 AM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/18/2016 02:02:09 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/18/2016 02:01:32 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/18/2016 12:48:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error:
    %%1056

    Error: (04/18/2016 12:48:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error:
    %%1056

    Error: (04/18/2016 12:47:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-04-18 09:01:24.379
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
    Percentage of memory in use: 24%
    Total physical RAM: 7641.24 MB
    Available physical RAM: 5744.98 MB
    Total Virtual: 8857.24 MB
    Available Virtual: 6898.15 MB

    ==================== Drives ================================

    Drive c: (TI31475500A) (Fixed) (Total:919.66 GB) (Free:833.71 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Looking forward to your reply.

    eparvus

  7. #27
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    Hi, eparvus.

    Yes, there are still leftover McAfee files on the computer, including McAfee files removed from startup with MSConfig. Why did you use MSConfig?

    From Using System Configuration (msconfig) - Windows Help:

    System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

    System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}
    In other words, MSConfig is useful for troubleshooting but not for managing startup programs. Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, there is no automated way of changing the setting. Each has to be done manually, which is what I suggest that you do.

    ---> Click start, type msconfig in the search box, open msconfig, click on the start up tab. Put a check mark in each entry, reboot the computer.

    In the meantime, let's see what removing the following does.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
    S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
    Folder: C:\Program Files (x86)\ESET
    Folder: C:\ProgramData\ESET
    File: C:\Users\Edan\Desktop\ERARemover_x64.exe
    File: C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
    2016-04-13 00:19 - 2015-06-30 04:10 - 00000000 ____D C:\ProgramData\McAfee
    2016-04-13 00:15 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
    2016-04-13 00:14 - 2015-06-30 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - \Magboffe -> No File <==== ATTENTION
    AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    If you are still unable to start Windows Defender, I'll need a fresh FRST log after you have re-enabled the startup items with msconfig.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  8. #28

    Re: Errors on my laptop running Windows 8.1

    Hey Corrine

    Ok i enabled all the startups and rebooted then did the fixlog which is pasted below. I then tried to run windows defender but got the same error message. I've attached a new FRST and Addition scan below.

    Fixlog.txt

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by eparvus (2016-04-19 15:49:30) Run:2
    Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
    Loaded Profiles: eparvus (Available Profiles: eparvus)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
    S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
    Folder: C:\Program Files (x86)\ESET
    Folder: C:\ProgramData\ESET
    File: C:\Users\Edan\Desktop\ERARemover_x64.exe
    File: C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
    2016-04-13 00:19 - 2015-06-30 04:10 - 00000000 ____D C:\ProgramData\McAfee
    2016-04-13 00:15 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
    2016-04-13 00:14 - 2015-06-30 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - \Magboffe -> No File <==== ATTENTION
    AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    mfeelamk => service removed successfully
    efavdrv => service removed successfully

    ========================= Folder: C:\Program Files (x86)\ESET ========================

    2016-04-09 03:04 - 2016-04-09 16:53 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner
    2016-04-09 08:40 - 2015-05-14 11:54 - 0474824 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
    2016-04-09 08:40 - 2015-05-14 11:54 - 0735432 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
    2016-04-09 08:40 - 2015-05-14 11:54 - 1030856 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
    2016-04-09 08:40 - 2015-05-14 11:54 - 2870984 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
    2016-04-09 08:41 - 2016-04-09 10:12 - 0002805 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
    2016-04-09 08:40 - 2015-05-14 11:54 - 0422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    2016-04-09 08:40 - 2015-05-14 11:54 - 0331464 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
    2016-04-09 08:40 - 2015-05-14 11:21 - 0000172 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
    2016-04-09 08:40 - 2015-05-14 11:54 - 2261192 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
    2016-04-09 08:40 - 2015-05-14 11:54 - 0532168 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
    2016-04-09 08:40 - 2015-05-14 11:54 - 0339656 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
    2016-04-09 08:40 - 2015-03-05 11:19 - 0258352 _____ (Microsoft Corporation) C:\Program Files (x86)\ESET\ESET Online Scanner\unicows.dll
    2016-04-09 08:40 - 2016-04-09 08:45 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules
    2016-04-09 08:45 - 2016-04-09 08:44 - 0056968 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
    2016-04-09 08:45 - 2016-04-09 08:44 - 0763177 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 44096242 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 1260637 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 2168449 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 0167149 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 0094563 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 6809823 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
    2016-04-09 08:43 - 2016-04-09 08:45 - 0000176 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\esets_api.stg
    2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data
    2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\backup
    2016-04-09 08:43 - 2016-04-09 08:43 - 0000105 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\backup\db.xml
    2016-04-09 08:43 - 2016-04-09 08:44 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles
    2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
    2016-04-09 08:44 - 2016-04-09 08:44 - 0018347 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0354.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0150116 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0502.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0011575 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0984.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 14070243 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1D68.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0058580 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2D41.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 32493678 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3383.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0060976 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3538.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0094740 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod37FE.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0764793 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod386C.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 1262249 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod46B7.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 2184700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4B84.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0168756 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4D09.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 6737226 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod55E7.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0110417 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod72E2.nup
    2016-04-09 08:44 - 2016-04-09 08:44 - 0358382 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7B6C.nup
    2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
    2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com
    2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
    2016-04-09 08:44 - 2016-04-09 08:45 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp
    2016-04-09 08:44 - 2016-04-09 08:44 - 0056968 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
    2016-04-09 08:44 - 2016-04-09 08:44 - 0763177 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 44096242 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 1260637 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 2168449 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 0167149 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 0094563 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
    2016-04-09 08:45 - 2016-04-09 08:45 - 6809823 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
    2016-04-09 08:40 - 2016-04-09 10:10 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine
    2016-04-09 10:08 - 2016-04-09 10:08 - 0000530 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\1FA8A4287C4DFE4CCB19910BB4F11AB40300E1BA.NDF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0158557 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\1FA8A4287C4DFE4CCB19910BB4F11AB40300E1BA.NQF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0000522 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\221F4E80E8B0E7E9EE874D9317E6DBE386C5481B.NDF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0136477 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\221F4E80E8B0E7E9EE874D9317E6DBE386C5481B.NQF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0000620 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\4101270357B096EF454463D13581E3D123C60560.NDF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0151040 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\4101270357B096EF454463D13581E3D123C60560.NQF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0000588 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\59794CDF182434E7F2EDA1624784B255C294B1CA.NDF
    2016-04-09 10:08 - 2016-04-09 10:08 - 2559688 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\59794CDF182434E7F2EDA1624784B255C294B1CA.NQF
    2016-04-09 10:10 - 2016-04-09 10:10 - 0000464 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\5B62EA6A3D7149BEFB1C4D8393102E6ACCA5FE4F.NDF
    2016-04-09 10:10 - 2016-04-09 10:10 - 93322240 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\5B62EA6A3D7149BEFB1C4D8393102E6ACCA5FE4F.NQF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0000530 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\A701DA1074706ECDFB3DA0E4EB4D6C0A4826D02C.NDF
    2016-04-09 10:08 - 2016-04-09 10:08 - 0126629 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\A701DA1074706ECDFB3DA0E4EB4D6C0A4826D02C.NQF
    2016-04-09 10:08 - 2016-04-09 10:10 - 0000012 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\INFO.NQI

    ====== End of Folder: ======


    ========================= Folder: C:\ProgramData\ESET ========================

    2016-04-01 13:45 - 2016-04-01 13:45 - 0000000 ____D () C:\ProgramData\ESET\ESET Rogue Applications Remover
    2016-04-01 13:45 - 2016-04-01 13:46 - 0035840 _____ () C:\ProgramData\ESET\ESET Rogue Applications Remover\quarantinev3.dat

    ====== End of Folder: ======


    ========================= File: C:\Users\Edan\Desktop\ERARemover_x64.exe ========================

    File is digitally signed
    MD5: 5F9353832B090D900D39EDE814C940E6
    Creation and modification date: 2016-04-01 13:44 - 2016-04-01 13:44
    Size: 2991832
    Attributes: ----A
    Company Name: ESET
    Internal Name: ERARemover
    Original Name: ERARemover.exe
    Product: ESET Rogue Applications Remover
    Description: ESET Rogue Applications Remover
    File Version: 1.0.4.1
    Product Version: 1.0.4.1
    Copyright: Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved.

    ====== End of File: ======


    ========================= File: C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk ========================

    File not signed
    MD5: 3410B7CE5DC97E6F4411A218A42970DB
    Creation and modification date: 2016-03-01 20:03 - 2016-04-14 10:47
    Size: 0000080
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End of File: ======

    C:\ProgramData\McAfee => moved successfully
    C:\Windows\System32\Tasks\McAfee => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBF45CFD-A33A-460D-8C4D-8D3AC92E8308}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBF45CFD-A33A-460D-8C4D-8D3AC92E8308}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Magboffe" => key removed successfully
    "AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"" => "AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"" ADS not found.
    EmptyTemp: => 480.6 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 15:50:50 ====

    FRST Scan

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by eparvus (administrator) on WORK_LAPTOP (19-04-2016 16:01:22)
    Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
    Loaded Profiles: eparvus (Available Profiles: eparvus)
    Platform: Windows 8.1 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
    (Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILHE.EXE
    () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
    (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Curse) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-05-08] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-12-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-10] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1176632 2015-06-30] (Spotify Ltd)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2014-12-03] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-03-19] ()
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Chromium] => "c:\users\edan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [15698792 2016-02-29] (eM Client s.r.o.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    Startup: C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-17] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1C84DDF6-6053-411B-B1A6-2728C43E35C9}: [DhcpNameServer] 40.42.1.201 40.42.1.203
    Tcpip\..\Interfaces\{4576CB61-C54C-4A88-8779-83836B12E07A}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    SearchScopes: HKLM -> DefaultScope {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-30525436-3099372120-3077259939-1001 -> {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Edan\AppData\Roaming\Mozilla\Firefox\Profiles\t73w7jeu.default
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_suma_16_15&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0CzytA0AtBzz0DtAyD0E0DzztAtAyEtN0D0Tzu0StCyDyCtBtN1L2XzutAtFtBtDtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0A0CtA0AtByEyEtGyBtDtC0CtGyB0FyD0CtGtCtDyEtBtGyEzzyEyByB0C0C0CyEyByCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyB0DyBzy0CyEtGtB0Dzz0BtGyEtDtB0EtG0A0DyDyEtGtCtDyB0F0EtByBzz0EyByEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyEyB%26cr%3D1735998293%26a%3Dwncy_suma_16_15%26os_ver%3D6.3%26os%3DWindows%2B8.1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-16] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-28] () [File not signed]
    S4 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
    S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [115200 2015-04-28] (Advanced Micro Devices) [File not signed]
    S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
    S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
    S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
    S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19928 2015-03-24] ()
    S4 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-05-08] (ELAN Microelectronics Corp.)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S4 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2015-03-26] (Advanced Micro Devices, Inc.)
    S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-11-24] (Toshiba Europe GmbH)
    S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305904 2015-06-10] (Advanced Micro Devices)
    R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
    R3 AmdGpio2; C:\Windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.)
    S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-03-26] (Advanced Micro Devices, Inc. )
    R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-03-26] (Advanced Micro Devices, Inc. )
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-02-13] (Advanced Micro Devices)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24592 2015-05-12] (ELAN Microelectronic Corp.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
    R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [49368 2014-12-17] (Realtek Microelectronics)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4104408 2015-05-14] (Realtek Semiconductor Corporation )
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (Toshiba Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-18 17:00 - 2016-04-18 19:03 - 00000000 ____D C:\Users\Edan\Downloads\I.Am.Wrath.2016.WEB-DL.x264-FGT
    2016-04-18 17:00 - 2016-04-18 17:03 - 00000000 ____D C:\Users\Edan\Downloads\Holidays.2016.WEB-DL.x264-FGT
    2016-04-18 14:28 - 2016-04-18 17:01 - 00000000 ____D C:\Users\Edan\Downloads\London.Has.Fallen.2016.HDRip.KORSUB.x264-STUTTERSHIT
    2016-04-18 13:34 - 2016-04-18 18:39 - 00000000 ____D C:\Users\Edan\Downloads\Colonia.2015.WEB-DL.XviD.MP3-FGT
    2016-04-18 09:24 - 2016-04-18 09:24 - 00001486 _____ C:\Users\Edan\Desktop\MailClient.exe - Shortcut.lnk
    2016-04-17 23:21 - 2016-04-17 23:21 - 00000218 _____ C:\Users\Edan\AppData\Local\recently-used.xbel
    2016-04-16 22:38 - 2016-04-18 09:06 - 00000000 ____D C:\Users\Edan\Desktop\Movies
    2016-04-15 12:17 - 2016-04-15 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-14 20:26 - 2016-04-19 00:34 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E17.HDTV.x264-FLEET[rarbg]
    2016-04-14 12:56 - 2016-04-18 10:43 - 00000000 ____D C:\Users\Edan\Desktop\HSE requirements MECP - Abril 2016
    2016-04-14 12:55 - 2016-04-14 12:55 - 00000000 ____D C:\Users\Edan\AppData\Roaming\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2016-04-14 11:33 - 2016-04-16 22:41 - 00000000 ____D C:\Users\Edan\Downloads\American Crime Story
    2016-04-14 10:39 - 2016-04-19 15:53 - 00000000 ____D C:\Users\Edan\AppData\Roaming\eM Client
    2016-04-14 10:36 - 2016-04-14 10:47 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
    2016-04-14 10:36 - 2016-04-14 10:36 - 00000000 ____D C:\Program Files (x86)\eM Client
    2016-04-11 22:21 - 2016-04-11 22:21 - 00005546 _____ C:\Users\Edan\Desktop\ListChkdskResult.txt
    2016-04-11 22:20 - 2016-04-11 22:20 - 00197679 _____ C:\Users\Edan\Desktop\ListChkdskResult.exe
    2016-04-11 17:00 - 2016-04-11 17:00 - 00000000 ____D C:\Users\Edan\AppData\Roaming\LibreOffice
    2016-04-11 16:58 - 2016-04-14 10:47 - 00001510 _____ C:\Users\Public\Desktop\LibreOffice 5.1.lnk
    2016-04-11 16:58 - 2016-04-11 16:58 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
    2016-04-11 16:55 - 2016-04-11 16:58 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
    2016-04-11 14:19 - 2016-04-11 14:37 - 00000000 ____D C:\Users\Edan\AppData\Local\Chromium
    2016-04-11 14:14 - 2016-04-11 14:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2016-04-11 13:23 - 2016-04-12 21:31 - 00000000 ____D C:\Users\Edan\AppData\Local\Kingsoft
    2016-04-11 13:23 - 2016-04-11 14:11 - 00000000 ____D C:\Users\Edan\AppData\Roaming\kingsoft
    2016-04-11 12:26 - 2016-04-11 12:26 - 00000000 ____D C:\Windows\SSuite Office Installations
    2016-04-11 11:05 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2016-04-11 11:05 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2016-04-11 11:05 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
    2016-04-11 11:05 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2016-04-11 11:04 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2016-04-11 11:04 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2016-04-11 11:04 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2016-04-11 11:03 - 2016-04-04 07:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-04-11 11:03 - 2016-04-02 14:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-04-11 11:03 - 2016-04-02 14:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-04-11 11:03 - 2016-03-28 14:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-04-11 11:03 - 2016-02-04 19:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
    2016-04-11 11:03 - 2016-01-31 20:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-04-11 11:03 - 2016-01-31 19:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-04-11 11:03 - 2016-01-31 18:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-04-11 11:03 - 2016-01-31 18:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-04-11 11:03 - 2016-01-31 17:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-04-11 11:03 - 2016-01-31 17:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-04-11 11:03 - 2015-12-16 18:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2016-04-11 11:03 - 2015-12-16 17:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2016-04-11 11:03 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
    2016-04-11 11:03 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
    2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
    2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
    2016-04-11 11:03 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2016-04-11 11:03 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2016-04-11 11:03 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
    2016-04-11 11:03 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2016-04-11 11:02 - 2016-02-04 18:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
    2016-04-11 11:02 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2016-04-11 11:02 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
    2016-04-11 11:02 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2016-04-11 10:03 - 2016-04-11 10:48 - 00161707 _____ C:\Windows\system32\sfcdetails.txt
    2016-04-09 03:04 - 2016-04-09 03:04 - 00000000 ____D C:\Program Files (x86)\ESET
    2016-04-07 21:12 - 2016-04-07 21:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Macromedia
    2016-04-07 21:10 - 2016-04-08 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-04-07 21:10 - 2016-04-07 21:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-04-07 11:37 - 2016-04-19 16:01 - 00000000 ____D C:\FRST
    2016-04-07 11:35 - 2016-04-18 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-04-07 11:35 - 2016-04-14 10:47 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-04-07 11:35 - 2016-04-14 10:47 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-04-07 11:35 - 2016-04-07 11:41 - 00000000 ____D C:\Users\Edan\AppData\Local\Mozilla
    2016-04-07 11:34 - 2016-04-16 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-04-07 11:06 - 2016-04-19 15:47 - 00000000 ____D C:\Users\Edan\Desktop\Malware Removal Tools
    2016-04-06 11:35 - 2016-04-06 11:35 - 02884096 _____ (niemiro) C:\Users\Edan\Desktop\SFCFix.exe
    2016-04-05 21:05 - 2016-04-05 21:05 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E10.HDTV.x264-FLEET[rarbg]
    2016-04-05 13:39 - 2016-04-05 13:44 - 00000000 ____D C:\Users\Edan\Desktop\MARTIFER SOLAR
    2016-04-04 20:05 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E10.HDTV.x264-FLEET[rarbg]
    2016-04-04 18:35 - 2016-04-17 16:32 - 00000000 ____D C:\Users\Edan\Downloads\Blue Bloods
    2016-04-04 18:34 - 2016-04-17 16:31 - 00000000 ____D C:\Users\Edan\Downloads\Fresh off the Boat
    2016-04-04 15:24 - 2016-04-14 10:47 - 00001719 _____ C:\Users\Public\Desktop\Recuva.lnk
    2016-04-04 15:24 - 2016-04-04 15:28 - 00000000 ____D C:\Program Files\Recuva
    2016-04-04 15:24 - 2016-04-04 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2016-04-04 15:12 - 2016-04-16 22:39 - 00000000 ____D C:\Users\Edan\Downloads\Vikings
    2016-04-04 13:29 - 2016-04-04 14:05 - 00000000 ____D C:\Users\Edan\Downloads\Bloodline.S01E06.WEBRip.x264-2HD[rarbg]
    2016-04-04 11:35 - 2016-04-04 11:35 - 00872506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-04-02 13:01 - 2016-04-02 13:01 - 00000000 ____D C:\Users\Edan\Desktop\WoW Tank
    2016-04-01 13:49 - 2016-04-01 13:50 - 00000597 _____ C:\DelFix.txt
    2016-04-01 13:45 - 2016-04-01 13:45 - 00000000 ____D C:\ProgramData\ESET
    2016-04-01 13:44 - 2016-04-01 13:44 - 02991832 _____ (ESET) C:\Users\Edan\Desktop\ERARemover_x64.exe
    2016-04-01 10:56 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Mozilla
    2016-04-01 10:53 - 2016-04-01 10:53 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
    2016-04-01 10:51 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Company
    2016-04-01 10:51 - 2016-04-01 10:51 - 00000002 _____ C:\END
    2016-04-01 10:51 - 2016-04-01 10:51 - 00000000 ____D C:\uninst
    2016-04-01 10:50 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\QuickSearch
    2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\KokoMoss
    2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\comoBoss
    2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\Tempfolder
    2016-04-01 10:48 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2016-03-31 11:38 - 2016-03-31 11:38 - 00071658 _____ C:\Users\Edan\Desktop\Copy of Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-19 15:54 - 2015-12-17 14:36 - 00000000 ____D C:\Users\Edan\AppData\Local\Deployment
    2016-04-19 15:53 - 2015-12-14 00:19 - 00000000 ___RD C:\Users\Edan\Dropbox
    2016-04-19 15:53 - 2015-12-13 16:31 - 00000000 ___DO C:\Users\Edan\OneDrive
    2016-04-19 15:52 - 2015-12-15 09:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-19 15:52 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-19 15:51 - 2015-06-30 03:11 - 00065536 _____ C:\Windows\psp_storage.bin
    2016-04-19 15:51 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-04-19 15:48 - 2015-12-13 16:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-30525436-3099372120-3077259939-1001
    2016-04-19 15:46 - 2014-11-21 00:09 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-19 15:46 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
    2016-04-19 10:53 - 2015-12-13 18:02 - 00000000 ____D C:\Users\Edan\AppData\Local\Battle.net
    2016-04-19 00:39 - 2015-12-16 23:56 - 00000000 ____D C:\Users\Edan\AppData\Roaming\vlc
    2016-04-18 21:32 - 2015-12-13 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-04-18 21:31 - 2015-12-13 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-04-18 11:00 - 2016-02-13 21:03 - 00000000 ____D C:\Users\Edan\AppData\Local\ElevatedDiagnostics
    2016-04-15 12:17 - 2015-12-14 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-04-14 13:57 - 2015-12-14 00:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Dropbox
    2016-04-14 10:47 - 2016-03-01 20:03 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
    2016-04-14 10:47 - 2016-02-26 09:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2016-04-14 10:47 - 2016-01-24 21:36 - 00001288 _____ C:\Users\Public\Desktop\TSMApplication.lnk
    2016-04-14 10:47 - 2016-01-14 21:33 - 00001822 _____ C:\Users\Edan\Desktop\MagicISO.lnk
    2016-04-14 10:47 - 2015-12-19 02:50 - 00001036 _____ C:\Users\Public\Desktop\Notepad++.lnk
    2016-04-14 10:47 - 2015-12-15 09:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-14 10:47 - 2015-12-14 23:10 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-04-14 10:47 - 2015-12-14 00:19 - 00001253 _____ C:\Users\Edan\Desktop\Dropbox.lnk
    2016-04-14 10:47 - 2015-12-14 00:07 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-04-14 10:47 - 2015-12-14 00:07 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-04-14 10:47 - 2015-12-13 18:46 - 00001253 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
    2016-04-14 10:47 - 2015-12-13 18:02 - 00001161 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2016-04-14 10:47 - 2015-12-13 16:25 - 00001453 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-04-14 10:47 - 2015-12-13 16:22 - 00000469 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2016-04-14 10:47 - 2015-12-13 16:22 - 00000467 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2016-04-14 10:47 - 2015-06-30 04:09 - 00000338 _____ C:\Users\Public\Desktop\Booking.com.lnk
    2016-04-14 10:47 - 2015-06-30 04:05 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    2016-04-14 10:47 - 2015-06-30 04:05 - 00002087 _____ C:\Users\Public\Desktop\eBay.lnk
    2016-04-14 10:47 - 2015-06-30 03:55 - 00002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
    2016-04-14 10:47 - 2015-06-30 03:55 - 00002545 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
    2016-04-14 10:47 - 2015-06-30 03:54 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-04-14 10:47 - 2015-06-30 03:52 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2016-04-14 10:47 - 2015-06-30 03:52 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
    2016-04-14 10:47 - 2015-06-30 03:42 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
    2016-04-13 00:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-04-13 00:15 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2016-04-13 00:14 - 2015-06-29 20:19 - 00000000 ____D C:\Users\Administrator
    2016-04-13 00:13 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Local\Packages
    2016-04-13 00:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-04-12 21:31 - 2013-08-22 15:44 - 05160664 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-12 21:30 - 2015-12-13 22:32 - 00178893 ____H C:\Users\Edan\AppData\Local\IconCache.db.backup
    2016-04-12 21:30 - 2015-06-30 03:14 - 01152326 _____ C:\Windows\SysWOW64\rootpa.e2e
    2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2016-04-11 13:25 - 2015-12-13 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-04-11 11:15 - 2016-01-20 12:12 - 00000000 ____D C:\Windows\system32\appraiser
    2016-04-11 11:14 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-04-11 11:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
    2016-04-11 08:41 - 2015-12-13 17:52 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0472D516-BDDE-4B90-A602-E2488620D075}
    2016-04-10 12:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-04-09 08:41 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\Downloaded Program Files
    2016-04-08 19:29 - 2015-06-30 04:25 - 00000000 ____D C:\Windows\OemDrv
    2016-04-08 19:23 - 2015-01-21 19:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-04-08 19:21 - 2014-11-20 23:51 - 00000000 ____D C:\Windows\ShellNew
    2016-04-08 19:20 - 2013-08-22 14:25 - 00000108 _____ C:\Windows\win.ini
    2016-04-08 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-04-08 17:02 - 2015-12-13 23:31 - 00000000 ____D C:\Users\Edan\Documents\Outlook Files
    2016-04-08 14:42 - 2016-02-04 17:27 - 00000000 ____D C:\Users\Edan\Desktop\Fråncis Court
    2016-04-07 21:10 - 2015-12-14 00:06 - 00000000 ____D C:\Users\Edan\AppData\Local\Adobe
    2016-04-07 11:00 - 2015-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Google
    2016-04-06 08:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
    2016-04-05 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
    2016-04-04 16:27 - 2016-01-18 21:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
    2016-04-04 13:29 - 2015-12-13 16:22 - 00000000 ____D C:\Users\Edan
    2016-04-01 16:28 - 2015-12-14 00:07 - 00000000 ____D C:\ProgramData\Adobe
    2016-04-01 16:27 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\Adobe
    2016-04-01 16:27 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Adobe
    2016-04-01 12:55 - 2015-06-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\system32\GWX
    2016-03-22 15:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp

    ==================== Files in the root of some directories =======

    2016-04-17 23:21 - 2016-04-17 23:21 - 0000218 _____ () C:\Users\Edan\AppData\Local\recently-used.xbel

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-28 08:32

    ==================== End of FRST.txt ============================

    Addition Scan

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by eparvus (2016-04-19 16:02:10)
    Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
    Windows 8.1 (X64) (2015-12-13 15:24:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-30525436-3099372120-3077259939-500 - Administrator - Disabled)
    eparvus (S-1-5-21-30525436-3099372120-3077259939-1001 - Administrator - Enabled) => C:\Users\Edan
    Guest (S-1-5-21-30525436-3099372120-3077259939-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{5D393971-8762-D63E-7CEA-69DDDE320E43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Curse Client (HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5110.05 - CyberLink Corp.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
    DTS Sound (HKLM-x32\...\{06086A5E-DEB1-4144-BF3E-5FF616084752}) (Version: 1.02.3300 - DTS, Inc.)
    ELAN Touchpad 11.8.41.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.41.2 - ELAN Microelectronic Corp.)
    eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
    Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
    Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
    Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    OEM Application Profile (HKLM-x32\...\{44A9B4E1-778E-A65A-474C-7892EB03C399}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.35.2015.0401 - REALTEK Semiconductor Corp)
    Realtek Bluetooth Filter Driver Package (x32 Version: 12.35.2015.0401 - REALTEK Semiconductor Corp) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7438 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0005 - REALTEK Semiconductor Corp.)
    REALTEK Wireless LAN Driver (x32 Version: 2.00.0005 - REALTEK Semiconductor Corp.) Hidden
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
    Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{5C2187E2-AC40-4E5A-B92E-98E203C3DD92}) (Version: 1.2.15.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.8.6402 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.12.6402 - Toshiba Corporation)
    TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.3.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.02.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0052 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.10.32001 - Toshiba Corporation)
    Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.7.0 - Toshiba Europe GmbH)
    TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
    WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00AAD2A4-2ABC-4713-9C0B-A4A11962D92F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
    Task: {1B3827E7-F378-4AB3-AE8E-3D143DAF375A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-11-24] (Toshiba Europe GmbH)
    Task: {21748A8D-BDFC-4B8A-80D0-627D64555A8F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
    Task: {3EE4D5CD-C2C8-4B14-9FEC-B635911BAABB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
    Task: {53660912-F046-48F3-9017-951C006BD22B} - System32\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
    Task: {5F009F54-EA0F-47E6-ABBA-5EB7E90B40BE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-01-22] (Realtek Semiconductor)
    Task: {76FA8071-F2A7-4298-AEEB-405B5560D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
    Task: {7872FCD3-C4A6-4807-80FC-03D48DB6C35F} - no filepath
    Task: {8C7DAA11-4D41-4A8F-A98B-5564EA2FB25C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
    Task: {9BF699F6-F6BA-428C-BA21-377F8DD6CA5A} - no filepath
    Task: {A98F1B24-4742-46CF-BD18-0D854035C0C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {AB0C17D8-559D-49DE-A52E-35348F68A0F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
    Task: {B430654E-1D5A-4B8E-920B-F1B68B2A56CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
    Task: {D7002724-3A49-4FD5-865A-3D47C6171C5C} - System32\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
    Task: {DE5A41E1-CD8B-4A83-ACCF-D9AC51D45B4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
    Task: {EDC834CB-190F-46E4-A0BF-90B0FDC118CA} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-03-24] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
    Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{A914118D-C8B4-43B3-932B-6598A448DFCA} /F:UpdateWORKGROUP\WORK_LAPTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2016-03-19 09:46 - 2016-03-19 09:46 - 01623040 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
    2015-12-17 14:37 - 2015-12-17 14:37 - 00016384 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
    2015-12-17 14:37 - 2015-12-17 14:36 - 00035840 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
    2015-12-17 14:37 - 2015-12-17 14:37 - 00099840 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
    2016-02-12 10:20 - 2016-03-21 22:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-04-15 12:16 - 2016-03-21 22:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-02-12 10:20 - 2016-03-21 22:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-02-12 10:20 - 2016-04-08 19:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-02-12 10:20 - 2016-03-21 22:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-04-15 12:16 - 2016-03-21 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-02-12 10:20 - 2016-03-21 22:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2016-04-15 12:16 - 2016-03-21 22:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-04-15 12:16 - 2016-03-21 22:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-04-15 12:16 - 2016-03-21 22:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-04-15 12:16 - 2016-04-08 19:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-02-12 10:20 - 2016-03-21 22:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-02-12 10:20 - 2016-04-08 19:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-04-15 12:16 - 2016-04-08 19:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-04-15 12:16 - 2016-04-08 19:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-02-12 10:20 - 2016-03-21 22:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-04-15 12:16 - 2016-03-21 22:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-04-15 12:16 - 2016-03-21 22:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-02-12 10:20 - 2016-04-08 19:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-04-15 12:16 - 2016-04-08 19:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2015-12-14 00:13 - 2016-03-21 22:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-02-12 10:20 - 2016-03-21 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00783360 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_hashlib.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00047104 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_socket.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00053760 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_bz2.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 01861120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtCore.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00075264 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\sip.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00137216 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_lzma.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 02002944 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtGui.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 04101120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtWidgets.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00039424 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\psutil._psutil_windows.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00084992 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_ctypes.pyd
    2016-03-19 09:46 - 2016-03-19 09:46 - 00758784 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\unicodedata.pyd
    2016-04-14 10:36 - 2016-04-14 10:36 - 00132096 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\722cd74f8a66066098ea61c735149baf\MailClient.Collections.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00490496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\b77a6e44037763274efc0ba5fd83a937\MailClient.Mail.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00933888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\a99a07476b379cbc11675e4f0fe28263\HTMLEditorControl.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00020992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\95ef80005f3068b672ba29c2684c7c34\MailClient.Interop.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00571392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\5045c5bc1ef146ebab396d4cc807ddfd\MailClient.Common.UI.ni.dll
    2016-04-14 10:36 - 2016-04-14 10:36 - 00548864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\f17f4e16b79f2d8c1eb05d4a5a383369\LinqBridge.ni.dll
    2016-02-23 16:57 - 2016-02-23 16:57 - 00642016 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00674304 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\fc2e33a37148cab9373a6d6c7f6ccbfa\HtmlInterop.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 00083968 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\bd45bb62ae15ae7cadef05abf7d12c70\SystemCoreTimeZone.ni.dll
    2016-04-14 10:37 - 2016-04-14 10:37 - 01575424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\0376368cb4c7ff2dc71d9031ceba9835\WindowsAPICodePack.ni.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> amazon.co.uk
    IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
    IE trusted site: HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\amazon.co.uk -> amazon.co.uk

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2016-04-09 16:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdaptiveSleepService => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Amazon 1Button App Service => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: amdacpusrsvc => 2
    MSCONFIG\Services: BTDevManager => 2
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: dts_apo_service => 3
    MSCONFIG\Services: ETDService => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HomeNetSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: McBootDelayStartSvc => 2
    MSCONFIG\Services: mccspsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: mcpltsvc => 2
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MSK80Service => 2
    MSCONFIG\Services: PEFService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: tbaseprovisioning => 2
    MSCONFIG\Services: TemproMonitoringService => 3
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: Update service => 2

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{3508B7B4-CC0A-4AC1-B311-3E692FF9BBD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{BA4D0AD8-14C1-4BD8-A469-04254DAE07AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{2676D1AA-F4EB-4E36-B691-8C9E0E859D60}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{8381C3F8-5895-49E4-9C37-300BD0A7C682}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{4C479A4A-B639-4306-B687-2C6145C1442E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{8AD4B2A5-5E0B-4AEA-8B15-5812D3E14653}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{52AAF94B-31CE-4684-B444-95EFDBCB7F77}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{19A084C7-7EC5-453E-B227-A1BF08E51723}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
    FirewallRules: [{C2409380-7405-49C0-B20C-AC8CCEDCE53F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{B593DD88-9E2C-40A2-BC22-6DB2B451E77F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
    FirewallRules: [{C43680AA-49C4-4309-880B-6AB23C963303}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{CF78131B-9F3F-44B5-A0E6-05EA67141B05}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
    FirewallRules: [{35544114-402A-4492-9AFF-2C48070D58C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1CF16929-8C99-4E38-8B5C-EB720A30FE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{022E2969-C00E-4D50-AE30-BDF908C7BE70}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{FB0E19ED-0157-49E3-871C-E3D26452D328}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{DB42249F-BECA-4667-B1CB-2B10AC8E8A7D}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{BDFD5E13-D5D5-4CFF-A081-044509BFDCFB}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
    FirewallRules: [{3940A3DF-0013-4428-9A54-14AE380B3F99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    19-04-2016 15:49:31 Restore Point Created by FRST

    ==================== Faulty Device Manager Devices =============

    Name: SDA Standard Compliant SD Host Controller
    Description: SDA Standard Compliant SD Host Controller
    Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
    Manufacturer: SDA Standard Compliant SD Host Controller Vendor
    Service: sdbus
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/19/2016 03:49:30 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {788c5635-b0fc-4ac8-9e9f-8a6a1069eb68}

    Error: (04/18/2016 12:47:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
    Exception code: 0xc0000008
    Fault offset: 0x00000000000925fa
    Faulting process ID: 0x1a0
    Faulting application start time: 0xsvchost.exe_PcaSvc0
    Faulting application path: svchost.exe_PcaSvc1
    Faulting module path: svchost.exe_PcaSvc2
    Report ID: svchost.exe_PcaSvc3
    Faulting package full name: svchost.exe_PcaSvc4
    Faulting package-relative application ID: svchost.exe_PcaSvc5

    Error: (04/18/2016 11:24:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: c70

    Start Time: 01d196442d62f1d5

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    Report Id: b039a0e0-054f-11e6-827c-5c93a28d35ed

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2016 09:36:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 45.0.2.5941 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d5c

    Start Time: 01d1983aed5becf9

    Termination Time: 141

    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Report Id: 922d128d-0540-11e6-827c-5c93a28d35ed

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2016 09:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
    Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
    Exception code: 0x80000003
    Fault offset: 0x0000ec22
    Faulting process ID: 0x133c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report ID: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (04/18/2016 09:08:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0xe78
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x64c
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x1584
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:08:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0x18c0
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (04/18/2016 09:06:43 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
    Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
    Exception code: 0xc0000005
    Fault offset: 0x000000000020b135
    Faulting process ID: 0xa1c
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5


    System errors:
    =============
    Error: (04/19/2016 03:59:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Defender Service service failed to start due to the following error:
    %%577

    Error: (04/19/2016 03:55:14 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/19/2016 03:54:36 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

    Error: (04/19/2016 03:52:10 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

    Error: (04/19/2016 03:52:10 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

    Error: (04/19/2016 03:51:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (04/19/2016 03:51:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (04/19/2016 03:51:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (04/19/2016 03:50:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (04/19/2016 03:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2016-04-19 15:59:31.307
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-04-18 09:01:24.379
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
    Percentage of memory in use: 25%
    Total physical RAM: 7641.24 MB
    Available physical RAM: 5688.42 MB
    Total Virtual: 8857.24 MB
    Available Virtual: 6793.47 MB

    ==================== Drives ================================

    Drive c: (TI31475500A) (Fixed) (Total:919.66 GB) (Free:833.79 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  9. #29
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    There are still McAfee files listed in MSConfig:

    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: McBootDelayStartSvc => 2
    MSCONFIG\Services: mccspsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: mcpltsvc => 2
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MSK80Service => 2

    I wanted to confirm that the contents of the ESET folders were only from the online scan and they are. You can keep or uninstall ESET.

    Windows Defender Service is there but shown continuously as stopped. Are you certain you've followed the instructions at [FIX] Windows Could Not Start The Windows Defender Network Inspection Service On Local Computer?
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    At this point, I'm more concerned with you using the computer without an antivirus. You can check MSConfig again as well as also running the McAfee removal tool again, followed by a restart and following the above "FIX". However, if unsuccessful, you may want to install another A/V solution. AVAST has a free for personal use A/V: Avast | Download Free Antivirus for PC, Mac & Android


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #30

    Re: Errors on my laptop running Windows 8.1

    Ok still no luck with windows defender, I've downloaded and installed Avast.

  11. #31
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    That seems the best path at this point unless you want to Refresh your PC: How to refresh, reset, or restore your PC - Windows Help. Note that going this route will remove any apps installed.

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #32

    Re: Errors on my laptop running Windows 8.1

    Thanks Corrine

    Ive run delfix, hopefully the system will run better now, if i have any issues I will let you know via this forum. Once again thanks for your time and also going easy on me when i never understood what you wanted. You have been a great help.

    eparvus

  13. #33
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Errors on my laptop running Windows 8.1

    You're most welcome, eparvus!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Page 2 of 2 First 12

Similar Threads

  1. [SOLVED] i have sfc errors that won't repair on my laptop
    By peterracine in forum Windows Update
    Replies: 17
    Last Post: 08-24-2015, 03:35 PM
  2. Replies: 1
    Last Post: 08-22-2015, 10:53 PM
  3. Replies: 5
    Last Post: 07-06-2015, 11:54 PM
  4. Replies: 0
    Last Post: 11-05-2013, 07:44 PM

Log in

Log in