Hey Corrine
Ok i enabled all the startups and rebooted then did the fixlog which is pasted below. I then tried to run windows defender but got the same error message. I've attached a new FRST and Addition scan below.
Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by eparvus (2016-04-19 15:49:30) Run:2
Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
Loaded Profiles: eparvus (Available Profiles: eparvus)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
Folder: C:\Program Files (x86)\ESET
Folder: C:\ProgramData\ESET
File: C:\Users\Edan\Desktop\ERARemover_x64.exe
File: C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2016-04-13 00:19 - 2015-06-30 04:10 - 00000000 ____D C:\ProgramData\McAfee
2016-04-13 00:15 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-04-13 00:14 - 2015-06-30 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - \Magboffe -> No File <==== ATTENTION
AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
mfeelamk => service removed successfully
efavdrv => service removed successfully
========================= Folder: C:\Program Files (x86)\ESET ========================
2016-04-09 03:04 - 2016-04-09 16:53 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner
2016-04-09 08:40 - 2015-05-14 11:54 - 0474824 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
2016-04-09 08:40 - 2015-05-14 11:54 - 0735432 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
2016-04-09 08:40 - 2015-05-14 11:54 - 1030856 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
2016-04-09 08:40 - 2015-05-14 11:54 - 2870984 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2016-04-09 08:41 - 2016-04-09 10:12 - 0002805 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
2016-04-09 08:40 - 2015-05-14 11:54 - 0422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2016-04-09 08:40 - 2015-05-14 11:54 - 0331464 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2016-04-09 08:40 - 2015-05-14 11:21 - 0000172 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
2016-04-09 08:40 - 2015-05-14 11:54 - 2261192 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
2016-04-09 08:40 - 2015-05-14 11:54 - 0532168 _____ (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2016-04-09 08:40 - 2015-05-14 11:54 - 0339656 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
2016-04-09 08:40 - 2015-03-05 11:19 - 0258352 _____ (Microsoft Corporation) C:\Program Files (x86)\ESET\ESET Online Scanner\unicows.dll
2016-04-09 08:40 - 2016-04-09 08:45 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules
2016-04-09 08:45 - 2016-04-09 08:44 - 0056968 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
2016-04-09 08:45 - 2016-04-09 08:44 - 0763177 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 44096242 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 1260637 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 2168449 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 0167149 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 0094563 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 6809823 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
2016-04-09 08:43 - 2016-04-09 08:45 - 0000176 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\esets_api.stg
2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data
2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\backup
2016-04-09 08:43 - 2016-04-09 08:43 - 0000105 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\backup\db.xml
2016-04-09 08:43 - 2016-04-09 08:44 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles
2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
2016-04-09 08:44 - 2016-04-09 08:44 - 0018347 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0354.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0150116 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0502.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0011575 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0984.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 14070243 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1D68.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0058580 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2D41.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 32493678 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3383.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0060976 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3538.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0094740 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod37FE.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0764793 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod386C.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 1262249 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod46B7.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 2184700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4B84.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0168756 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4D09.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 6737226 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod55E7.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0110417 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod72E2.nup
2016-04-09 08:44 - 2016-04-09 08:44 - 0358382 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7B6C.nup
2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
2016-04-09 08:43 - 2016-04-09 08:43 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com
2016-04-09 08:43 - 2016-04-09 08:43 - 0028700 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
2016-04-09 08:44 - 2016-04-09 08:45 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp
2016-04-09 08:44 - 2016-04-09 08:44 - 0056968 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
2016-04-09 08:44 - 2016-04-09 08:44 - 0763177 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 44096242 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 1260637 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 2168449 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 0167149 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 0094563 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
2016-04-09 08:45 - 2016-04-09 08:45 - 6809823 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
2016-04-09 08:40 - 2016-04-09 10:10 - 0000000 ____D () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine
2016-04-09 10:08 - 2016-04-09 10:08 - 0000530 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\1FA8A4287C4DFE4CCB19910BB4F11AB40300E1BA.NDF
2016-04-09 10:08 - 2016-04-09 10:08 - 0158557 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\1FA8A4287C4DFE4CCB19910BB4F11AB40300E1BA.NQF
2016-04-09 10:08 - 2016-04-09 10:08 - 0000522 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\221F4E80E8B0E7E9EE874D9317E6DBE386C5481B.NDF
2016-04-09 10:08 - 2016-04-09 10:08 - 0136477 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\221F4E80E8B0E7E9EE874D9317E6DBE386C5481B.NQF
2016-04-09 10:08 - 2016-04-09 10:08 - 0000620 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\4101270357B096EF454463D13581E3D123C60560.NDF
2016-04-09 10:08 - 2016-04-09 10:08 - 0151040 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\4101270357B096EF454463D13581E3D123C60560.NQF
2016-04-09 10:08 - 2016-04-09 10:08 - 0000588 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\59794CDF182434E7F2EDA1624784B255C294B1CA.NDF
2016-04-09 10:08 - 2016-04-09 10:08 - 2559688 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\59794CDF182434E7F2EDA1624784B255C294B1CA.NQF
2016-04-09 10:10 - 2016-04-09 10:10 - 0000464 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\5B62EA6A3D7149BEFB1C4D8393102E6ACCA5FE4F.NDF
2016-04-09 10:10 - 2016-04-09 10:10 - 93322240 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\5B62EA6A3D7149BEFB1C4D8393102E6ACCA5FE4F.NQF
2016-04-09 10:08 - 2016-04-09 10:08 - 0000530 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\A701DA1074706ECDFB3DA0E4EB4D6C0A4826D02C.NDF
2016-04-09 10:08 - 2016-04-09 10:08 - 0126629 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\A701DA1074706ECDFB3DA0E4EB4D6C0A4826D02C.NQF
2016-04-09 10:08 - 2016-04-09 10:10 - 0000012 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine\INFO.NQI
====== End of Folder: ======
========================= Folder: C:\ProgramData\ESET ========================
2016-04-01 13:45 - 2016-04-01 13:45 - 0000000 ____D () C:\ProgramData\ESET\ESET Rogue Applications Remover
2016-04-01 13:45 - 2016-04-01 13:46 - 0035840 _____ () C:\ProgramData\ESET\ESET Rogue Applications Remover\quarantinev3.dat
====== End of Folder: ======
========================= File: C:\Users\Edan\Desktop\ERARemover_x64.exe ========================
File is digitally signed
MD5: 5F9353832B090D900D39EDE814C940E6
Creation and modification date: 2016-04-01 13:44 - 2016-04-01 13:44
Size: 2991832
Attributes: ----A
Company Name: ESET
Internal Name: ERARemover
Original Name: ERARemover.exe
Product: ESET Rogue Applications Remover
Description: ESET Rogue Applications Remover
File Version: 1.0.4.1
Product Version: 1.0.4.1
Copyright: Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved.
====== End of File: ======
========================= File: C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk ========================
File not signed
MD5: 3410B7CE5DC97E6F4411A218A42970DB
Creation and modification date: 2016-03-01 20:03 - 2016-04-14 10:47
Size: 0000080
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
C:\ProgramData\McAfee => moved successfully
C:\Windows\System32\Tasks\McAfee => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBF45CFD-A33A-460D-8C4D-8D3AC92E8308}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBF45CFD-A33A-460D-8C4D-8D3AC92E8308}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Magboffe" => key removed successfully
"AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"" => "AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"" ADS not found.
EmptyTemp: => 480.6 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 15:50:50 ====
FRST Scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by eparvus (administrator) on WORK_LAPTOP (19-04-2016 16:01:22)
Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
Loaded Profiles: eparvus (Available Profiles: eparvus)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILHE.EXE
() C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Curse) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-12-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-10] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1176632 2015-06-30] (Spotify Ltd)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2014-12-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-03-19] ()
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Chromium] => "c:\users\edan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [15698792 2016-02-29] (eM Client s.r.o.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-17] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C84DDF6-6053-411B-B1A6-2728C43E35C9}: [DhcpNameServer] 40.42.1.201 40.42.1.203
Tcpip\..\Interfaces\{4576CB61-C54C-4A88-8779-83836B12E07A}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
Google
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> DefaultScope {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-30525436-3099372120-3077259939-1001 -> {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Edan\AppData\Roaming\Mozilla\Firefox\Profiles\t73w7jeu.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_suma_16_15¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0CzytA0AtBzz0DtAyD0E0DzztAtAyEtN0D0Tzu0StCyDyCtBtN1L2XzutAtFtBtDtFtCtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0A0CtA0AtByEyEtGyBtDtC0CtGyB0FyD0CtGtCtDyEtBtGyEzzyEyByB0C0C0CyEyByCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtAyB0DyBzy0CyEtGtB0Dzz0BtGyEtDtB0EtG0A0DyDyEtGtCtDyB0F0EtByBzz0EyByEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyEyB%26cr%3D1735998293%26a%3Dwncy_suma_16_15%26os_ver%3D6.3%26os%3DWindows%2B8.1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-16] [not signed]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-28] () [File not signed]
S4 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [115200 2015-04-28] (Advanced Micro Devices) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19928 2015-03-24] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-05-08] (ELAN Microelectronics Corp.)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2015-03-26] (Advanced Micro Devices, Inc.)
S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-11-24] (Toshiba Europe GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305904 2015-06-10] (Advanced Micro Devices)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R3 AmdGpio2; C:\Windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-03-26] (Advanced Micro Devices, Inc. )
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-03-26] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-02-13] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24592 2015-05-12] (ELAN Microelectronic Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [49368 2014-12-17] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4104408 2015-05-14] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-18 17:00 - 2016-04-18 19:03 - 00000000 ____D C:\Users\Edan\Downloads\I.Am.Wrath.2016.WEB-DL.x264-FGT
2016-04-18 17:00 - 2016-04-18 17:03 - 00000000 ____D C:\Users\Edan\Downloads\Holidays.2016.WEB-DL.x264-FGT
2016-04-18 14:28 - 2016-04-18 17:01 - 00000000 ____D C:\Users\Edan\Downloads\London.Has.Fallen.2016.HDRip.KORSUB.x264-STUTTERSHIT
2016-04-18 13:34 - 2016-04-18 18:39 - 00000000 ____D C:\Users\Edan\Downloads\Colonia.2015.WEB-DL.XviD.MP3-FGT
2016-04-18 09:24 - 2016-04-18 09:24 - 00001486 _____ C:\Users\Edan\Desktop\MailClient.exe - Shortcut.lnk
2016-04-17 23:21 - 2016-04-17 23:21 - 00000218 _____ C:\Users\Edan\AppData\Local\recently-used.xbel
2016-04-16 22:38 - 2016-04-18 09:06 - 00000000 ____D C:\Users\Edan\Desktop\Movies
2016-04-15 12:17 - 2016-04-15 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 20:26 - 2016-04-19 00:34 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E17.HDTV.x264-FLEET[rarbg]
2016-04-14 12:56 - 2016-04-18 10:43 - 00000000 ____D C:\Users\Edan\Desktop\HSE requirements MECP - Abril 2016
2016-04-14 12:55 - 2016-04-14 12:55 - 00000000 ____D C:\Users\Edan\AppData\Roaming\WinRAR
2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-14 12:54 - 2016-04-14 12:54 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-04-14 11:33 - 2016-04-16 22:41 - 00000000 ____D C:\Users\Edan\Downloads\American Crime Story
2016-04-14 10:39 - 2016-04-19 15:53 - 00000000 ____D C:\Users\Edan\AppData\Roaming\eM Client
2016-04-14 10:36 - 2016-04-14 10:47 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2016-04-14 10:36 - 2016-04-14 10:36 - 00000000 ____D C:\Program Files (x86)\eM Client
2016-04-11 22:21 - 2016-04-11 22:21 - 00005546 _____ C:\Users\Edan\Desktop\ListChkdskResult.txt
2016-04-11 22:20 - 2016-04-11 22:20 - 00197679 _____ C:\Users\Edan\Desktop\ListChkdskResult.exe
2016-04-11 17:00 - 2016-04-11 17:00 - 00000000 ____D C:\Users\Edan\AppData\Roaming\LibreOffice
2016-04-11 16:58 - 2016-04-14 10:47 - 00001510 _____ C:\Users\Public\Desktop\LibreOffice 5.1.lnk
2016-04-11 16:58 - 2016-04-11 16:58 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-04-11 16:55 - 2016-04-11 16:58 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-04-11 14:19 - 2016-04-11 14:37 - 00000000 ____D C:\Users\Edan\AppData\Local\Chromium
2016-04-11 14:14 - 2016-04-11 14:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-11 13:23 - 2016-04-12 21:31 - 00000000 ____D C:\Users\Edan\AppData\Local\Kingsoft
2016-04-11 13:23 - 2016-04-11 14:11 - 00000000 ____D C:\Users\Edan\AppData\Roaming\kingsoft
2016-04-11 12:26 - 2016-04-11 12:26 - 00000000 ____D C:\Windows\SSuite Office Installations
2016-04-11 11:05 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2016-04-11 11:05 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2016-04-11 11:05 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2016-04-11 11:05 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2016-04-11 11:04 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-04-11 11:04 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-04-11 11:04 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-04-11 11:03 - 2016-04-04 07:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-11 11:03 - 2016-04-02 14:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-11 11:03 - 2016-04-02 14:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-11 11:03 - 2016-03-28 14:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-11 11:03 - 2016-03-28 14:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-11 11:03 - 2016-03-28 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-11 11:03 - 2016-03-28 14:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-11 11:03 - 2016-03-28 14:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-11 11:03 - 2016-02-04 19:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-04-11 11:03 - 2016-01-31 20:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-11 11:03 - 2016-01-31 19:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-11 11:03 - 2016-01-31 18:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-11 11:03 - 2016-01-31 18:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-11 11:03 - 2016-01-31 17:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-11 11:03 - 2016-01-31 17:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-11 11:03 - 2015-12-16 18:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-04-11 11:03 - 2015-12-16 17:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-11 11:03 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-11 11:03 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-11 11:03 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-04-11 11:03 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2016-04-11 11:03 - 2015-10-22 15:08 - 00513456 _____ C:\Windows\system32\locale.nls
2016-04-11 11:03 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2016-04-11 11:03 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-04-11 11:03 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2016-04-11 11:03 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-04-11 11:02 - 2016-02-04 18:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-04-11 11:02 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-04-11 11:02 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-04-11 11:02 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-04-11 10:03 - 2016-04-11 10:48 - 00161707 _____ C:\Windows\system32\sfcdetails.txt
2016-04-09 03:04 - 2016-04-09 03:04 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-07 21:12 - 2016-04-07 21:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Macromedia
2016-04-07 21:10 - 2016-04-08 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 21:10 - 2016-04-07 21:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 11:37 - 2016-04-19 16:01 - 00000000 ____D C:\FRST
2016-04-07 11:35 - 2016-04-18 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-07 11:35 - 2016-04-14 10:47 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-14 10:47 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-07 11:41 - 00000000 ____D C:\Users\Edan\AppData\Local\Mozilla
2016-04-07 11:34 - 2016-04-16 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 11:06 - 2016-04-19 15:47 - 00000000 ____D C:\Users\Edan\Desktop\Malware Removal Tools
2016-04-06 11:35 - 2016-04-06 11:35 - 02884096 _____ (niemiro) C:\Users\Edan\Desktop\SFCFix.exe
2016-04-05 21:05 - 2016-04-05 21:05 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E10.HDTV.x264-FLEET[rarbg]
2016-04-05 13:39 - 2016-04-05 13:44 - 00000000 ____D C:\Users\Edan\Desktop\MARTIFER SOLAR
2016-04-04 20:05 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E10.HDTV.x264-FLEET[rarbg]
2016-04-04 18:35 - 2016-04-17 16:32 - 00000000 ____D C:\Users\Edan\Downloads\Blue Bloods
2016-04-04 18:34 - 2016-04-17 16:31 - 00000000 ____D C:\Users\Edan\Downloads\Fresh off the Boat
2016-04-04 15:24 - 2016-04-14 10:47 - 00001719 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-04-04 15:24 - 2016-04-04 15:28 - 00000000 ____D C:\Program Files\Recuva
2016-04-04 15:24 - 2016-04-04 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-04 15:12 - 2016-04-16 22:39 - 00000000 ____D C:\Users\Edan\Downloads\Vikings
2016-04-04 13:29 - 2016-04-04 14:05 - 00000000 ____D C:\Users\Edan\Downloads\Bloodline.S01E06.WEBRip.x264-2HD[rarbg]
2016-04-04 11:35 - 2016-04-04 11:35 - 00872506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-02 13:01 - 2016-04-02 13:01 - 00000000 ____D C:\Users\Edan\Desktop\WoW Tank
2016-04-01 13:49 - 2016-04-01 13:50 - 00000597 _____ C:\DelFix.txt
2016-04-01 13:45 - 2016-04-01 13:45 - 00000000 ____D C:\ProgramData\ESET
2016-04-01 13:44 - 2016-04-01 13:44 - 02991832 _____ (ESET) C:\Users\Edan\Desktop\ERARemover_x64.exe
2016-04-01 10:56 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Mozilla
2016-04-01 10:53 - 2016-04-01 10:53 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-04-01 10:51 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Company
2016-04-01 10:51 - 2016-04-01 10:51 - 00000002 _____ C:\END
2016-04-01 10:51 - 2016-04-01 10:51 - 00000000 ____D C:\uninst
2016-04-01 10:50 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\QuickSearch
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\KokoMoss
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\Tempfolder
2016-04-01 10:48 - 2016-04-09 10:08 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-03-31 11:38 - 2016-03-31 11:38 - 00071658 _____ C:\Users\Edan\Desktop\Copy of Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-19 15:54 - 2015-12-17 14:36 - 00000000 ____D C:\Users\Edan\AppData\Local\Deployment
2016-04-19 15:53 - 2015-12-14 00:19 - 00000000 ___RD C:\Users\Edan\Dropbox
2016-04-19 15:53 - 2015-12-13 16:31 - 00000000 ___DO C:\Users\Edan\OneDrive
2016-04-19 15:52 - 2015-12-15 09:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 15:52 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-19 15:51 - 2015-06-30 03:11 - 00065536 _____ C:\Windows\psp_storage.bin
2016-04-19 15:51 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-19 15:48 - 2015-12-13 16:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-30525436-3099372120-3077259939-1001
2016-04-19 15:46 - 2014-11-21 00:09 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-19 15:46 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-04-19 10:53 - 2015-12-13 18:02 - 00000000 ____D C:\Users\Edan\AppData\Local\Battle.net
2016-04-19 00:39 - 2015-12-16 23:56 - 00000000 ____D C:\Users\Edan\AppData\Roaming\vlc
2016-04-18 21:32 - 2015-12-13 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-04-18 21:31 - 2015-12-13 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-18 11:00 - 2016-02-13 21:03 - 00000000 ____D C:\Users\Edan\AppData\Local\ElevatedDiagnostics
2016-04-15 12:17 - 2015-12-14 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-14 13:57 - 2015-12-14 00:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Dropbox
2016-04-14 10:47 - 2016-03-01 20:03 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2016-04-14 10:47 - 2016-02-26 09:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-04-14 10:47 - 2016-01-24 21:36 - 00001288 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2016-04-14 10:47 - 2016-01-14 21:33 - 00001822 _____ C:\Users\Edan\Desktop\MagicISO.lnk
2016-04-14 10:47 - 2015-12-19 02:50 - 00001036 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-04-14 10:47 - 2015-12-15 09:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-14 10:47 - 2015-12-14 23:10 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-14 10:47 - 2015-12-14 00:19 - 00001253 _____ C:\Users\Edan\Desktop\Dropbox.lnk
2016-04-14 10:47 - 2015-12-14 00:07 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-14 10:47 - 2015-12-14 00:07 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-14 10:47 - 2015-12-13 18:46 - 00001253 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-04-14 10:47 - 2015-12-13 18:02 - 00001161 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-04-14 10:47 - 2015-12-13 16:25 - 00001453 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-14 10:47 - 2015-12-13 16:22 - 00000469 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-04-14 10:47 - 2015-12-13 16:22 - 00000467 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-04-14 10:47 - 2015-06-30 04:09 - 00002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
2016-04-14 10:47 - 2015-06-30 04:09 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-04-14 10:47 - 2015-06-30 04:09 - 00000338 _____ C:\Users\Public\Desktop\Booking.com.lnk
2016-04-14 10:47 - 2015-06-30 04:05 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2016-04-14 10:47 - 2015-06-30 04:05 - 00002087 _____ C:\Users\Public\Desktop\eBay.lnk
2016-04-14 10:47 - 2015-06-30 03:55 - 00002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-04-14 10:47 - 2015-06-30 03:55 - 00002545 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2016-04-14 10:47 - 2015-06-30 03:54 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-14 10:47 - 2015-06-30 03:52 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-04-14 10:47 - 2015-06-30 03:52 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-04-14 10:47 - 2015-06-30 03:42 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
2016-04-13 00:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-04-13 00:15 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-04-13 00:14 - 2015-06-29 20:19 - 00000000 ____D C:\Users\Administrator
2016-04-13 00:13 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Local\Packages
2016-04-13 00:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-12 21:31 - 2013-08-22 15:44 - 05160664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-12 21:30 - 2015-12-13 22:32 - 00178893 ____H C:\Users\Edan\AppData\Local\IconCache.db.backup
2016-04-12 21:30 - 2015-06-30 03:14 - 01152326 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-11 14:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-04-11 13:25 - 2015-12-13 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-11 11:15 - 2016-01-20 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-11 11:14 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-04-11 11:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-04-11 08:41 - 2015-12-13 17:52 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0472D516-BDDE-4B90-A602-E2488620D075}
2016-04-10 12:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-04-09 08:41 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-08 19:29 - 2015-06-30 04:25 - 00000000 ____D C:\Windows\OemDrv
2016-04-08 19:23 - 2015-01-21 19:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-08 19:21 - 2014-11-20 23:51 - 00000000 ____D C:\Windows\ShellNew
2016-04-08 19:20 - 2013-08-22 14:25 - 00000108 _____ C:\Windows\win.ini
2016-04-08 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-08 17:02 - 2015-12-13 23:31 - 00000000 ____D C:\Users\Edan\Documents\Outlook Files
2016-04-08 14:42 - 2016-02-04 17:27 - 00000000 ____D C:\Users\Edan\Desktop\Fråncis Court
2016-04-07 21:10 - 2015-12-14 00:06 - 00000000 ____D C:\Users\Edan\AppData\Local\Adobe
2016-04-07 11:00 - 2015-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-06 08:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
2016-04-05 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
2016-04-04 16:27 - 2016-01-18 21:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-04-04 13:29 - 2015-12-13 16:22 - 00000000 ____D C:\Users\Edan
2016-04-01 16:28 - 2015-12-14 00:07 - 00000000 ____D C:\ProgramData\Adobe
2016-04-01 16:27 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-01 16:27 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Adobe
2016-04-01 12:55 - 2015-06-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-22 15:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2016-04-17 23:21 - 2016-04-17 23:21 - 0000218 _____ () C:\Users\Edan\AppData\Local\recently-used.xbel
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-28 08:32
==================== End of FRST.txt ============================
Addition Scan
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by eparvus (2016-04-19 16:02:10)
Running from C:\Users\Edan\Desktop\Malware Removal Tools\FRST Scanner
Windows 8.1 (X64) (2015-12-13 15:24:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-30525436-3099372120-3077259939-500 - Administrator - Disabled)
eparvus (S-1-5-21-30525436-3099372120-3077259939-1001 - Administrator - Enabled) => C:\Users\Edan
Guest (S-1-5-21-30525436-3099372120-3077259939-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{5D393971-8762-D63E-7CEA-69DDDE320E43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse Client (HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5110.05 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{06086A5E-DEB1-4144-BF3E-5FF616084752}) (Version: 1.02.3300 - DTS, Inc.)
ELAN Touchpad 11.8.41.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.41.2 - ELAN Microelectronic Corp.)
eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{44A9B4E1-778E-A65A-474C-7892EB03C399}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.35.2015.0401 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.35.2015.0401 - REALTEK Semiconductor Corp) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7438 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0005 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0005 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5C2187E2-AC40-4E5A-B92E-98E203C3DD92}) (Version: 1.2.15.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.8.6402 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.12.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0052 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.10.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.7.0 - Toshiba Europe GmbH)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AAD2A4-2ABC-4713-9C0B-A4A11962D92F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {1B3827E7-F378-4AB3-AE8E-3D143DAF375A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-11-24] (Toshiba Europe GmbH)
Task: {21748A8D-BDFC-4B8A-80D0-627D64555A8F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {3EE4D5CD-C2C8-4B14-9FEC-B635911BAABB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {53660912-F046-48F3-9017-951C006BD22B} - System32\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {5F009F54-EA0F-47E6-ABBA-5EB7E90B40BE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-01-22] (Realtek Semiconductor)
Task: {76FA8071-F2A7-4298-AEEB-405B5560D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {7872FCD3-C4A6-4807-80FC-03D48DB6C35F} - no filepath
Task: {8C7DAA11-4D41-4A8F-A98B-5564EA2FB25C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {9BF699F6-F6BA-428C-BA21-377F8DD6CA5A} - no filepath
Task: {A98F1B24-4742-46CF-BD18-0D854035C0C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AB0C17D8-559D-49DE-A52E-35348F68A0F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {B430654E-1D5A-4B8E-920B-F1B68B2A56CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {D7002724-3A49-4FD5-865A-3D47C6171C5C} - System32\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {DE5A41E1-CD8B-4A83-ACCF-D9AC51D45B4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {EDC834CB-190F-46E4-A0BF-90B0FDC118CA} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-03-24] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{A914118D-C8B4-43B3-932B-6598A448DFCA} /F:UpdateWORKGROUP\WORK_LAPTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-03-19 09:46 - 2016-03-19 09:46 - 01623040 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
2015-12-17 14:37 - 2015-12-17 14:37 - 00016384 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2015-12-17 14:37 - 2015-12-17 14:36 - 00035840 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2015-12-17 14:37 - 2015-12-17 14:37 - 00099840 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.CMOD2.dll
2016-02-12 10:20 - 2016-03-21 22:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 12:16 - 2016-03-21 22:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 12:16 - 2016-03-21 22:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-12 10:20 - 2016-03-21 22:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-12 10:20 - 2016-03-21 22:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 12:16 - 2016-03-21 22:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-12 10:20 - 2016-04-08 19:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-12 10:20 - 2016-03-21 22:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-12 10:20 - 2016-03-21 22:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 12:16 - 2016-03-21 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-12 10:20 - 2016-03-21 22:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 12:16 - 2016-03-21 22:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 12:16 - 2016-03-21 22:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 12:16 - 2016-03-21 22:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 12:16 - 2016-04-08 19:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-12 10:20 - 2016-03-21 22:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 10:20 - 2016-04-08 19:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 12:16 - 2016-04-08 19:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 12:16 - 2016-04-08 19:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-12 10:20 - 2016-03-21 22:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 12:16 - 2016-03-21 22:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 12:16 - 2016-03-21 22:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-12 10:20 - 2016-04-08 19:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 12:16 - 2016-04-08 19:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-14 00:13 - 2016-03-21 22:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-02-12 10:20 - 2016-03-21 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00783360 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_hashlib.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00047104 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_socket.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00053760 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_bz2.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 01861120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtCore.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00075264 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\sip.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00137216 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_lzma.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 02002944 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtGui.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 04101120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtWidgets.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00039424 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\psutil._psutil_windows.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00084992 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_ctypes.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00758784 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\unicodedata.pyd
2016-04-14 10:36 - 2016-04-14 10:36 - 00132096 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\722cd74f8a66066098ea61c735149baf\MailClient.Collections.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00490496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\b77a6e44037763274efc0ba5fd83a937\MailClient.Mail.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00933888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\a99a07476b379cbc11675e4f0fe28263\HTMLEditorControl.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00020992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\95ef80005f3068b672ba29c2684c7c34\MailClient.Interop.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00571392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\5045c5bc1ef146ebab396d4cc807ddfd\MailClient.Common.UI.ni.dll
2016-04-14 10:36 - 2016-04-14 10:36 - 00548864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\f17f4e16b79f2d8c1eb05d4a5a383369\LinqBridge.ni.dll
2016-02-23 16:57 - 2016-02-23 16:57 - 00642016 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00674304 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\fc2e33a37148cab9373a6d6c7f6ccbfa\HtmlInterop.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 00083968 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\bd45bb62ae15ae7cadef05abf7d12c70\SystemCoreTimeZone.ni.dll
2016-04-14 10:37 - 2016-04-14 10:37 - 01575424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\0376368cb4c7ff2dc71d9031ceba9835\WindowsAPICodePack.ni.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> amazon.co.uk
IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\amazon.co.uk -> amazon.co.uk
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-04-09 16:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdaptiveSleepService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Amazon 1Button App Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: amdacpusrsvc => 2
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: dts_apo_service => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: tbaseprovisioning => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: Update service => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3508B7B4-CC0A-4AC1-B311-3E692FF9BBD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{BA4D0AD8-14C1-4BD8-A469-04254DAE07AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2676D1AA-F4EB-4E36-B691-8C9E0E859D60}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8381C3F8-5895-49E4-9C37-300BD0A7C682}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4C479A4A-B639-4306-B687-2C6145C1442E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AD4B2A5-5E0B-4AEA-8B15-5812D3E14653}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{52AAF94B-31CE-4684-B444-95EFDBCB7F77}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{19A084C7-7EC5-453E-B227-A1BF08E51723}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C2409380-7405-49C0-B20C-AC8CCEDCE53F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B593DD88-9E2C-40A2-BC22-6DB2B451E77F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C43680AA-49C4-4309-880B-6AB23C963303}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{CF78131B-9F3F-44B5-A0E6-05EA67141B05}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{35544114-402A-4492-9AFF-2C48070D58C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CF16929-8C99-4E38-8B5C-EB720A30FE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{022E2969-C00E-4D50-AE30-BDF908C7BE70}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FB0E19ED-0157-49E3-871C-E3D26452D328}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{DB42249F-BECA-4667-B1CB-2B10AC8E8A7D}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{BDFD5E13-D5D5-4CFF-A081-044509BFDCFB}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{3940A3DF-0013-4428-9A54-14AE380B3F99}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
19-04-2016 15:49:31 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
Name: SDA Standard Compliant SD Host Controller
Description: SDA Standard Compliant SD Host Controller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: SDA Standard Compliant SD Host Controller Vendor
Service: sdbus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2016 03:49:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {788c5635-b0fc-4ac8-9e9f-8a6a1069eb68}
Error: (04/18/2016 12:47:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process ID: 0x1a0
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report ID: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5
Error: (04/18/2016 11:24:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: c70
Start Time: 01d196442d62f1d5
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Report Id: b039a0e0-054f-11e6-827c-5c93a28d35ed
Faulting package full name:
Faulting package-relative application ID:
Error: (04/18/2016 09:36:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.2.5941 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d5c
Start Time: 01d1983aed5becf9
Termination Time: 141
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 922d128d-0540-11e6-827c-5c93a28d35ed
Faulting package full name:
Faulting package-relative application ID:
Error: (04/18/2016 09:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process ID: 0x133c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5
Error: (04/18/2016 09:08:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
Exception code: 0xc0000005
Fault offset: 0x000000000020b135
Faulting process ID: 0xe78
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
Error: (04/18/2016 09:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
Exception code: 0xc0000005
Fault offset: 0x000000000020b135
Faulting process ID: 0x64c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
Error: (04/18/2016 09:08:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
Exception code: 0xc0000005
Fault offset: 0x000000000020b135
Faulting process ID: 0x1584
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
Error: (04/18/2016 09:08:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
Exception code: 0xc0000005
Fault offset: 0x000000000020b135
Faulting process ID: 0x18c0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
Error: (04/18/2016 09:06:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18009, time stamp: 0x55c8e432
Faulting module name: amdocl64.dll, version: 10.0.1702.3, time stamp: 0x555efeea
Exception code: 0xc0000005
Fault offset: 0x000000000020b135
Faulting process ID: 0xa1c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report ID: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
System errors:
=============
Error: (04/19/2016 03:59:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577
Error: (04/19/2016 03:55:14 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (04/19/2016 03:54:36 PM) (Source: DCOM) (EventID: 10010) (User: WORK_LAPTOP)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (04/19/2016 03:52:10 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.
Error: (04/19/2016 03:52:10 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.
Error: (04/19/2016 03:51:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error: (04/19/2016 03:51:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error: (04/19/2016 03:51:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error: (04/19/2016 03:50:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (04/19/2016 03:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-04-19 15:59:31.307
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-04-18 09:01:24.379
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 25%
Total physical RAM: 7641.24 MB
Available physical RAM: 5688.42 MB
Total Virtual: 8857.24 MB
Available Virtual: 6793.47 MB
==================== Drives ================================
Drive c: (TI31475500A) (Fixed) (Total:919.66 GB) (Free:833.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================