Errors on my laptop running Windows 8.1

E

eparvus

Active member
Joined
Apr 6, 2016
Posts
30
Good morning
Let me start off firstly by saying that I'm and absolute beginner with PC/Laptops and so please take it easy on me. I correctly have a laptop which is used mostly for work, light gaming and movies. I admit that I did have utorrent on my laptop but have now removed it. Ever since Monday I've started experiencing issues. Firstly while I was gaming, if I minimized the game to be able to access the internet or anything else I could not open the game anymore from the taskbar icon, if I right clicked the icon it would open a second game. I then also started getting a problem while running IE whereby I could not minimize it at all. I searched the internet and found things like i perhaps had the laptop set up for a second monitor, I tried their solutions but nothing helped. I then posted on this forum in another section and was redirected to try an FRST64 scan which I have done and will attache the logs below. I have also started experiencing problems with IE, i keep getting ieframe.dll errors which stop me from accessing certain pages, so I've downloaded firefox which I'm currently using. I have performed several scans with malwarebytes over the past few days and initially found several issues which I quarantined, removed and then restarted my laptop. should you want copies of the scan logs I should still have them in the malwarebytes history and will paste them.

Any help that you could offer would be gratefully appreciated.

FRST Scan Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Edan (administrator) on WORK_LAPTOP (07-04-2016 11:37:43)
Running from C:\Users\Edan\Desktop\Malware Removal Tools
Loaded Profiles: Edan (Available Profiles: Edan)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILHE.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-12-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-10] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1176632 2015-06-30] (Spotify Ltd)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2014-12-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-03-19] ()
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-17] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C84DDF6-6053-411B-B1A6-2728C43E35C9}: [DhcpNameServer] 40.42.1.201 40.42.1.203
Tcpip\..\Interfaces\{4576CB61-C54C-4A88-8779-83836B12E07A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> DefaultScope {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-30525436-3099372120-3077259939-1001 -> {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-03-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Edan\AppData\Roaming\Mozilla\Firefox\Profiles\t73w7jeu.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-02] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-28] () [File not signed]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [115200 2015-04-28] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19928 2015-03-24] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-05-08] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2015-03-26] (Advanced Micro Devices, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-11-24] (Toshiba Europe GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Mondihto; "C:\Users\Edan\AppData\Roaming\ZiiuhfBeo\Jicijo.exe" -cms [X]
S2 QUPbNnW; "C:\ProgramData\ovZBGLfaJri\QUPbNnW.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297160 2015-04-29] (Advanced Micro Devices)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R3 AmdGpio2; C:\Windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-03-26] (Advanced Micro Devices, Inc. )
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-03-26] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-02-13] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24592 2015-05-12] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [49368 2014-12-17] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4104408 2015-05-14] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 11:37 - 2016-04-07 11:37 - 00000000 ____D C:\FRST
2016-04-07 11:35 - 2016-04-07 11:35 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-07 11:35 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Local\Mozilla
2016-04-07 11:35 - 2016-04-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-07 11:34 - 2016-04-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 11:06 - 2016-04-07 11:37 - 00000000 ____D C:\Users\Edan\Desktop\Malware Removal Tools
2016-04-07 08:25 - 2016-04-07 08:25 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-06 11:35 - 2016-04-06 11:35 - 02884096 _____ (niemiro) C:\Users\Edan\Desktop\SFCFix.exe
2016-04-05 21:42 - 2016-04-05 21:42 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E16.HDTV.x264-LOL[rarbg]
2016-04-05 21:42 - 2016-04-05 21:42 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E15.HDTV.x264-LOL[rarbg]
2016-04-05 21:37 - 2016-04-05 21:37 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E14.HDTV.x264-LOL[rarbg]
2016-04-05 21:36 - 2016-04-05 21:43 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E13.HDTV.x264-KILLERS[ettv]
2016-04-05 21:34 - 2016-04-05 21:41 - 250539187 ____R C:\Users\Edan\Downloads\Gotham.S02E11.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E12.HDTV.x264-LOL[rarbg]
2016-04-05 21:21 - 2016-04-05 21:29 - 243121753 ____R C:\Users\Edan\Downloads\Gotham.S02E09.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:21 - 2016-04-05 21:27 - 231998773 ____R C:\Users\Edan\Downloads\Gotham.S02E10.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:20 - 2016-04-05 21:30 - 285918288 ____R C:\Users\Edan\Downloads\Gotham.S02E08.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:18 - 2016-04-05 21:29 - 251988797 ____R C:\Users\Edan\Downloads\Gotham.S02E07.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:17 - 2016-04-05 21:25 - 302962032 ____R C:\Users\Edan\Downloads\Gotham.S02E06.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:05 - 2016-04-05 21:05 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E10.HDTV.x264-FLEET[rarbg]
2016-04-05 20:47 - 2016-04-05 20:48 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E03.HDTV.x264-FLEET[rarbg]
2016-04-05 15:40 - 2016-04-06 16:56 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-05 13:39 - 2016-04-05 13:44 - 00000000 ____D C:\Users\Edan\Desktop\MARTIFER SOLAR
2016-04-04 20:16 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E16.HDTV.x264-LOL[ettv]
2016-04-04 20:05 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E10.HDTV.x264-FLEET[rarbg]
2016-04-04 18:35 - 2016-04-05 22:59 - 00000000 ____D C:\Users\Edan\Downloads\Blue Bloods
2016-04-04 18:34 - 2016-04-05 21:09 - 00000000 ____D C:\Users\Edan\Downloads\Fresh off the Boat
2016-04-04 15:24 - 2016-04-04 15:28 - 00000000 ____D C:\Program Files\Recuva
2016-04-04 15:24 - 2016-04-04 15:24 - 00001681 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-04-04 15:24 - 2016-04-04 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-04 15:12 - 2016-04-04 20:07 - 00000000 ____D C:\Users\Edan\Downloads\Vikings.S04E02.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:41 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E15.HDTV.x264-LOL[rarbg]
2016-04-04 14:36 - 2016-04-05 21:18 - 240765884 ____R C:\Users\Edan\Downloads\Gotham.S02E04.HDTV.x264-LOL[eztv].mp4
2016-04-04 14:36 - 2016-04-04 14:36 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E05.HDTV.x264-LOL[rarbg]
2016-04-04 14:35 - 2016-04-05 21:20 - 271833678 ____R C:\Users\Edan\Downloads\Gotham.S02E03.HDTV.x264-LOL[eztv].mp4
2016-04-04 14:35 - 2016-04-04 14:35 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E02.HDTV.x264-LOL[rarbg]
2016-04-04 14:35 - 2016-04-04 14:35 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E01.PROPER.HDTV.x264-W4F[rarbg]
2016-04-04 14:23 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E09.HDTV.x264-FLEET[rarbg]
2016-04-04 14:23 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E08.HDTV.x264-FLEET[rarbg]
2016-04-04 14:22 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E07.HDTV.x264-FLEET[rarbg]
2016-04-04 14:22 - 2016-04-04 20:16 - 281549761 _____ C:\Users\Edan\Downloads\Colony.S01E06.HDTV.x264-KILLERS[eztv].mp4
2016-04-04 14:10 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E08.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:10 - 2016-04-05 21:07 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E09.HDTV.x264-KILLERS[ettv]
2016-04-04 14:09 - 2016-04-05 20:55 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E06.HDTV.x264-FLEET[rarbg]
2016-04-04 14:09 - 2016-04-04 14:11 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E05.HDTV.x264-FLEET[rarbg]
2016-04-04 14:09 - 2016-04-04 14:10 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E07.HDTV.x264-FLEET[rarbg]
2016-04-04 14:08 - 2016-04-05 20:52 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E04.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:08 - 2016-04-04 14:08 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E03.INTERNAL.720p.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:07 - 2016-04-05 20:54 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E02.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:07 - 2016-04-05 20:50 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E01.HDTV.x264-KILLERS[rarbg]
2016-04-04 13:29 - 2016-04-04 14:05 - 00000000 ____D C:\Users\Edan\Downloads\Bloodline.S01E06.WEBRip.x264-2HD[rarbg]
2016-04-04 11:35 - 2016-04-04 11:35 - 00872506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-02 13:01 - 2016-04-02 13:01 - 00000000 ____D C:\Users\Edan\Desktop\WoW Tank
2016-04-01 13:49 - 2016-04-01 13:50 - 00000597 _____ C:\DelFix.txt
2016-04-01 13:45 - 2016-04-01 13:45 - 00000000 ____D C:\ProgramData\ESET
2016-04-01 13:44 - 2016-04-01 13:44 - 02991832 _____ (ESET) C:\Users\Edan\Desktop\ERARemover_x64.exe
2016-04-01 10:57 - 2016-04-01 10:57 - 00000000 ____D C:\Windows\system32\tont
2016-04-01 10:56 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Mozilla
2016-04-01 10:55 - 2016-04-01 10:55 - 00000000 ____D C:\ProgramData\Konksolexs
2016-04-01 10:54 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files\ktip
2016-04-01 10:54 - 2016-04-01 10:54 - 06504960 _____ C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 00018432 _____ C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:53 - 2016-04-01 10:59 - 00000000 ____D C:\ProgramData\ovZBGLfaJri
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-04-01 10:51 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Company
2016-04-01 10:51 - 2016-04-01 10:54 - 00282834 _____ C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 00127488 _____ C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:51 - 2016-04-01 10:51 - 00003336 _____ C:\Windows\System32\Tasks\Magboffe
2016-04-01 10:51 - 2016-04-01 10:51 - 00000002 _____ C:\END
2016-04-01 10:51 - 2016-04-01 10:51 - 00000000 ____D C:\uninst
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Huudijei
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\KokoMoss
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-04-01 10:50 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files (x86)\QuickSearch
2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\tuto_monetize_220160330
2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\Tempfolder
2016-04-01 10:48 - 2016-04-01 12:40 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-03-31 11:38 - 2016-03-31 11:38 - 00071658 _____ C:\Users\Edan\Desktop\Copy of Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx
2016-03-20 02:25 - 2016-03-20 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 11:00 - 2016-03-19 11:00 - 00000000 ____D C:\Users\Edan\AppData\Local\CyberLink
2016-03-18 13:54 - 2016-03-18 13:54 - 00071395 _____ C:\Users\Edan\Desktop\Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx
2016-03-10 16:50 - 2016-03-10 16:50 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Google
2016-03-09 13:54 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 13:54 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 13:54 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 13:54 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-09 13:54 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 13:54 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 13:54 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-09 13:54 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 13:54 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 13:54 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 13:54 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 13:54 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 13:54 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 13:54 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 13:54 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 13:54 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 13:54 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 13:54 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 13:54 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-09 13:54 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 13:54 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 13:54 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-09 13:54 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 13:54 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 13:54 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 13:54 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 13:54 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 13:54 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-09 13:54 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 13:54 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 13:00 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 13:00 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 13:00 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-09 13:00 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-09 12:58 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-09 12:55 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-09 12:55 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-09 12:51 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 12:41 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 12:41 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 12:16 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 12:16 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 12:16 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 12:16 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 12:16 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 12:16 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 12:16 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 12:16 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 12:16 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 12:16 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 12:16 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 11:55 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-03-09 11:40 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-03-09 11:40 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-03-09 11:30 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 11:30 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 11:30 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 11:30 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 11:30 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 11:10 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-09 11:10 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-09 11:06 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 11:06 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 11:06 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-03-09 11:01 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-03-09 10:51 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-03-09 10:51 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-03-09 10:51 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-09 10:48 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-03-09 10:48 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-03-09 10:48 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-03-09 10:47 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 10:47 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 10:46 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 10:46 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-09 10:46 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-09 10:46 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 10:46 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 10:46 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-03-09 10:43 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 10:38 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 10:38 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 10:38 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 10:38 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 10:30 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-09 10:30 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-09 10:30 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 11:05 - 2015-12-13 16:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-30525436-3099372120-3077259939-1001
2016-04-07 11:00 - 2015-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 10:13 - 2014-11-21 00:09 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 10:13 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-04-06 23:55 - 2015-12-16 23:56 - 00000000 ____D C:\Users\Edan\AppData\Roaming\vlc
2016-04-06 21:41 - 2015-12-15 09:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-06 10:27 - 2015-12-14 00:19 - 00000000 ___RD C:\Users\Edan\Dropbox
2016-04-06 10:12 - 2015-12-17 14:36 - 00000000 ____D C:\Users\Edan\AppData\Local\Deployment
2016-04-06 10:12 - 2015-12-14 00:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Dropbox
2016-04-06 10:10 - 2015-12-13 16:31 - 00000000 ____D C:\Users\Edan\OneDrive
2016-04-06 10:09 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-06 10:08 - 2015-06-30 03:14 - 01057529 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-04-06 10:08 - 2015-06-30 03:11 - 00065536 _____ C:\Windows\psp_storage.bin
2016-04-06 08:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
2016-04-05 23:50 - 2015-12-13 23:31 - 00000000 ____D C:\Users\Edan\Documents\Outlook Files
2016-04-05 13:27 - 2015-06-30 04:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-05 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
2016-04-05 13:26 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-05 08:58 - 2015-12-15 12:20 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-04-05 08:58 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-04-05 08:57 - 2015-12-13 18:02 - 00000000 ____D C:\Users\Edan\AppData\Local\Battle.net
2016-04-04 21:01 - 2015-12-13 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-04-04 20:34 - 2015-12-13 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-04 16:27 - 2016-01-18 21:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-04-04 13:29 - 2015-12-13 16:22 - 00000000 ____D C:\Users\Edan
2016-04-04 12:57 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-04-01 16:28 - 2015-12-14 00:07 - 00000000 ____D C:\ProgramData\Adobe
2016-04-01 16:27 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-01 16:27 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Adobe
2016-04-01 12:55 - 2015-06-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-01 12:48 - 2016-03-01 20:03 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2016-04-01 12:48 - 2016-02-26 09:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-04-01 12:48 - 2016-01-24 21:36 - 00001288 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2016-04-01 12:48 - 2015-12-19 02:50 - 00001036 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-04-01 12:48 - 2015-12-15 09:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-01 12:48 - 2015-12-14 23:10 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-01 12:48 - 2015-12-14 00:07 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-01 12:48 - 2015-12-14 00:07 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-01 12:48 - 2015-12-13 18:46 - 00001253 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-04-01 12:48 - 2015-12-13 18:02 - 00001161 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-04-01 12:48 - 2015-12-13 16:25 - 00001453 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-01 12:48 - 2015-12-13 16:22 - 00000469 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-04-01 12:48 - 2015-12-13 16:22 - 00000467 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00000338 _____ C:\Users\Public\Desktop\Booking.com.lnk
2016-04-01 12:48 - 2015-06-30 04:05 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2016-04-01 12:48 - 2015-06-30 04:05 - 00002087 _____ C:\Users\Public\Desktop\eBay.lnk
2016-04-01 12:48 - 2015-06-30 03:55 - 00002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-04-01 12:48 - 2015-06-30 03:55 - 00002545 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2016-04-01 12:48 - 2015-06-30 03:54 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-01 12:48 - 2015-06-30 03:52 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-04-01 12:48 - 2015-06-30 03:52 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-04-01 12:48 - 2015-06-30 03:42 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
2016-04-01 12:47 - 2016-01-14 21:33 - 00001822 _____ C:\Users\Edan\Desktop\MagicISO.lnk
2016-04-01 12:47 - 2015-12-14 00:19 - 00001253 _____ C:\Users\Edan\Desktop\Dropbox.lnk
2016-04-01 12:47 - 2015-12-13 19:38 - 00002631 _____ C:\Users\Edan\Desktop\µTorrent.lnk
2016-04-01 11:01 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-01 08:38 - 2015-12-13 17:52 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0472D516-BDDE-4B90-A602-E2488620D075}
2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-22 15:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-20 02:26 - 2015-12-14 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-19 11:00 - 2015-06-30 03:33 - 00000000 ____D C:\ProgramData\CyberLink
2016-03-19 09:46 - 2016-01-24 21:36 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-03-11 23:03 - 2013-08-22 15:44 - 05102224 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 18:10 - 2016-01-20 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-11 18:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-03-11 18:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-03-11 14:01 - 2016-02-04 17:27 - 00000000 ____D C:\Users\Edan\Desktop\Fråncis Court
2016-03-11 10:14 - 2015-12-13 21:23 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 10:08 - 2015-12-13 21:22 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 16:27 - 2015-12-13 16:28 - 00000000 ____D C:\Users\Edan\AppData\Local\Google
2016-03-10 14:09 - 2015-12-15 09:37 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-12-15 09:37 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-12-15 09:37 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 10:54 - 2015-12-13 19:13 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 10:54 - 2015-12-13 19:13 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 10:54 - 2015-12-13 19:13 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-08 08:00 - 2016-01-20 12:19 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:00 - 2016-01-20 12:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-04-01 10:54 - 2016-04-01 10:54 - 6504960 _____ () C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 1626416 _____ () C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:51 - 2016-04-01 10:54 - 0282834 _____ () C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 0127488 _____ () C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:53 - 2016-04-01 10:53 - 0072699 _____ () C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 0018432 _____ () C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 1626416 _____ () C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 0072699 _____ () C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2015-06-30 03:16 - 2015-06-30 03:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Edan\AppData\Local\Temp\4M9G5GM3KT.exe
C:\Users\Edan\AppData\Local\Temp\53C9.tmp.exe
C:\Users\Edan\AppData\Local\Temp\7J9EXEGSGD.exe
C:\Users\Edan\AppData\Local\Temp\A0SKQK5M9W.exe
C:\Users\Edan\AppData\Local\Temp\BJCAZAEUEE.exe
C:\Users\Edan\AppData\Local\Temp\OFE9O0SM2W.exe
C:\Users\Edan\AppData\Local\Temp\ose00000.exe
C:\Users\Edan\AppData\Local\Temp\ose00001.exe
C:\Users\Edan\AppData\Local\Temp\T6WKERJC31.exe
C:\Users\Edan\AppData\Local\Temp\VNZ31D6LKN.exe
C:\Users\Edan\AppData\Local\Temp\xDL7c2L01r.exe
C:\Users\Edan\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Edan\AppData\Local\Temp\Y75XFM7U7R.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 08:32

==================== End of FRST.txt ============================
Additional Scan Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Edan (2016-04-07 11:38:57)
Running from C:\Users\Edan\Desktop\Malware Removal Tools
Windows 8.1 (X64) (2015-12-13 15:24:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-30525436-3099372120-3077259939-500 - Administrator - Disabled)
Edan (S-1-5-21-30525436-3099372120-3077259939-1001 - Administrator - Enabled) => C:\Users\Edan
Guest (S-1-5-21-30525436-3099372120-3077259939-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{5D393971-8762-D63E-7CEA-69DDDE320E43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse Client (HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5110.05 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{06086A5E-DEB1-4144-BF3E-5FF616084752}) (Version: 1.02.3300 - DTS, Inc.)
ELAN Touchpad 11.8.41.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.41.2 - ELAN Microelectronic Corp.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{44A9B4E1-778E-A65A-474C-7892EB03C399}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.35.2015.0401 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.35.2015.0401 - REALTEK Semiconductor Corp) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7438 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0005 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0005 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5C2187E2-AC40-4E5A-B92E-98E203C3DD92}) (Version: 1.2.15.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.8.6402 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.12.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0052 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.10.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.7.0 - Toshiba Europe GmbH)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EDBD35-E0CB-43E2-9290-149A145B139A} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {1B3827E7-F378-4AB3-AE8E-3D143DAF375A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-11-24] (Toshiba Europe GmbH)
Task: {21748A8D-BDFC-4B8A-80D0-627D64555A8F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {3668EF61-59D7-4C28-BF4E-0CD2458D280C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3EE4D5CD-C2C8-4B14-9FEC-B635911BAABB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {47783331-8329-4CBD-AC86-E70B505B5BBA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-17] (McAfee, Inc.)
Task: {4CC6F73C-7E5B-4C47-A5EE-425650C1194D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {53660912-F046-48F3-9017-951C006BD22B} - System32\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {542E19A6-8897-4C24-96EE-576E16ADE9B2} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-17] (McAfee, Inc.)
Task: {58C546C5-75C5-4570-A4C5-5DB320D15ADE} - \{050B0A47-090E-0509-7811-7F050A7E110D} -> No File <==== ATTENTION
Task: {5F009F54-EA0F-47E6-ABBA-5EB7E90B40BE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-01-22] (Realtek Semiconductor)
Task: {76FA8071-F2A7-4298-AEEB-405B5560D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {7872FCD3-C4A6-4807-80FC-03D48DB6C35F} - no filepath
Task: {8C7DAA11-4D41-4A8F-A98B-5564EA2FB25C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {9BF699F6-F6BA-428C-BA21-377F8DD6CA5A} - no filepath
Task: {A98F1B24-4742-46CF-BD18-0D854035C0C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AA3F3F52-596B-4020-917A-A7E00A3692C0} - \{780E7847-7A04-7E05-0E11-0E057A7E110D} -> No File <==== ATTENTION
Task: {AB0C17D8-559D-49DE-A52E-35348F68A0F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {B430654E-1D5A-4B8E-920B-F1B68B2A56CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {B6340CC2-CD27-4786-BA59-02CC8170E165} - \Seventh -> No File <==== ATTENTION
Task: {B77FED3E-D802-4E98-ACBA-B1E62DFD5804} - \Genius -> No File <==== ATTENTION
Task: {CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE} - \Genius_Interval -> No File <==== ATTENTION
Task: {D7002724-3A49-4FD5-865A-3D47C6171C5C} - System32\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {DE5A41E1-CD8B-4A83-ACCF-D9AC51D45B4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {E69FCC7E-11E5-4EE5-A4A5-6EAD998D2B99} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {E8439BEA-386D-486B-8EC4-0BDC1EEA049C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ED4972B3-0F6F-45AA-9FBB-5D47195C102C} - \Sixth -> No File <==== ATTENTION
Task: {EDC834CB-190F-46E4-A0BF-90B0FDC118CA} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-03-24] ()
Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - System32\Tasks\Magboffe => C:\PROGRA~1\LETOIH~1\Resrad.bat

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{A914118D-C8B4-43B3-932B-6598A448DFCA} /F:UpdateWORKGROUP\WORK_LAPTOP$ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-18 18:31 - 2015-03-18 18:31 - 00108248 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-04-28 20:30 - 2015-04-28 20:30 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-02-12 10:20 - 2016-02-23 19:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-20 02:24 - 2016-02-23 19:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-12 10:20 - 2016-02-23 19:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-12 10:20 - 2016-02-23 19:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-20 02:24 - 2016-02-23 19:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-20 02:24 - 2016-02-23 19:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-20 02:24 - 2016-02-23 19:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-20 02:24 - 2016-03-12 01:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-12 10:20 - 2016-02-23 19:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-20 02:24 - 2016-02-23 19:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-20 02:24 - 2016-02-23 19:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-14 00:13 - 2016-02-23 19:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-02-12 10:20 - 2016-02-23 19:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> amazon.co.uk
IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\amazon.co.uk -> amazon.co.uk

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-04-06 09:08 - 00001177 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 403 - Forbidden: Access is denied.
127.0.0.1 403 - ????: ??????
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 403 - Forbidden: Access is denied.
127.0.0.1 403 - ????: ??????
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3508B7B4-CC0A-4AC1-B311-3E692FF9BBD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{BA4D0AD8-14C1-4BD8-A469-04254DAE07AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2676D1AA-F4EB-4E36-B691-8C9E0E859D60}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8381C3F8-5895-49E4-9C37-300BD0A7C682}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4C479A4A-B639-4306-B687-2C6145C1442E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AD4B2A5-5E0B-4AEA-8B15-5812D3E14653}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7638218F-D058-4A09-B1FF-81F91DA3104D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{028E03C1-075B-48BD-9A3B-DF0B0FD09012}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F155AAA-0362-48DA-9955-1529354BED36}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAD0B7ED-D3D5-4BEF-9036-567E31F96DB4}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B728EBB-16A0-4535-A773-4B73C2A17EBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF57C866-4208-476F-933E-574E7119BEBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08314B54-0EDB-4943-9EC3-F4B68C7C6D3A}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52AAF94B-31CE-4684-B444-95EFDBCB7F77}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{19A084C7-7EC5-453E-B227-A1BF08E51723}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C2409380-7405-49C0-B20C-AC8CCEDCE53F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B593DD88-9E2C-40A2-BC22-6DB2B451E77F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C43680AA-49C4-4309-880B-6AB23C963303}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{CF78131B-9F3F-44B5-A0E6-05EA67141B05}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{E5E4231E-B480-4A98-A3BB-5A8445129D44}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{237207EE-96F1-4355-A1C5-A5C0DB6A9C5E}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4F301753-1F88-4B16-B039-D8C512407367}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{412FC608-9341-4BE2-92FA-1C90A509879C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{72D839ED-23FF-4426-9733-92CD07D8C0C7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE6C248C-4E47-433F-9BD1-B19F6862CED4}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6265EA47-485E-436B-9BAD-7C62E255FE18}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{42C51F92-6241-4DC7-A79A-10E0048C5D33}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0EABE452-3500-4268-85C2-51DE6902E0DB}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{A178C2F2-3504-4B55-A9D5-7AD6DA38D922}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{35544114-402A-4492-9AFF-2C48070D58C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CF16929-8C99-4E38-8B5C-EB720A30FE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

01-04-2016 13:49:50 End of disinfection
07-04-2016 10:57:03 Removed Google Earth

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2016 11:27:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19e8

Start Time: 01d190b7ef6d7eb6

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 43f4cf1b-fcab-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:22:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd8

Start Time: 01d190b74b16d845

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 958d1f5e-fcaa-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:21:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1628

Start Time: 01d190b73f5cd3b5

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 85074428-fcaa-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:10:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ac4

Start Time: 01d18fe5b9b10ea3

Termination Time: 125

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: f919d492-fca8-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:09:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1464

Start Time: 01d190b017ae6b42

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: d08bc272-fca8-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 10:48:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c84

Start Time: 01d190b25927007b

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: dac8301b-fca5-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 10:45:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 304

Start Time: 01d190b225d9ff6d

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 8318652f-fca5-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 10:30:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ea4

Start Time: 01d190ac59c89a38

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 4f00b6ce-fca3-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/06/2016 09:08:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_LAPTOP)
Description: Activation of application Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/06/2016 03:38:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1048

Start Time: 01d19005c48624c1

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 2b5477fe-fc05-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/07/2016 09:13:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (04/06/2016 12:33:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/06/2016 12:33:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/06/2016 10:35:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (04/06/2016 10:35:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (04/06/2016 10:35:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (04/06/2016 10:14:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service did not respond on starting.

Error: (04/06/2016 10:12:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/06/2016 10:11:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/06/2016 10:11:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


==================== Memory info ===========================

Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 35%
Total physical RAM: 7641.24 MB
Available physical RAM: 4933.13 MB
Total Virtual: 11481.24 MB
Available Virtual: 8460.46 MB

==================== Drives ================================

Drive c: (TI31475500A) (Fixed) (Total:919.66 GB) (Free:826.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

And finally the RGSA Scan Log:

Result of Security Analysis by Rocket Grannie (x86) version: 28th March 2016
Running from:C:\Users\Edan\Desktop\Malware Removal Tools (11:50:43 - 04/07/2016)
***---------------------------------------------------------***
Microsoft Windows 8.1 X64
UAC is *Disabled*
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
McAfee Anti-Virus and Anti-Spyware 335872 up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
McAfee Firewall
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin is not installed
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox (version 45)

***----------------Analysis Complete-------------------------***

I look forward to your responce.
 
Hi, eparvus.

Licensing Diag


  • Press Ctrl + S on your keyboard at the same time. Type CMD, right-click Command Prompt and click Run as administrator.
  • Copy the bold text below and paste (right-click + Paste) into the Command Prompt. Press Enter on your keyboard.

    Licensingdiag.exe -report %userprofile%\desktop\LDReport.txt -log %userprofile%\desktop\repfiles.cab

  • Upon completion, (The operation completed successfully) type Exit and press Enter on your keyboard.
  • A log (LDReport.txt) will be saved to your Desktop. Copy the contents of the log and paste in your next reply.
 
Hi Corrine
Thanks for the reply, i did what you asked and have attached the log below,

<DiagReport>
<LicensingData>
<ToolVersion>6.3.9600.16384</ToolVersion>
<LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
<LicensingStatusReason>0x00000000</LicensingStatusReason>
<LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
<LocalGenuineResultP>1</LocalGenuineResultP>
<LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
<GraceTimeMinutes>0</GraceTimeMinutes>
<TotalGraceDays>0</TotalGraceDays>
<ValidityExpiration></ValidityExpiration>
<ActivePartialProductKey>J2M8Q</ActivePartialProductKey>
<ActiveProductKeyPid2>00258-61936-52415-AAOEM</ActiveProductKeyPid2>
<OSVersion>6.3.9600.2.00010300.0.0.101</OSVersion>
<ProductName>Windows 8.1</ProductName>
<ProcessorArchitecture>x64</ProcessorArchitecture>
<EditionId>Core</EditionId>
<BuildLab>9600.winblue_ltsb.160119-0600</BuildLab>
<TimeZone>GMT Standard Time(GMT+01:00)</TimeZone>
<ActiveSkuId>c7c00280-b24d-4e82-89ca-4f1288eb1d9e</ActiveSkuId>
<ActiveSkuDescription>Windows(R) Operating System, OEM_DM channel</ActiveSkuDescription>
<ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
<ActiveProductKeyPKeyId>ed415a29-0ce5-b70a-f830-d9bb77db07d8</ActiveProductKeyPKeyId>
<ActiveProductKeyPidEx>06401-02586-193-652415-02-2057-9600.0000-1812015</ActiveProductKeyPidEx>
<ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
<ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
<OfflineInstallationId>198893266182721422641245415670503545431851720058470400459463682</OfflineInstallationId>
<DomainJoined>false</DomainJoined>
<ComputerSid>S-1-5-21-30525436-3099372120-3077259939</ComputerSid>
<ProductLCID>2057</ProductLCID>
<UserLCID>2057</UserLCID>
<SystemLCID>2057</SystemLCID>
<CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
<ServiceAvailable>true</ServiceAvailable>
<OemMarkerVersion>0x00020001</OemMarkerVersion>
<OemId>TOSQCI</OemId>
<OemTableId>TOSQCI00</OemTableId>
<Manufacturer>TOSHIBA</Manufacturer>
<Model>SATELLITE L50D-C</Model>
<InstallDate>20151213152413.000000+000</InstallDate>
</LicensingData>
<HealthCheck>
<Result>PASS</Result>
<TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
<ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=J028;OptionalInfoId=3pPec9HIMMXaShhSA/9g1gCc4FfAgQmUE82RDvkhe3U7hmZUnt1RiCxLiJjU05QO;Pid=RAQg7GqF0F2Lzor48QU5TFcWmEp3oygLUUtXRb/XAGU=;SkuId=c7c00280-b24d-4e82-89ca-4f1288eb1d9e;TimeStampServer=2015-12-13T15:27:37Z;</ServerProps>
</GenuineAuthz>
</DiagReport>


Hope this is helpful.
 
Thank you, eparvus.

I asked you to run the above when AutoKMS showed up in your logs. C:\WINDOWS\AutoKMS\AutoKMS.exe is a hack/pirate tool used for activation of Microsoft Office 2010. Your use of utorrent is likely how your computer got infected and why you are having problems with it. However, we do not condone piracy. If you wish assistance in cleaning your computer, uninstall the illegal/pirated software and post fresh FRST logs.
 
Hi Corrine

Sorry about that, the offending software has been removed and I've rescanned. Please see below for the scans;

FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Edan (administrator) on WORK_LAPTOP (08-04-2016 19:34:52)
Running from C:\Users\Edan\Desktop\Malware Removal Tools
Loaded Profiles: Edan (Available Profiles: Edan)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILHE.EXE
() C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
(Curse) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-12-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-10] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-04-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1176632 2015-06-30] (Spotify Ltd)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.EXE [297024 2014-12-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-03-19] ()
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-17] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1C84DDF6-6053-411B-B1A6-2728C43E35C9}: [DhcpNameServer] 40.42.1.201 40.42.1.203
Tcpip\..\Interfaces\{4576CB61-C54C-4A88-8779-83836B12E07A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> DefaultScope {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-30525436-3099372120-3077259939-1001 -> {0D5CD1E5-87A7-4900-8CEB-62C9073CD7E8} URL =
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-03-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Edan\AppData\Roaming\Mozilla\Firefox\Profiles\t73w7jeu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-02] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-04-28] () [File not signed]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [115200 2015-04-28] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [108248 2015-03-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19928 2015-03-24] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-05-08] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2015-03-26] (Advanced Micro Devices, Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-11-24] (Toshiba Europe GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Mondihto; "C:\Users\Edan\AppData\Roaming\ZiiuhfBeo\Jicijo.exe" -cms [X]
S2 QUPbNnW; "C:\ProgramData\ovZBGLfaJri\QUPbNnW.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297160 2015-04-29] (Advanced Micro Devices)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R3 AmdGpio2; C:\Windows\System32\drivers\AmdGpio2.sys [25288 2015-01-13] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [92360 2015-03-26] (Advanced Micro Devices, Inc. )
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [264904 2015-03-26] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-02-13] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24592 2015-05-12] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [49368 2014-12-17] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4104408 2015-05-14] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 19:16 - 2016-04-08 19:16 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-07 21:12 - 2016-04-07 21:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Macromedia
2016-04-07 21:10 - 2016-04-08 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 21:10 - 2016-04-07 21:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 11:37 - 2016-04-08 19:34 - 00000000 ____D C:\FRST
2016-04-07 11:35 - 2016-04-07 11:41 - 00000000 ____D C:\Users\Edan\AppData\Local\Mozilla
2016-04-07 11:35 - 2016-04-07 11:35 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-07 11:35 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-07 11:35 - 2016-04-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-07 11:34 - 2016-04-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 11:06 - 2016-04-08 19:34 - 00000000 ____D C:\Users\Edan\Desktop\Malware Removal Tools
2016-04-06 11:35 - 2016-04-06 11:35 - 02884096 _____ (niemiro) C:\Users\Edan\Desktop\SFCFix.exe
2016-04-05 21:42 - 2016-04-05 21:42 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E16.HDTV.x264-LOL[rarbg]
2016-04-05 21:42 - 2016-04-05 21:42 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E15.HDTV.x264-LOL[rarbg]
2016-04-05 21:37 - 2016-04-05 21:37 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E14.HDTV.x264-LOL[rarbg]
2016-04-05 21:36 - 2016-04-05 21:43 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E13.HDTV.x264-KILLERS[ettv]
2016-04-05 21:34 - 2016-04-05 21:41 - 250539187 ____R C:\Users\Edan\Downloads\Gotham.S02E11.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E12.HDTV.x264-LOL[rarbg]
2016-04-05 21:21 - 2016-04-05 21:29 - 243121753 ____R C:\Users\Edan\Downloads\Gotham.S02E09.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:21 - 2016-04-05 21:27 - 231998773 ____R C:\Users\Edan\Downloads\Gotham.S02E10.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:20 - 2016-04-05 21:30 - 285918288 ____R C:\Users\Edan\Downloads\Gotham.S02E08.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:18 - 2016-04-05 21:29 - 251988797 ____R C:\Users\Edan\Downloads\Gotham.S02E07.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:17 - 2016-04-05 21:25 - 302962032 ____R C:\Users\Edan\Downloads\Gotham.S02E06.HDTV.x264-LOL[eztv].mp4
2016-04-05 21:05 - 2016-04-05 21:05 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E10.HDTV.x264-FLEET[rarbg]
2016-04-05 20:47 - 2016-04-05 20:48 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E03.HDTV.x264-FLEET[rarbg]
2016-04-05 13:39 - 2016-04-05 13:44 - 00000000 ____D C:\Users\Edan\Desktop\MARTIFER SOLAR
2016-04-04 20:16 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Quantico.S01E16.HDTV.x264-LOL[ettv]
2016-04-04 20:05 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E10.HDTV.x264-FLEET[rarbg]
2016-04-04 18:35 - 2016-04-05 22:59 - 00000000 ____D C:\Users\Edan\Downloads\Blue Bloods
2016-04-04 18:34 - 2016-04-05 21:09 - 00000000 ____D C:\Users\Edan\Downloads\Fresh off the Boat
2016-04-04 15:24 - 2016-04-04 15:28 - 00000000 ____D C:\Program Files\Recuva
2016-04-04 15:24 - 2016-04-04 15:24 - 00001681 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-04-04 15:24 - 2016-04-04 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-04 15:12 - 2016-04-07 23:30 - 00000000 ____D C:\Users\Edan\Downloads\Vikings.S04E02.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:36 - 2016-04-05 21:18 - 240765884 ____R C:\Users\Edan\Downloads\Gotham.S02E04.HDTV.x264-LOL[eztv].mp4
2016-04-04 14:36 - 2016-04-04 14:36 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E05.HDTV.x264-LOL[rarbg]
2016-04-04 14:35 - 2016-04-05 21:20 - 271833678 ____R C:\Users\Edan\Downloads\Gotham.S02E03.HDTV.x264-LOL[eztv].mp4
2016-04-04 14:35 - 2016-04-04 14:35 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E02.HDTV.x264-LOL[rarbg]
2016-04-04 14:35 - 2016-04-04 14:35 - 00000000 ____D C:\Users\Edan\Downloads\Gotham.S02E01.PROPER.HDTV.x264-W4F[rarbg]
2016-04-04 14:23 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E09.HDTV.x264-FLEET[rarbg]
2016-04-04 14:23 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E08.HDTV.x264-FLEET[rarbg]
2016-04-04 14:22 - 2016-04-04 20:33 - 00000000 ____D C:\Users\Edan\Downloads\Colony.S01E07.HDTV.x264-FLEET[rarbg]
2016-04-04 14:22 - 2016-04-04 20:16 - 281549761 _____ C:\Users\Edan\Downloads\Colony.S01E06.HDTV.x264-KILLERS[eztv].mp4
2016-04-04 14:10 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E08.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:10 - 2016-04-05 21:07 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E09.HDTV.x264-KILLERS[ettv]
2016-04-04 14:09 - 2016-04-05 20:55 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E06.HDTV.x264-FLEET[rarbg]
2016-04-04 14:09 - 2016-04-04 14:11 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E05.HDTV.x264-FLEET[rarbg]
2016-04-04 14:09 - 2016-04-04 14:10 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E07.HDTV.x264-FLEET[rarbg]
2016-04-04 14:08 - 2016-04-05 20:52 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E04.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:08 - 2016-04-04 14:08 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E03.INTERNAL.720p.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:07 - 2016-04-05 20:54 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E02.HDTV.x264-KILLERS[rarbg]
2016-04-04 14:07 - 2016-04-05 20:50 - 00000000 ____D C:\Users\Edan\Downloads\American.Crime.S02E01.HDTV.x264-KILLERS[rarbg]
2016-04-04 13:29 - 2016-04-04 14:05 - 00000000 ____D C:\Users\Edan\Downloads\Bloodline.S01E06.WEBRip.x264-2HD[rarbg]
2016-04-04 11:35 - 2016-04-04 11:35 - 00872506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-02 13:01 - 2016-04-02 13:01 - 00000000 ____D C:\Users\Edan\Desktop\WoW Tank
2016-04-01 13:49 - 2016-04-01 13:50 - 00000597 _____ C:\DelFix.txt
2016-04-01 13:45 - 2016-04-01 13:45 - 00000000 ____D C:\ProgramData\ESET
2016-04-01 13:44 - 2016-04-01 13:44 - 02991832 _____ (ESET) C:\Users\Edan\Desktop\ERARemover_x64.exe
2016-04-01 10:57 - 2016-04-01 10:57 - 00000000 ____D C:\Windows\system32\tont
2016-04-01 10:56 - 2016-04-07 11:35 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Mozilla
2016-04-01 10:55 - 2016-04-01 10:55 - 00000000 ____D C:\ProgramData\Konksolexs
2016-04-01 10:54 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files\ktip
2016-04-01 10:54 - 2016-04-01 10:54 - 06504960 _____ C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 00018432 _____ C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:53 - 2016-04-01 10:59 - 00000000 ____D C:\ProgramData\ovZBGLfaJri
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-04-01 10:51 - 2016-04-01 11:34 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Company
2016-04-01 10:51 - 2016-04-01 10:54 - 00282834 _____ C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 00127488 _____ C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:51 - 2016-04-01 10:51 - 00003336 _____ C:\Windows\System32\Tasks\Magboffe
2016-04-01 10:51 - 2016-04-01 10:51 - 00000002 _____ C:\END
2016-04-01 10:51 - 2016-04-01 10:51 - 00000000 ____D C:\uninst
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Huudijei
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\KokoMoss
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-04-01 10:50 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files (x86)\QuickSearch
2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\tuto_monetize_220160330
2016-04-01 10:50 - 2016-04-01 10:50 - 00000000 ____D C:\Users\Edan\AppData\Local\Tempfolder
2016-04-01 10:48 - 2016-04-01 12:40 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-03-31 11:38 - 2016-03-31 11:38 - 00071658 _____ C:\Users\Edan\Desktop\Copy of Copy of LS5246_Francis_Court_Non-Conformity_Tracker_2016.01.21_LS.xlsx
2016-03-20 02:25 - 2016-03-20 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 11:00 - 2016-03-19 11:00 - 00000000 ____D C:\Users\Edan\AppData\Local\CyberLink
2016-03-10 16:50 - 2016-03-10 16:50 - 00000000 ____D C:\Users\Edan\AppData\LocalLow\Google
2016-03-09 13:54 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 13:54 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 13:54 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 13:54 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-09 13:54 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 13:54 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 13:54 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-09 13:54 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 13:54 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 13:54 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 13:54 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 13:54 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 13:54 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 13:54 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 13:54 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 13:54 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 13:54 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 13:54 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 13:54 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-09 13:54 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 13:54 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 13:54 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-09 13:54 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 13:54 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 13:54 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 13:54 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 13:54 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 13:54 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-09 13:54 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 13:54 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 13:00 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 13:00 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 13:00 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-09 13:00 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-09 12:58 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-09 12:58 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-09 12:55 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-09 12:55 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-09 12:51 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 12:41 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 12:41 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 12:41 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 12:16 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 12:16 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 12:16 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 12:16 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 12:16 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 12:16 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 12:16 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 12:16 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 12:16 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 12:16 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 12:16 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 12:16 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 11:55 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-03-09 11:40 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-03-09 11:40 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-03-09 11:30 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 11:30 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 11:30 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 11:30 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 11:30 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 11:10 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-09 11:10 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-09 11:06 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 11:06 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 11:06 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-03-09 11:01 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-09 10:51 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-03-09 10:51 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-03-09 10:51 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-03-09 10:51 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-09 10:48 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-03-09 10:48 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-03-09 10:48 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-03-09 10:47 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 10:47 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 10:46 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 10:46 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-09 10:46 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-09 10:46 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 10:46 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 10:46 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-03-09 10:43 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 10:38 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 10:38 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 10:38 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 10:38 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 10:30 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-09 10:30 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-09 10:30 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 19:35 - 2015-12-14 00:19 - 00000000 ___RD C:\Users\Edan\Dropbox
2016-04-08 19:34 - 2015-12-17 14:36 - 00000000 ____D C:\Users\Edan\AppData\Local\Deployment
2016-04-08 19:34 - 2015-12-14 00:12 - 00000000 ____D C:\Users\Edan\AppData\Local\Dropbox
2016-04-08 19:34 - 2015-12-13 16:31 - 00000000 ___RD C:\Users\Edan\OneDrive
2016-04-08 19:33 - 2015-12-15 09:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 19:31 - 2015-06-30 03:14 - 01089128 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-04-08 19:30 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-08 19:30 - 2013-08-22 15:44 - 05099112 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-08 19:29 - 2015-06-30 04:25 - 00000000 ____D C:\Windows\OemDrv
2016-04-08 19:29 - 2015-06-30 03:11 - 00065536 _____ C:\Windows\psp_storage.bin
2016-04-08 19:28 - 2015-12-13 16:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-30525436-3099372120-3077259939-1001
2016-04-08 19:24 - 2015-12-13 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-08 19:23 - 2015-01-21 19:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-08 19:21 - 2014-11-20 23:51 - 00000000 ____D C:\Windows\ShellNew
2016-04-08 19:20 - 2013-08-22 14:25 - 00000108 _____ C:\Windows\win.ini
2016-04-08 19:19 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-08 17:02 - 2015-12-13 23:31 - 00000000 ____D C:\Users\Edan\Documents\Outlook Files
2016-04-08 15:00 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-04-08 14:42 - 2016-02-04 17:27 - 00000000 ____D C:\Users\Edan\Desktop\Fråncis Court
2016-04-08 14:19 - 2015-12-16 23:56 - 00000000 ____D C:\Users\Edan\AppData\Roaming\vlc
2016-04-08 11:23 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-04-07 21:10 - 2015-12-14 00:06 - 00000000 ____D C:\Users\Edan\AppData\Local\Adobe
2016-04-07 11:00 - 2015-06-30 04:04 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 10:13 - 2014-11-21 00:09 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-06 08:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\System
2016-04-05 13:27 - 2015-06-30 04:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-05 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
2016-04-05 13:26 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-05 08:58 - 2015-12-15 12:20 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-04-05 08:58 - 2015-12-15 12:20 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-04-05 08:57 - 2015-12-13 18:02 - 00000000 ____D C:\Users\Edan\AppData\Local\Battle.net
2016-04-04 21:01 - 2015-12-13 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-04-04 20:34 - 2015-12-13 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-04 16:27 - 2016-01-18 21:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-04-04 13:29 - 2015-12-13 16:22 - 00000000 ____D C:\Users\Edan
2016-04-04 12:57 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-04-01 16:28 - 2015-12-14 00:07 - 00000000 ____D C:\ProgramData\Adobe
2016-04-01 16:27 - 2015-12-14 00:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-01 16:27 - 2015-12-13 16:25 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Adobe
2016-04-01 12:55 - 2015-06-30 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-01 12:48 - 2016-03-01 20:03 - 00000080 _____ C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2016-04-01 12:48 - 2016-02-26 09:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-04-01 12:48 - 2016-01-24 21:36 - 00001288 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2016-04-01 12:48 - 2015-12-19 02:50 - 00001036 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-04-01 12:48 - 2015-12-15 09:37 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-01 12:48 - 2015-12-14 23:10 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-01 12:48 - 2015-12-14 00:07 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-01 12:48 - 2015-12-14 00:07 - 00002072 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-01 12:48 - 2015-12-13 18:46 - 00001253 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-04-01 12:48 - 2015-12-13 18:02 - 00001161 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-04-01 12:48 - 2015-12-13 16:25 - 00001453 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-01 12:48 - 2015-12-13 16:22 - 00000469 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-04-01 12:48 - 2015-12-13 16:22 - 00000467 _____ C:\Users\Edan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00002000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symbaloo.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00001942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-04-01 12:48 - 2015-06-30 04:09 - 00000338 _____ C:\Users\Public\Desktop\Booking.com.lnk
2016-04-01 12:48 - 2015-06-30 04:05 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2016-04-01 12:48 - 2015-06-30 04:05 - 00002087 _____ C:\Users\Public\Desktop\eBay.lnk
2016-04-01 12:48 - 2015-06-30 03:55 - 00002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-04-01 12:48 - 2015-06-30 03:55 - 00002545 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2016-04-01 12:48 - 2015-06-30 03:54 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-01 12:48 - 2015-06-30 03:52 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-04-01 12:48 - 2015-06-30 03:52 - 00002290 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-04-01 12:48 - 2015-06-30 03:42 - 00002051 _____ C:\Users\Public\Desktop\Manual.lnk
2016-04-01 12:47 - 2016-01-14 21:33 - 00001822 _____ C:\Users\Edan\Desktop\MagicISO.lnk
2016-04-01 12:47 - 2015-12-14 00:19 - 00001253 _____ C:\Users\Edan\Desktop\Dropbox.lnk
2016-04-01 12:47 - 2015-12-13 19:38 - 00002631 _____ C:\Users\Edan\Desktop\µTorrent.lnk
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-01 10:53 - 2015-12-15 09:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-01 08:38 - 2015-12-13 17:52 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0472D516-BDDE-4B90-A602-E2488620D075}
2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-26 06:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-26 06:47 - 2015-12-13 16:22 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-22 15:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-20 02:26 - 2015-12-14 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-19 11:00 - 2015-06-30 03:33 - 00000000 ____D C:\ProgramData\CyberLink
2016-03-19 09:46 - 2016-01-24 21:36 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-03-11 18:10 - 2016-01-20 12:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-11 18:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-03-11 18:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-03-11 10:14 - 2015-12-13 21:23 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 10:08 - 2015-12-13 21:22 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 16:27 - 2015-12-13 16:28 - 00000000 ____D C:\Users\Edan\AppData\Local\Google
2016-03-10 14:09 - 2015-12-15 09:37 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-12-15 09:37 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-12-15 09:37 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 10:54 - 2015-12-13 19:13 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 10:54 - 2015-12-13 19:13 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 10:54 - 2015-12-13 19:13 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

==================== Files in the root of some directories =======

2016-04-01 10:54 - 2016-04-01 10:54 - 6504960 _____ () C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 1626416 _____ () C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:51 - 2016-04-01 10:54 - 0282834 _____ () C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 0127488 _____ () C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:53 - 2016-04-01 10:53 - 0072699 _____ () C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 0018432 _____ () C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 1626416 _____ () C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 0072699 _____ () C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2015-06-30 03:16 - 2015-06-30 03:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Edan\AppData\Local\Temp\4M9G5GM3KT.exe
C:\Users\Edan\AppData\Local\Temp\53C9.tmp.exe
C:\Users\Edan\AppData\Local\Temp\7J9EXEGSGD.exe
C:\Users\Edan\AppData\Local\Temp\A0SKQK5M9W.exe
C:\Users\Edan\AppData\Local\Temp\BJCAZAEUEE.exe
C:\Users\Edan\AppData\Local\Temp\OFE9O0SM2W.exe
C:\Users\Edan\AppData\Local\Temp\ose00000.exe
C:\Users\Edan\AppData\Local\Temp\ose00001.exe
C:\Users\Edan\AppData\Local\Temp\T6WKERJC31.exe
C:\Users\Edan\AppData\Local\Temp\VNZ31D6LKN.exe
C:\Users\Edan\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Edan\AppData\Local\Temp\Y75XFM7U7R.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-28 08:32

==================== End of FRST.txt ============================


Additional Scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Edan (2016-04-08 19:36:47)
Running from C:\Users\Edan\Desktop\Malware Removal Tools
Windows 8.1 (X64) (2015-12-13 15:24:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-30525436-3099372120-3077259939-500 - Administrator - Disabled)
Edan (S-1-5-21-30525436-3099372120-3077259939-1001 - Administrator - Enabled) => C:\Users\Edan
Guest (S-1-5-21-30525436-3099372120-3077259939-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 2.15.20.0015 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{5D393971-8762-D63E-7CEA-69DDDE320E43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse Client (HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5110.05 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{06086A5E-DEB1-4144-BF3E-5FF616084752}) (Version: 1.02.3300 - DTS, Inc.)
ELAN Touchpad 11.8.41.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.41.2 - ELAN Microelectronic Corp.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{44A9B4E1-778E-A65A-474C-7892EB03C399}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.35.2015.0401 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.35.2015.0401 - REALTEK Semiconductor Corp) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7438 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0005 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0005 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5C2187E2-AC40-4E5A-B92E-98E203C3DD92}) (Version: 1.2.15.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.8.6402 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.12.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0052 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.10.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.7.0 - Toshiba Europe GmbH)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AAD2A4-2ABC-4713-9C0B-A4A11962D92F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {04EDBD35-E0CB-43E2-9290-149A145B139A} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {1B3827E7-F378-4AB3-AE8E-3D143DAF375A} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-11-24] (Toshiba Europe GmbH)
Task: {21748A8D-BDFC-4B8A-80D0-627D64555A8F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {3668EF61-59D7-4C28-BF4E-0CD2458D280C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3D45B354-2C28-4179-AA48-71EB31D6E5D2} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-17] (McAfee, Inc.)
Task: {3EE4D5CD-C2C8-4B14-9FEC-B635911BAABB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {4CC6F73C-7E5B-4C47-A5EE-425650C1194D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {53660912-F046-48F3-9017-951C006BD22B} - System32\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {58C546C5-75C5-4570-A4C5-5DB320D15ADE} - \{050B0A47-090E-0509-7811-7F050A7E110D} -> No File <==== ATTENTION
Task: {5F009F54-EA0F-47E6-ABBA-5EB7E90B40BE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-01-22] (Realtek Semiconductor)
Task: {76FA8071-F2A7-4298-AEEB-405B5560D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {7872FCD3-C4A6-4807-80FC-03D48DB6C35F} - no filepath
Task: {8C7DAA11-4D41-4A8F-A98B-5564EA2FB25C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {9BF699F6-F6BA-428C-BA21-377F8DD6CA5A} - no filepath
Task: {A98F1B24-4742-46CF-BD18-0D854035C0C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AA3F3F52-596B-4020-917A-A7E00A3692C0} - \{780E7847-7A04-7E05-0E11-0E057A7E110D} -> No File <==== ATTENTION
Task: {AB0C17D8-559D-49DE-A52E-35348F68A0F6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {B430654E-1D5A-4B8E-920B-F1B68B2A56CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {B6340CC2-CD27-4786-BA59-02CC8170E165} - \Seventh -> No File <==== ATTENTION
Task: {B77FED3E-D802-4E98-ACBA-B1E62DFD5804} - \Genius -> No File <==== ATTENTION
Task: {CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE} - \Genius_Interval -> No File <==== ATTENTION
Task: {D7002724-3A49-4FD5-865A-3D47C6171C5C} - System32\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {DE5A41E1-CD8B-4A83-ACCF-D9AC51D45B4E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {E69FCC7E-11E5-4EE5-A4A5-6EAD998D2B99} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {E8439BEA-386D-486B-8EC4-0BDC1EEA049C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ED4972B3-0F6F-45AA-9FBB-5D47195C102C} - \Sixth -> No File <==== ATTENTION
Task: {EDC834CB-190F-46E4-A0BF-90B0FDC118CA} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-03-24] ()
Task: {FBF45CFD-A33A-460D-8C4D-8D3AC92E8308} - System32\Tasks\Magboffe => C:\PROGRA~1\LETOIH~1\Resrad.bat

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {A914118D-C8B4-43B3-932B-6598A448DFCA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{A914118D-C8B4-43B3-932B-6598A448DFCA} /F:UpdateWORKGROUP\WORK_LAPTOP$ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-18 18:31 - 2015-03-18 18:31 - 00108248 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
2015-04-28 20:30 - 2015-04-28 20:30 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-03-19 09:46 - 2016-03-19 09:46 - 01623040 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
2015-12-17 14:37 - 2015-12-17 14:37 - 00016384 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.CurseClient.WowDb.dll
2015-12-17 14:37 - 2015-12-17 14:36 - 00035840 _____ () C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\Curse.Advertising.dll
2016-03-19 09:46 - 2016-03-19 09:46 - 00783360 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_hashlib.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00047104 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_socket.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00053760 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_bz2.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 01861120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtCore.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00075264 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\sip.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00137216 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_lzma.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 02002944 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtGui.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 04101120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtWidgets.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00039424 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\psutil._psutil_windows.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00084992 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_ctypes.pyd
2016-03-19 09:46 - 2016-03-19 09:46 - 00758784 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\unicodedata.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-20 02:24 - 2016-02-23 19:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-12 10:20 - 2016-02-23 19:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-12 10:20 - 2016-02-23 19:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-20 02:24 - 2016-02-23 19:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-20 02:24 - 2016-02-23 19:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-12 10:20 - 2016-02-23 19:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-20 02:24 - 2016-02-23 19:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-20 02:24 - 2016-02-23 19:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-12 10:20 - 2016-02-23 19:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 10:20 - 2016-03-12 01:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-20 02:24 - 2016-03-12 01:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-12 10:20 - 2016-02-23 19:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-20 02:24 - 2016-02-23 19:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-20 02:24 - 2016-02-23 19:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-12 10:20 - 2016-03-12 01:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-20 02:24 - 2016-03-12 01:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-14 00:13 - 2016-02-23 19:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> amazon.co.uk
IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-30525436-3099372120-3077259939-1001\...\amazon.co.uk -> amazon.co.uk

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-04-06 09:08 - 00001177 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 403 - Forbidden: Access is denied.
127.0.0.1 403 - ????: ??????
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 403 - Forbidden: Access is denied.
127.0.0.1 403 - ????: ??????
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-30525436-3099372120-3077259939-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3508B7B4-CC0A-4AC1-B311-3E692FF9BBD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{BA4D0AD8-14C1-4BD8-A469-04254DAE07AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2676D1AA-F4EB-4E36-B691-8C9E0E859D60}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8381C3F8-5895-49E4-9C37-300BD0A7C682}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4C479A4A-B639-4306-B687-2C6145C1442E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8AD4B2A5-5E0B-4AEA-8B15-5812D3E14653}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7638218F-D058-4A09-B1FF-81F91DA3104D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{028E03C1-075B-48BD-9A3B-DF0B0FD09012}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F155AAA-0362-48DA-9955-1529354BED36}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAD0B7ED-D3D5-4BEF-9036-567E31F96DB4}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B728EBB-16A0-4535-A773-4B73C2A17EBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF57C866-4208-476F-933E-574E7119BEBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08314B54-0EDB-4943-9EC3-F4B68C7C6D3A}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52AAF94B-31CE-4684-B444-95EFDBCB7F77}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{19A084C7-7EC5-453E-B227-A1BF08E51723}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C2409380-7405-49C0-B20C-AC8CCEDCE53F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B593DD88-9E2C-40A2-BC22-6DB2B451E77F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C43680AA-49C4-4309-880B-6AB23C963303}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{CF78131B-9F3F-44B5-A0E6-05EA67141B05}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{E5E4231E-B480-4A98-A3BB-5A8445129D44}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{237207EE-96F1-4355-A1C5-A5C0DB6A9C5E}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4F301753-1F88-4B16-B039-D8C512407367}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{412FC608-9341-4BE2-92FA-1C90A509879C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{72D839ED-23FF-4426-9733-92CD07D8C0C7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE6C248C-4E47-433F-9BD1-B19F6862CED4}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6265EA47-485E-436B-9BAD-7C62E255FE18}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{42C51F92-6241-4DC7-A79A-10E0048C5D33}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0EABE452-3500-4268-85C2-51DE6902E0DB}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{A178C2F2-3504-4B55-A9D5-7AD6DA38D922}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{35544114-402A-4492-9AFF-2C48070D58C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CF16929-8C99-4E38-8B5C-EB720A30FE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F560D8E-D239-4773-BC3A-2B6BCCD66FAF}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{B06AF5A0-8467-434F-800F-1AC2812FC9CC}] => (Allow) C:\Users\Edan\AppData\Local\Apps\2.0\7KHN6HNG.Q9E\AKJ1BG30.BK5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe

==================== Restore Points =========================

01-04-2016 13:49:50 End of disinfection
07-04-2016 10:57:03 Removed Google Earth
08-04-2016 19:15:12 Removed Microsoft Office Professional Plus 2010

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2016 02:36:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d7c

Start Time: 01d1917cc4b8d1b3

Termination Time: 58

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: dbc028c9-fd8e-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/08/2016 10:55:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d4c

Start Time: 01d1917cc1978689

Termination Time: 50

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 13899573-fd70-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/08/2016 10:55:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a68

Start Time: 01d1916da3092a92

Termination Time: 17

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: fc1a3ab3-fd6f-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 08:38:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19a0

Start Time: 01d19104d4e96adf

Termination Time: 36

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 51465a73-fcf8-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 02:25:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d0c

Start Time: 01d190d0d16bdbd4

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 24db47e2-fcc4-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 02:24:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14cc

Start Time: 01d190123ffdc9ea

Termination Time: 78

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 0bb21d21-fcc4-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:27:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19e8

Start Time: 01d190b7ef6d7eb6

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 43f4cf1b-fcab-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:22:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd8

Start Time: 01d190b74b16d845

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 958d1f5e-fcaa-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:21:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1628

Start Time: 01d190b73f5cd3b5

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 85074428-fcaa-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:

Error: (04/07/2016 11:10:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ac4

Start Time: 01d18fe5b9b10ea3

Termination Time: 125

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: f919d492-fca8-11e5-8274-5c93a28d35ed

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/08/2016 07:30:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QUPbNnW service failed to start due to the following error:
%%2

Error: (04/08/2016 07:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mondihto service failed to start due to the following error:
%%2

Error: (04/08/2016 07:30:36 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

Error: (04/08/2016 07:30:36 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.

Error: (04/08/2016 07:30:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (04/08/2016 10:55:39 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/08/2016 10:55:38 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (04/08/2016 09:13:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (04/07/2016 12:44:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (04/07/2016 09:13:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1


==================== Memory info ===========================

Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 24%
Total physical RAM: 7641.24 MB
Available physical RAM: 5751.45 MB
Total Virtual: 11481.24 MB
Available Virtual: 9376.5 MB

==================== Drives ================================

Drive c: (TI31475500A) (Fixed) (Total:919.66 GB) (Free:830.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
And finally the RGSA Scan:


Result of Security Analysis by Rocket Grannie (x86) version: 28th March 2016
Running from:C:\Users\Edan\Desktop\Malware Removal Tools (19:45:06 - 04/08/2016)
***---------------------------------------------------------***
Microsoft Windows 8.1 X64
UAC is *Disabled*
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
McAfee Anti-Virus and Anti-Spyware 335872 up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
McAfee Firewall
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 21.0.0.213)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox (version 45)

***----------------Analysis Complete-------------------------***

I really hope you can help with this. Thanks in advance.
 
Thank you, eparvus.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
S2 Mondihto; "C:\Users\Edan\AppData\Roaming\ZiiuhfBeo\Jicijo.exe" -cms [X]
S2 QUPbNnW; "C:\ProgramData\ovZBGLfaJri\QUPbNnW.exe" [X]
C:\Users\Edan\AppData\Roaming\ZiiuhfBeo
C:\ProgramData\ovZBGLfaJri
2016-04-01 10:57 - 2016-04-01 10:57 - 00000000 ____D C:\Windows\system32\tont
2016-04-01 10:55 - 2016-04-01 10:55 - 00000000 ____D C:\ProgramData\Konksolexs
2016-04-01 10:54 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files\ktip
2016-04-01 10:54 - 2016-04-01 10:54 - 06504960 _____ C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 00018432 _____ C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:51 - 2016-04-01 10:54 - 00282834 _____ C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 00127488 _____ C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:51 - 2016-04-01 10:51 - 00003336 _____ C:\Windows\System32\Tasks\Magboffe
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Huudijei
2016-04-01 12:47 - 2015-12-13 19:38 - 00002631 _____ C:\Users\Edan\Desktop\µTorrent.lnk
2015-06-30 03:16 - 2015-06-30 03:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {3668EF61-59D7-4C28-BF4E-0CD2458D280C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {58C546C5-75C5-4570-A4C5-5DB320D15ADE} - \{050B0A47-090E-0509-7811-7F050A7E110D} -> No File <==== ATTENTION
Task: {AA3F3F52-596B-4020-917A-A7E00A3692C0} - \{780E7847-7A04-7E05-0E11-0E057A7E110D} -> No File <==== ATTENTION
Task: {B6340CC2-CD27-4786-BA59-02CC8170E165} - \Seventh -> No File <==== ATTENTION
Task: {B77FED3E-D802-4E98-ACBA-B1E62DFD5804} - \Genius -> No File <==== ATTENTION
Task: {CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE} - \Genius_Interval -> No File <==== ATTENTION
Task: {ED4972B3-0F6F-45AA-9FBB-5D47195C102C} - \Sixth -> No File <==== ATTENTION
FirewallRules: [{028E03C1-075B-48BD-9A3B-DF0B0FD09012}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F155AAA-0362-48DA-9955-1529354BED36}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAD0B7ED-D3D5-4BEF-9036-567E31F96DB4}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B728EBB-16A0-4535-A773-4B73C2A17EBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF57C866-4208-476F-933E-574E7119BEBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08314B54-0EDB-4943-9EC3-F4B68C7C6D3A}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Edan\AppData\Roaming\uTorrent
FirewallRules: [{237207EE-96F1-4355-A1C5-A5C0DB6A9C5E}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4F301753-1F88-4B16-B039-D8C512407367}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{412FC608-9341-4BE2-92FA-1C90A509879C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{72D839ED-23FF-4426-9733-92CD07D8C0C7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE6C248C-4E47-433F-9BD1-B19F6862CED4}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6265EA47-485E-436B-9BAD-7C62E255FE18}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{42C51F92-6241-4DC7-A79A-10E0048C5D33}] => (Allow) C:\Program Files\NewExt\jsinjector.exe 
C:\Program Files\NewExt
Hosts:
EmptyTemp:
end

Please follow the instructions below to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
    • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
    • Click the green ESET Online Scanner box.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Eset Smart Installer icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
 
Hi Corrine

Please do excuse my ignorance but the file I had to put into notepad, what exactly am I supposed to do with it. Let me explain, I have windows 8.1 so instead of going start>program files>accessories.notepad, I just opened notepad by using the windows key and search. Once I had this script cut and pasted into notepad , what then?

As for the ESTScan please see below for the results;

C:\Program Files (x86)\QuickSearch\ZDDLL.dll a variant of Win32/Packed.Komodia.E suspicious application cleaned by deleting
C:\Program Files (x86)\QuickSearch\ZDDLL64.dll a variant of Win64/Packed.Komodia.F suspicious application cleaned by deleting
C:\Program Files (x86)\QuickSearch\ZDDLL64.exe a variant of Win64/Packed.Komodia.D suspicious application cleaned by deleting
C:\Program Files (x86)\SystemHealer\SystemHealer.exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application cleaned by deleting
C:\Users\Edan\AppData\Local\Temp\in7EAD48DF\6A260728_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
C:\Windows\Installer\b4524.msi a variant of Win32/Systweak.L potentially unwanted application deleted

Thanks for the help so far, and once again please forgive my ignorance :)
 
Oops! I somehow managed to place the ESET instructions over the instructions for FRST! It was one of those days. I'm so sorry for the confusion.

Please do the following after copy/pasting the entire contents of the code box above into Notepad.
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
 
Afternoon Corrine

No Problem, as I say its all par for the course with me as I would not have known anyway, here I stupidly sit with that text doc open running all my scans thinking its actually helping:huh:

Please see below for the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Edan (2016-04-09 16:39:45) Run:1
Running from C:\Users\Edan\Desktop\Malware Removal Tools
Loaded Profiles: Edan (Available Profiles: Edan)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
S2 Mondihto; "C:\Users\Edan\AppData\Roaming\ZiiuhfBeo\Jicijo.exe" -cms [X]
S2 QUPbNnW; "C:\ProgramData\ovZBGLfaJri\QUPbNnW.exe" [X]
C:\Users\Edan\AppData\Roaming\ZiiuhfBeo
C:\ProgramData\ovZBGLfaJri
2016-04-01 10:57 - 2016-04-01 10:57 - 00000000 ____D C:\Windows\system32\tont
2016-04-01 10:55 - 2016-04-01 10:55 - 00000000 ____D C:\ProgramData\Konksolexs
2016-04-01 10:54 - 2016-04-01 11:34 - 00000000 ____D C:\Program Files\ktip
2016-04-01 10:54 - 2016-04-01 10:54 - 06504960 _____ C:\Users\Edan\AppData\Roaming\agent.dat
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\PhysMattam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 01626416 _____ C:\Users\Edan\AppData\Roaming\Geobam.tst
2016-04-01 10:54 - 2016-04-01 10:54 - 00018432 _____ C:\Users\Edan\AppData\Roaming\Main.dat
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Suntonflex.tst
2016-04-01 10:53 - 2016-04-01 10:53 - 00072699 _____ C:\Users\Edan\AppData\Roaming\Lamzootrax.tst
2016-04-01 10:51 - 2016-04-01 10:54 - 00282834 _____ C:\Users\Edan\AppData\Roaming\inst.lat
2016-04-01 10:51 - 2016-04-01 10:51 - 00127488 _____ C:\Users\Edan\AppData\Roaming\Installer.dat
2016-04-01 10:51 - 2016-04-01 10:51 - 00003336 _____ C:\Windows\System32\Tasks\Magboffe
2016-04-01 10:50 - 2016-04-01 12:44 - 00000000 ____D C:\Users\Edan\AppData\Roaming\Huudijei
2016-04-01 12:47 - 2015-12-13 19:38 - 00002631 _____ C:\Users\Edan\Desktop\µTorrent.lnk
2015-06-30 03:16 - 2015-06-30 03:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {3668EF61-59D7-4C28-BF4E-0CD2458D280C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {58C546C5-75C5-4570-A4C5-5DB320D15ADE} - \{050B0A47-090E-0509-7811-7F050A7E110D} -> No File <==== ATTENTION
Task: {AA3F3F52-596B-4020-917A-A7E00A3692C0} - \{780E7847-7A04-7E05-0E11-0E057A7E110D} -> No File <==== ATTENTION
Task: {B6340CC2-CD27-4786-BA59-02CC8170E165} - \Seventh -> No File <==== ATTENTION
Task: {B77FED3E-D802-4E98-ACBA-B1E62DFD5804} - \Genius -> No File <==== ATTENTION
Task: {CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE} - \Genius_Interval -> No File <==== ATTENTION
Task: {ED4972B3-0F6F-45AA-9FBB-5D47195C102C} - \Sixth -> No File <==== ATTENTION
FirewallRules: [{028E03C1-075B-48BD-9A3B-DF0B0FD09012}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F155AAA-0362-48DA-9955-1529354BED36}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAD0B7ED-D3D5-4BEF-9036-567E31F96DB4}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B728EBB-16A0-4535-A773-4B73C2A17EBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF57C866-4208-476F-933E-574E7119BEBC}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08314B54-0EDB-4943-9EC3-F4B68C7C6D3A}] => (Allow) C:\Users\Edan\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Edan\AppData\Roaming\uTorrent
FirewallRules: [{237207EE-96F1-4355-A1C5-A5C0DB6A9C5E}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4F301753-1F88-4B16-B039-D8C512407367}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{412FC608-9341-4BE2-92FA-1C90A509879C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{72D839ED-23FF-4426-9733-92CD07D8C0C7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{CE6C248C-4E47-433F-9BD1-B19F6862CED4}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{6265EA47-485E-436B-9BAD-7C62E255FE18}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{42C51F92-6241-4DC7-A79A-10E0048C5D33}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
C:\Program Files\NewExt
Hosts:
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
Mondihto => service removed successfully
QUPbNnW => service removed successfully
"C:\Users\Edan\AppData\Roaming\ZiiuhfBeo" => not found.
C:\ProgramData\ovZBGLfaJri => moved successfully
C:\Windows\system32\tont => moved successfully
C:\ProgramData\Konksolexs => moved successfully
C:\Program Files\ktip => moved successfully
C:\Users\Edan\AppData\Roaming\agent.dat => moved successfully
C:\Users\Edan\AppData\Roaming\PhysMattam.tst => moved successfully
C:\Users\Edan\AppData\Roaming\Geobam.tst => moved successfully
C:\Users\Edan\AppData\Roaming\Main.dat => moved successfully
C:\Users\Edan\AppData\Roaming\Suntonflex.tst => moved successfully
C:\Users\Edan\AppData\Roaming\Lamzootrax.tst => moved successfully
C:\Users\Edan\AppData\Roaming\inst.lat => moved successfully
C:\Users\Edan\AppData\Roaming\Installer.dat => moved successfully
C:\Windows\System32\Tasks\Magboffe => moved successfully
C:\Users\Edan\AppData\Roaming\Huudijei => moved successfully
C:\Users\Edan\Desktop\µTorrent.lnk => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3668EF61-59D7-4C28-BF4E-0CD2458D280C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3668EF61-59D7-4C28-BF4E-0CD2458D280C}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"C:\Windows\AutoKMS\AutoKMS.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58C546C5-75C5-4570-A4C5-5DB320D15ADE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58C546C5-75C5-4570-A4C5-5DB320D15ADE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{050B0A47-090E-0509-7811-7F050A7E110D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA3F3F52-596B-4020-917A-A7E00A3692C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA3F3F52-596B-4020-917A-A7E00A3692C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780E7847-7A04-7E05-0E11-0E057A7E110D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6340CC2-CD27-4786-BA59-02CC8170E165}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6340CC2-CD27-4786-BA59-02CC8170E165}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Seventh => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B77FED3E-D802-4E98-ACBA-B1E62DFD5804}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B77FED3E-D802-4E98-ACBA-B1E62DFD5804}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Genius => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA327CE4-5C3E-40C6-A6BC-7AAFCBEECFBE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Genius_Interval => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED4972B3-0F6F-45AA-9FBB-5D47195C102C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED4972B3-0F6F-45AA-9FBB-5D47195C102C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{028E03C1-075B-48BD-9A3B-DF0B0FD09012} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F155AAA-0362-48DA-9955-1529354BED36} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAD0B7ED-D3D5-4BEF-9036-567E31F96DB4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B728EBB-16A0-4535-A773-4B73C2A17EBC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF57C866-4208-476F-933E-574E7119BEBC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08314B54-0EDB-4943-9EC3-F4B68C7C6D3A} => value removed successfully
"C:\Users\Edan\AppData\Roaming\uTorrent" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{237207EE-96F1-4355-A1C5-A5C0DB6A9C5E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F301753-1F88-4B16-B039-D8C512407367} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{412FC608-9341-4BE2-92FA-1C90A509879C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72D839ED-23FF-4426-9733-92CD07D8C0C7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE6C248C-4E47-433F-9BD1-B19F6862CED4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6265EA47-485E-436B-9BAD-7C62E255FE18} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42C51F92-6241-4DC7-A79A-10E0048C5D33} => value removed successfully
"C:\Program Files\NewExt" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.7 GB temporary data Removed.

The system needed a reboot.
==== End of Fixlog 16:46:47 ====


look forward to hearing from you soon.

eparvus
 
So far so good, I will give it a few days and let you know if they still occur. Thanks
 
Hi Corrine

yes I'm still having some issues, one for example is the ieframe.dll error below is an example;
res://ieframe.dll/acr_error.htm#

The other is I'm still having issues of not being able to open some applications from the taskbar once they have been minimized, not sure if you are able to help with any of that. I ran a scan with malwarebytes after starting up my laptop and nothing was found;

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/04/2016
Scan Time: 17:13
Logfile: Malwarebytes Scan 10.04.2016.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.04.10.04
Rootkit Database: v2016.04.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Edan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349765
Time Elapsed: 17 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)


hopefully you can help.
 
Hi Corrine

Ok I seem to still be having issues with my internet and the actions of windows open on my screen an task bar.
1. Sometimes when I have my browser open I get a not responding error. (this happens quite often, generally waiting a short time or a few windows refreshes and it starts working again.)
2. Certain programs when opened can't minimise, in particular IE.
3. Certain programs can not be opened by their taskbar icons even though they are already running.

I ensured my windows was updated this morning and ran an sfc/scannow, I have attached the log for you to view. It did find corrupt files that it has been unable to repair. Please could you walk me through how to fix this please. Thanks in advance.

sfcdetails.txt:

2016-04-11 11:36:26, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:26, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:29, Info CSI 0000000c [SR] Verify complete
2016-04-11 11:36:29, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:29, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:32, Info CSI 0000000f [SR] Verify complete
2016-04-11 11:36:32, Info CSI 00000010 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:32, Info CSI 00000011 [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:35, Info CSI 00000012 [SR] Verify complete
2016-04-11 11:36:35, Info CSI 00000013 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:35, Info CSI 00000014 [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:38, Info CSI 00000015 [SR] Verify complete
2016-04-11 11:36:39, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:39, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:42, Info CSI 00000018 [SR] Verify complete
2016-04-11 11:36:42, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:42, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:48, Info CSI 0000001b [SR] Verify complete
2016-04-11 11:36:48, Info CSI 0000001c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:48, Info CSI 0000001d [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:54, Info CSI 0000001e [SR] Verify complete
2016-04-11 11:36:54, Info CSI 0000001f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:54, Info CSI 00000020 [SR] Beginning Verify and Repair transaction
2016-04-11 11:36:58, Info CSI 00000021 [SR] Verify complete
2016-04-11 11:36:58, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:36:58, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:01, Info CSI 00000024 [SR] Verify complete
2016-04-11 11:37:02, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:02, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:05, Info CSI 00000027 [SR] Verify complete
2016-04-11 11:37:05, Info CSI 00000028 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:05, Info CSI 00000029 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:08, Info CSI 0000002a [SR] Verify complete
2016-04-11 11:37:08, Info CSI 0000002b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:08, Info CSI 0000002c [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:11, Info CSI 0000002d [SR] Verify complete
2016-04-11 11:37:11, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:11, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:14, Info CSI 00000030 [SR] Verify complete
2016-04-11 11:37:15, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:15, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:17, Info CSI 00000033 [SR] Verify complete
2016-04-11 11:37:17, Info CSI 00000034 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:17, Info CSI 00000035 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:21, Info CSI 00000036 [SR] Verify complete
2016-04-11 11:37:21, Info CSI 00000037 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:21, Info CSI 00000038 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:24, Info CSI 00000039 [SR] Verify complete
2016-04-11 11:37:24, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:24, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:27, Info CSI 0000003c [SR] Verify complete
2016-04-11 11:37:27, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:27, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:30, Info CSI 0000003f [SR] Verify complete
2016-04-11 11:37:30, Info CSI 00000040 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:30, Info CSI 00000041 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:33, Info CSI 00000042 [SR] Verify complete
2016-04-11 11:37:33, Info CSI 00000043 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:33, Info CSI 00000044 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:36, Info CSI 00000045 [SR] Verify complete
2016-04-11 11:37:36, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:36, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:39, Info CSI 00000048 [SR] Verify complete
2016-04-11 11:37:39, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:39, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:42, Info CSI 0000004b [SR] Verify complete
2016-04-11 11:37:42, Info CSI 0000004c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:42, Info CSI 0000004d [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:45, Info CSI 0000004e [SR] Verify complete
2016-04-11 11:37:46, Info CSI 0000004f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:46, Info CSI 00000050 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:49, Info CSI 00000051 [SR] Verify complete
2016-04-11 11:37:49, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:49, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:52, Info CSI 00000054 [SR] Verify complete
2016-04-11 11:37:52, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:52, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2016-04-11 11:37:56, Info CSI 00000057 [SR] Verify complete
2016-04-11 11:37:56, Info CSI 00000058 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:37:56, Info CSI 00000059 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:01, Info CSI 0000005a [SR] Verify complete
2016-04-11 11:38:01, Info CSI 0000005b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:01, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:04, Info CSI 0000005d [SR] Verify complete
2016-04-11 11:38:04, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:04, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:07, Info CSI 00000060 [SR] Verify complete
2016-04-11 11:38:08, Info CSI 00000061 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:08, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:12, Info CSI 00000063 [SR] Verify complete
2016-04-11 11:38:12, Info CSI 00000064 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:12, Info CSI 00000065 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:15, Info CSI 00000066 [SR] Verify complete
2016-04-11 11:38:15, Info CSI 00000067 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:15, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:19, Info CSI 00000069 [SR] Verify complete
2016-04-11 11:38:19, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:19, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:22, Info CSI 0000006c [SR] Verify complete
2016-04-11 11:38:22, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:22, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:25, Info CSI 0000006f [SR] Verify complete
2016-04-11 11:38:25, Info CSI 00000070 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:25, Info CSI 00000071 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:28, Info CSI 00000072 [SR] Verify complete
2016-04-11 11:38:28, Info CSI 00000073 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:28, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:31, Info CSI 00000075 [SR] Verify complete
2016-04-11 11:38:32, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:32, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:35, Info CSI 00000078 [SR] Verify complete
2016-04-11 11:38:35, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:35, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:38, Info CSI 0000007b [SR] Verify complete
2016-04-11 11:38:38, Info CSI 0000007c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:38, Info CSI 0000007d [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:41, Info CSI 0000007e [SR] Verify complete
2016-04-11 11:38:41, Info CSI 0000007f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:41, Info CSI 00000080 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:44, Info CSI 00000081 [SR] Verify complete
2016-04-11 11:38:45, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:45, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:48, Info CSI 00000084 [SR] Verify complete
2016-04-11 11:38:48, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:48, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:51, Info CSI 00000087 [SR] Verify complete
2016-04-11 11:38:51, Info CSI 00000088 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:51, Info CSI 00000089 [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:54, Info CSI 0000008a [SR] Verify complete
2016-04-11 11:38:54, Info CSI 0000008b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:54, Info CSI 0000008c [SR] Beginning Verify and Repair transaction
2016-04-11 11:38:57, Info CSI 0000008d [SR] Verify complete
2016-04-11 11:38:57, Info CSI 0000008e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:38:57, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:00, Info CSI 00000090 [SR] Verify complete
2016-04-11 11:39:00, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:00, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:03, Info CSI 00000093 [SR] Verify complete
2016-04-11 11:39:03, Info CSI 00000094 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:03, Info CSI 00000095 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:07, Info CSI 00000096 [SR] Verify complete
2016-04-11 11:39:07, Info CSI 00000097 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:07, Info CSI 00000098 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:10, Info CSI 00000099 [SR] Verify complete
2016-04-11 11:39:10, Info CSI 0000009a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:10, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:13, Info CSI 0000009c [SR] Verify complete
2016-04-11 11:39:13, Info CSI 0000009d [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:13, Info CSI 0000009e [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:16, Info CSI 0000009f [SR] Verify complete
2016-04-11 11:39:17, Info CSI 000000a0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:17, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:20, Info CSI 000000a2 [SR] Verify complete
2016-04-11 11:39:20, Info CSI 000000a3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:20, Info CSI 000000a4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:24, Info CSI 000000a6 [SR] Verify complete
2016-04-11 11:39:24, Info CSI 000000a7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:24, Info CSI 000000a8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:28, Info CSI 000000a9 [SR] Verify complete
2016-04-11 11:39:28, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:28, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:31, Info CSI 000000ac [SR] Verify complete
2016-04-11 11:39:31, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:31, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:34, Info CSI 000000af [SR] Verify complete
2016-04-11 11:39:34, Info CSI 000000b0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:34, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:37, Info CSI 000000b2 [SR] Verify complete
2016-04-11 11:39:38, Info CSI 000000b3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:38, Info CSI 000000b4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:41, Info CSI 000000b5 [SR] Verify complete
2016-04-11 11:39:41, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:41, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:44, Info CSI 000000b8 [SR] Verify complete
2016-04-11 11:39:44, Info CSI 000000b9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:44, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:48, Info CSI 000000bb [SR] Verify complete
2016-04-11 11:39:48, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:48, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:51, Info CSI 000000be [SR] Verify complete
2016-04-11 11:39:51, Info CSI 000000bf [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:51, Info CSI 000000c0 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:54, Info CSI 000000c1 [SR] Verify complete
2016-04-11 11:39:54, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:54, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2016-04-11 11:39:57, Info CSI 000000c4 [SR] Verify complete
2016-04-11 11:39:57, Info CSI 000000c5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:39:57, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:01, Info CSI 000000c7 [SR] Verify complete
2016-04-11 11:40:01, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:01, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:04, Info CSI 000000ca [SR] Verify complete
2016-04-11 11:40:04, Info CSI 000000cb [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:04, Info CSI 000000cc [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:07, Info CSI 000000cd [SR] Verify complete
2016-04-11 11:40:07, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:07, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:10, Info CSI 000000d0 [SR] Verify complete
2016-04-11 11:40:10, Info CSI 000000d1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:10, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:13, Info CSI 000000d3 [SR] Verify complete
2016-04-11 11:40:13, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:13, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:16, Info CSI 000000d6 [SR] Verify complete
2016-04-11 11:40:16, Info CSI 000000d7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:16, Info CSI 000000d8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:19, Info CSI 000000d9 [SR] Verify complete
2016-04-11 11:40:19, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:19, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:22, Info CSI 000000dc [SR] Verify complete
2016-04-11 11:40:23, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:23, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:26, Info CSI 000000df [SR] Verify complete
2016-04-11 11:40:26, Info CSI 000000e0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:26, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:29, Info CSI 000000e2 [SR] Verify complete
2016-04-11 11:40:29, Info CSI 000000e3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:29, Info CSI 000000e4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:32, Info CSI 000000e5 [SR] Verify complete
2016-04-11 11:40:32, Info CSI 000000e6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:32, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:35, Info CSI 000000e8 [SR] Verify complete
2016-04-11 11:40:35, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:35, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:38, Info CSI 000000eb [SR] Verify complete
2016-04-11 11:40:39, Info CSI 000000ec [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:39, Info CSI 000000ed [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:39, Info CSI 000000ef [SR] Cannot repair member file [l:32{16}]"Event Viewer.lnk" of EventViewerSettings, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:40:41, Info CSI 000000f1 [SR] Cannot repair member file [l:32{16}]"Event Viewer.lnk" of EventViewerSettings, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:40:41, Info CSI 000000f2 [SR] This component was referenced by [l:164{82}]"Package_752_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2054_neutral_GDR"
2016-04-11 11:40:41, Info CSI 000000f5 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:32{16}]"Event Viewer.lnk"; source file in store is also corrupted
2016-04-11 11:40:42, Info CSI 000000f6 [SR] Verify complete
2016-04-11 11:40:42, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:42, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:45, Info CSI 000000f9 [SR] Verify complete
2016-04-11 11:40:45, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:45, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:49, Info CSI 000000fc [SR] Verify complete
2016-04-11 11:40:49, Info CSI 000000fd [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:49, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:52, Info CSI 000000ff [SR] Verify complete
2016-04-11 11:40:52, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:52, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:55, Info CSI 00000102 [SR] Verify complete
2016-04-11 11:40:55, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:55, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2016-04-11 11:40:59, Info CSI 00000105 [SR] Verify complete
2016-04-11 11:40:59, Info CSI 00000106 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:40:59, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:04, Info CSI 00000108 [SR] Verify complete
2016-04-11 11:41:04, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:04, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:08, Info CSI 0000010b [SR] Verify complete
2016-04-11 11:41:08, Info CSI 0000010c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:08, Info CSI 0000010d [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:12, Info CSI 0000010e [SR] Verify complete
2016-04-11 11:41:12, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:12, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:18, Info CSI 00000129 [SR] Verify complete
2016-04-11 11:41:19, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:19, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:19, Info CSI 0000012d [SR] Cannot repair member file [l:36{18}]"Steps Recorder.lnk" of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:20, Info CSI 0000012f [SR] Cannot repair member file [l:32{16}]"Task Manager.lnk" of Microsoft-Windows-AdvancedTaskManager, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:24, Info CSI 00000135 [SR] Cannot repair member file [l:36{18}]"Steps Recorder.lnk" of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:24, Info CSI 00000136 [SR] This component was referenced by [l:164{82}]"Package_873_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2613_neutral_GDR"
2016-04-11 11:41:24, Info CSI 00000139 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:36{18}]"Steps Recorder.lnk"; source file in store is also corrupted
2016-04-11 11:41:26, Info CSI 0000013c [SR] Cannot repair member file [l:32{16}]"Task Manager.lnk" of Microsoft-Windows-AdvancedTaskManager, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:26, Info CSI 0000013d [SR] This component was referenced by [l:164{82}]"Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2529_neutral_GDR"
2016-04-11 11:41:26, Info CSI 00000140 [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:32{16}]"Task Manager.lnk"; source file in store is also corrupted
2016-04-11 11:41:27, Info CSI 00000142 [SR] Verify complete
2016-04-11 11:41:27, Info CSI 00000143 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:27, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:33, Info CSI 00000148 [SR] Verify complete
2016-04-11 11:41:33, Info CSI 00000149 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:33, Info CSI 0000014a [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:38, Info CSI 00000153 [SR] Verify complete
2016-04-11 11:41:38, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:38, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:44, Info CSI 0000015b [SR] Verify complete
2016-04-11 11:41:44, Info CSI 0000015c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:44, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:50, Info CSI 0000015e [SR] Verify complete
2016-04-11 11:41:50, Info CSI 0000015f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:50, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:51, Info CSI 00000162 [SR] Cannot repair member file [l:44{22}]"Component Services.lnk" of Microsoft-Windows-COM-ComPlus-Admin-CompSvcLink, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:51, Info CSI 00000164 [SR] Cannot repair member file [l:46{23}]"Computer Management.lnk" of Microsoft-Windows-ComputerManagementSnapin, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:52, Info CSI 00000166 [SR] Cannot repair member file [l:28{14}]"Calculator.lnk" of Microsoft-Windows-calc, Version = 6.3.9600.17667, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:53, Info CSI 00000168 [SR] Cannot repair member file [l:46{23}]"Computer Management.lnk" of Microsoft-Windows-ComputerManagementSnapin, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:53, Info CSI 00000169 [SR] This component was referenced by [l:164{82}]"Package_752_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2048_neutral_GDR"
2016-04-11 11:41:53, Info CSI 0000016c [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:46{23}]"Computer Management.lnk"; source file in store is also corrupted
2016-04-11 11:41:54, Info CSI 0000016f [SR] Cannot repair member file [l:28{14}]"Calculator.lnk" of Microsoft-Windows-calc, Version = 6.3.9600.17667, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:54, Info CSI 00000170 [SR] This component was referenced by [l:154{77}]"Package_1_for_KB3024755~31bf3856ad364e35~amd64~~6.3.1.1.3024755-1_neutral_GDR"
2016-04-11 11:41:54, Info CSI 00000173 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:28{14}]"Calculator.lnk"; source file in store is also corrupted
2016-04-11 11:41:55, Info CSI 00000175 [SR] Cannot repair member file [l:44{22}]"Component Services.lnk" of Microsoft-Windows-COM-ComPlus-Admin-CompSvcLink, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:55, Info CSI 00000176 [SR] This component was referenced by [l:326{163}]"Microsoft-Windows-Client-Features-Package-AutoMerged-com~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-com-Deployment"
2016-04-11 11:41:55, Info CSI 00000179 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:44{22}]"Component Services.lnk"; source file in store is also corrupted
2016-04-11 11:41:57, Info CSI 0000017a [SR] Verify complete
2016-04-11 11:41:57, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:41:57, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2016-04-11 11:41:59, Info CSI 0000017e [SR] Cannot repair member file [l:34{17}]"Character Map.lnk" of Microsoft-Windows-charmap, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:41:59, Info CSI 00000180 [SR] Cannot repair member file [l:32{16}]"Disk Cleanup.lnk" of Microsoft-Windows-cleanmgr, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:42:05, Info CSI 00000189 [SR] Cannot repair member file [l:34{17}]"Character Map.lnk" of Microsoft-Windows-charmap, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:42:05, Info CSI 0000018a [SR] This component was referenced by [l:166{83}]"Package_1361_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3943_neutral_GDR"
2016-04-11 11:42:06, Info CSI 0000018d [SR] Could not reproject corrupted file [ml:520{260},l:162{81}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools"\[l:34{17}]"Character Map.lnk"; source file in store is also corrupted
2016-04-11 11:42:09, Info CSI 00000199 [SR] Cannot repair member file [l:32{16}]"Disk Cleanup.lnk" of Microsoft-Windows-cleanmgr, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:42:09, Info CSI 0000019a [SR] This component was referenced by [l:166{83}]"Package_1361_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3942_neutral_GDR"
2016-04-11 11:42:09, Info CSI 0000019d [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:32{16}]"Disk Cleanup.lnk"; source file in store is also corrupted
2016-04-11 11:42:14, Info CSI 000001ac [SR] Verify complete
2016-04-11 11:42:14, Info CSI 000001ad [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:14, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2016-04-11 11:42:27, Info CSI 000001d3 [SR] Verify complete
2016-04-11 11:42:28, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:28, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:42:34, Info CSI 000001dd [SR] Verify complete
2016-04-11 11:42:34, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:34, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2016-04-11 11:42:43, Info CSI 000001e8 [SR] Verify complete
2016-04-11 11:42:43, Info CSI 000001e9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:43, Info CSI 000001ea [SR] Beginning Verify and Repair transaction
2016-04-11 11:42:52, Info CSI 00000201 [SR] Verify complete
2016-04-11 11:42:52, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:52, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2016-04-11 11:42:53, Info CSI 00000205 [SR] Cannot repair member file [l:20{10}]"dfrgui.lnk" of Microsoft-Windows-Defrag-AdminUI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:42:55, Info CSI 00000207 [SR] Cannot repair member file [l:20{10}]"dfrgui.lnk" of Microsoft-Windows-Defrag-AdminUI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:42:55, Info CSI 00000208 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2637_neutral_GDR"
2016-04-11 11:42:55, Info CSI 0000020b [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:20{10}]"dfrgui.lnk"; source file in store is also corrupted
2016-04-11 11:42:58, Info CSI 00000214 [SR] Verify complete
2016-04-11 11:42:58, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:42:58, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2016-04-11 11:43:05, Info CSI 00000217 [SR] Verify complete
2016-04-11 11:43:05, Info CSI 00000218 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:43:05, Info CSI 00000219 [SR] Beginning Verify and Repair transaction
2016-04-11 11:43:12, Info CSI 0000021e [SR] Verify complete
2016-04-11 11:43:12, Info CSI 0000021f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:43:12, Info CSI 00000220 [SR] Beginning Verify and Repair transaction
2016-04-11 11:43:20, Info CSI 0000022f [SR] Verify complete
2016-04-11 11:43:20, Info CSI 00000230 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:43:20, Info CSI 00000231 [SR] Beginning Verify and Repair transaction
2016-04-11 11:43:21, Info CSI 00000233 [SR] Cannot repair member file [l:48{24}]"Windows Fax and Scan.lnk" of Microsoft-Windows-Fax-Client-Applications, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:43:33, Info CSI 00000262 [SR] Cannot repair member file [l:48{24}]"Windows Fax and Scan.lnk" of Microsoft-Windows-Fax-Client-Applications, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:43:33, Info CSI 00000263 [SR] This component was referenced by [l:166{83}]"Package_2188_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6085_neutral_GDR"
2016-04-11 11:43:33, Info CSI 00000266 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:48{24}]"Windows Fax and Scan.lnk"; source file in store is also corrupted
2016-04-11 11:43:34, Info CSI 00000267 [SR] Verify complete
2016-04-11 11:43:35, Info CSI 00000268 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:43:35, Info CSI 00000269 [SR] Beginning Verify and Repair transaction
2016-04-11 11:43:51, Info CSI 0000029f [SR] Verify complete
2016-04-11 11:43:51, Info CSI 000002a0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:43:51, Info CSI 000002a1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:07, Info CSI 000002a3 [SR] Verify complete
2016-04-11 11:44:07, Info CSI 000002a4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:07, Info CSI 000002a5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:13, Info CSI 000002ad [SR] Verify complete
2016-04-11 11:44:13, Info CSI 000002ae [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:13, Info CSI 000002af [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:20, Info CSI 000002bc [SR] Verify complete
2016-04-11 11:44:20, Info CSI 000002bd [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:20, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:29, Info CSI 000002d6 [SR] Verify complete
2016-04-11 11:44:30, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:30, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:33, Info CSI 000002d9 [SR] Verify complete
2016-04-11 11:44:33, Info CSI 000002da [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:33, Info CSI 000002db [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:37, Info CSI 000002dc [SR] Verify complete
2016-04-11 11:44:37, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:37, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:42, Info CSI 000002ea [SR] Verify complete
2016-04-11 11:44:43, Info CSI 000002eb [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:43, Info CSI 000002ec [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:51, Info CSI 00000361 [SR] Verify complete
2016-04-11 11:44:51, Info CSI 00000362 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:44:51, Info CSI 00000363 [SR] Beginning Verify and Repair transaction
2016-04-11 11:44:59, Info CSI 00000368 [SR] Verify complete
2016-04-11 11:45:00, Info CSI 00000369 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:45:00, Info CSI 0000036a [SR] Beginning Verify and Repair transaction
2016-04-11 11:45:04, Info CSI 0000036c [SR] Cannot repair member file [l:38{19}]"iSCSI Initiator.lnk" of Microsoft-Windows-iSCSI_Initiator_UI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:45:05, Info CSI 00000371 [SR] Cannot repair member file [l:38{19}]"iSCSI Initiator.lnk" of Microsoft-Windows-iSCSI_Initiator_UI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:45:05, Info CSI 00000372 [SR] This component was referenced by [l:164{82}]"Package_941_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2791_neutral_GDR"
2016-04-11 11:45:05, Info CSI 00000375 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:38{19}]"iSCSI Initiator.lnk"; source file in store is also corrupted
2016-04-11 11:45:09, Info CSI 00000385 [SR] Verify complete
2016-04-11 11:45:09, Info CSI 00000386 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:45:09, Info CSI 00000387 [SR] Beginning Verify and Repair transaction
2016-04-11 11:45:24, Info CSI 00000388 [SR] Verify complete
2016-04-11 11:45:24, Info CSI 00000389 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:45:24, Info CSI 0000038a [SR] Beginning Verify and Repair transaction
2016-04-11 11:45:40, Info CSI 0000038b [SR] Verify complete
2016-04-11 11:45:40, Info CSI 0000038c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:45:40, Info CSI 0000038d [SR] Beginning Verify and Repair transaction
2016-04-11 11:45:41, Info CSI 0000038f [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (64-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:45:43, Info CSI 00000391 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (64-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:45:43, Info CSI 00000392 [SR] This component was referenced by [l:166{83}]"Package_1052_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3082_neutral_GDR"
2016-04-11 11:45:43, Info CSI 00000395 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:60{30}]"ODBC Data Sources (64-bit).lnk"; source file in store is also corrupted
2016-04-11 11:45:51, Info CSI 000003b2 [SR] Verify complete
2016-04-11 11:45:52, Info CSI 000003b3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:45:52, Info CSI 000003b4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:45:52, Info CSI 000003b6 [SR] Cannot repair member file [l:54{27}]"Memory Diagnostics Tool.lnk" of Microsoft-Windows-Memory-Diagnostic-Schedule, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:02, Info CSI 000003bc [SR] Cannot repair member file [l:54{27}]"Memory Diagnostics Tool.lnk" of Microsoft-Windows-Memory-Diagnostic-Schedule, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:02, Info CSI 000003bd [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2631_neutral_GDR"
2016-04-11 11:46:02, Info CSI 000003c0 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:54{27}]"Memory Diagnostics Tool.lnk"; source file in store is also corrupted
2016-04-11 11:46:03, Info CSI 000003c7 [SR] Verify complete
2016-04-11 11:46:03, Info CSI 000003c8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:03, Info CSI 000003c9 [SR] Beginning Verify and Repair transaction
2016-04-11 11:46:04, Info CSI 000003cb [SR] Cannot repair member file [l:50{25}]"Windows Easy Transfer.lnk" of Microsoft-Windows-MigrationWizardApplication, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:08, Info CSI 000003cd [SR] Cannot repair member file [l:50{25}]"Windows Easy Transfer.lnk" of Microsoft-Windows-MigrationWizardApplication, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:08, Info CSI 000003ce [SR] This component was referenced by [l:164{82}]"Package_844_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2333_neutral_GDR"
2016-04-11 11:46:08, Info CSI 000003d1 [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:50{25}]"Windows Easy Transfer.lnk"; source file in store is also corrupted
2016-04-11 11:46:10, Info CSI 000003d2 [SR] Verify complete
2016-04-11 11:46:10, Info CSI 000003d3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:10, Info CSI 000003d4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:46:14, Info CSI 000003d6 [SR] Cannot repair member file [l:48{24}]"Windows Media Player.lnk" of Microsoft-Windows-MediaPlayer-Shortcut, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:17, Info CSI 000003d8 [SR] Cannot repair member file [l:48{24}]"Windows Media Player.lnk" of Microsoft-Windows-MediaPlayer-Shortcut, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:17, Info CSI 000003d9 [SR] This component was referenced by [l:190{95}]"Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.WindowsMediaPlayer"
2016-04-11 11:46:17, Info CSI 000003dc [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:48{24}]"Windows Media Player.lnk"; source file in store is also corrupted
2016-04-11 11:46:24, Info CSI 000003e4 [SR] Verify complete
2016-04-11 11:46:24, Info CSI 000003e5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:24, Info CSI 000003e6 [SR] Beginning Verify and Repair transaction
2016-04-11 11:46:42, Info CSI 00000405 [SR] Verify complete
2016-04-11 11:46:42, Info CSI 00000406 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:42, Info CSI 00000407 [SR] Beginning Verify and Repair transaction
2016-04-11 11:46:42, Info CSI 00000409 [SR] Cannot repair member file [l:48{24}]"System Configuration.lnk" of Microsoft-Windows-MsConfig-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:43, Info CSI 0000040b [SR] Cannot repair member file [l:44{22}]"System Information.lnk" of Microsoft-Windows-MSInfo32-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:43, Info CSI 0000040d [SR] Cannot repair member file [l:18{9}]"Paint.lnk" of Microsoft-Windows-mspaint, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:46, Info CSI 0000040f [SR] Cannot repair member file [l:48{24}]"System Configuration.lnk" of Microsoft-Windows-MsConfig-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:46, Info CSI 00000410 [SR] This component was referenced by [l:164{82}]"Package_874_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2621_neutral_GDR"
2016-04-11 11:46:46, Info CSI 00000413 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:48{24}]"System Configuration.lnk"; source file in store is also corrupted
2016-04-11 11:46:47, Info CSI 00000419 [SR] Cannot repair member file [l:44{22}]"System Information.lnk" of Microsoft-Windows-MSInfo32-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:47, Info CSI 0000041a [SR] This component was referenced by [l:164{82}]"Package_844_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2332_neutral_GDR"
2016-04-11 11:46:47, Info CSI 0000041d [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:44{22}]"System Information.lnk"; source file in store is also corrupted
2016-04-11 11:46:47, Info CSI 0000041f [SR] Cannot repair member file [l:18{9}]"Paint.lnk" of Microsoft-Windows-mspaint, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:46:47, Info CSI 00000420 [SR] This component was referenced by [l:166{83}]"Package_1365_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4028_neutral_GDR"
2016-04-11 11:46:47, Info CSI 00000423 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:18{9}]"Paint.lnk"; source file in store is also corrupted
2016-04-11 11:46:48, Info CSI 00000424 [SR] Verify complete
2016-04-11 11:46:48, Info CSI 00000425 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:48, Info CSI 00000426 [SR] Beginning Verify and Repair transaction
2016-04-11 11:46:55, Info CSI 0000042a [SR] Verify complete
2016-04-11 11:46:55, Info CSI 0000042b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:46:55, Info CSI 0000042c [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:10, Info CSI 00000437 [SR] Verify complete
2016-04-11 11:47:10, Info CSI 00000438 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:10, Info CSI 00000439 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:18, Info CSI 00000465 [SR] Verify complete
2016-04-11 11:47:18, Info CSI 00000466 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:18, Info CSI 00000467 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:27, Info CSI 00000472 [SR] Verify complete
2016-04-11 11:47:27, Info CSI 00000473 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:27, Info CSI 00000474 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:34, Info CSI 00000486 [SR] Verify complete
2016-04-11 11:47:34, Info CSI 00000487 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:34, Info CSI 00000488 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:38, Info CSI 0000048a [SR] Cannot repair member file [l:40{20}]"Resource Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:38, Info CSI 0000048c [SR] Cannot repair member file [l:46{23}]"Performance Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:41, Info CSI 00000491 [SR] Cannot repair member file [l:40{20}]"Resource Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:41, Info CSI 00000492 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2628_neutral_GDR"
2016-04-11 11:47:41, Info CSI 00000494 [SR] Cannot repair member file [l:46{23}]"Performance Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:41, Info CSI 00000495 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2628_neutral_GDR"
2016-04-11 11:47:41, Info CSI 00000498 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:40{20}]"Resource Monitor.lnk"; source file in store is also corrupted
2016-04-11 11:47:41, Info CSI 0000049b [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:46{23}]"Performance Monitor.lnk"; source file in store is also corrupted
2016-04-11 11:47:42, Info CSI 0000049e [SR] Verify complete
2016-04-11 11:47:42, Info CSI 0000049f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:42, Info CSI 000004a0 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:43, Info CSI 000004a2 [SR] Cannot repair member file [l:52{26}]"Windows PowerShell ISE.lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:43, Info CSI 000004a4 [SR] Cannot repair member file [l:64{32}]"Windows PowerShell ISE (x86).lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:46, Info CSI 000004a9 [SR] Cannot repair member file [l:52{26}]"Windows PowerShell ISE.lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:46, Info CSI 000004aa [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 11:47:46, Info CSI 000004ac [SR] Cannot repair member file [l:64{32}]"Windows PowerShell ISE (x86).lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:47:46, Info CSI 000004ad [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 11:47:46, Info CSI 000004b0 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:52{26}]"Windows PowerShell ISE.lnk"; source file in store is also corrupted
2016-04-11 11:47:46, Info CSI 000004b3 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:64{32}]"Windows PowerShell ISE (x86).lnk"; source file in store is also corrupted
2016-04-11 11:47:50, Info CSI 000004bf [SR] Verify complete
2016-04-11 11:47:51, Info CSI 000004c0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:51, Info CSI 000004c1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:47:57, Info CSI 000004cb [SR] Verify complete
2016-04-11 11:47:57, Info CSI 000004cc [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:47:57, Info CSI 000004cd [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:03, Info CSI 000004ce [SR] Verify complete
2016-04-11 11:48:03, Info CSI 000004cf [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:03, Info CSI 000004d0 [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:09, Info CSI 000004d2 [SR] Verify complete
2016-04-11 11:48:09, Info CSI 000004d3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:09, Info CSI 000004d4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:18, Info CSI 000004e0 [SR] Verify complete
2016-04-11 11:48:18, Info CSI 000004e1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:18, Info CSI 000004e2 [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:25, Info CSI 000004e8 [SR] Verify complete
2016-04-11 11:48:25, Info CSI 000004e9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:25, Info CSI 000004ea [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:31, Info CSI 000004eb [SR] Verify complete
2016-04-11 11:48:31, Info CSI 000004ec [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:31, Info CSI 000004ed [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:44, Info CSI 000004fc [SR] Verify complete
2016-04-11 11:48:44, Info CSI 000004fd [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:44, Info CSI 000004fe [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:51, Info CSI 00000502 [SR] Verify complete
2016-04-11 11:48:51, Info CSI 00000503 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:48:51, Info CSI 00000504 [SR] Beginning Verify and Repair transaction
2016-04-11 11:48:52, Info CSI 00000506 [SR] Cannot repair member file [l:24{12}]"services.lnk" of Microsoft-Windows-ServicesSnapIn, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:48:56, Info CSI 0000050d [SR] Cannot repair member file [l:24{12}]"services.lnk" of Microsoft-Windows-ServicesSnapIn, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:48:56, Info CSI 0000050e [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 11:48:56, Info CSI 00000511 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:24{12}]"services.lnk"; source file in store is also corrupted
2016-04-11 11:48:59, Info CSI 00000518 [SR] Verify complete
2016-04-11 11:49:00, Info CSI 00000519 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:00, Info CSI 0000051a [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:05, Info CSI 0000051c [SR] Cannot repair member file [l:34{17}]"Snipping Tool.lnk" of Microsoft-Windows-SnippingTool-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:10, Info CSI 0000054b [SR] Cannot repair member file [l:34{17}]"Snipping Tool.lnk" of Microsoft-Windows-SnippingTool-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:10, Info CSI 0000054c [SR] This component was referenced by [l:166{83}]"Package_2946_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7137_neutral_GDR"
2016-04-11 11:49:10, Info CSI 0000054f [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:34{17}]"Snipping Tool.lnk"; source file in store is also corrupted
2016-04-11 11:49:10, Info CSI 00000550 [SR] Verify complete
2016-04-11 11:49:11, Info CSI 00000551 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:11, Info CSI 00000552 [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:11, Info CSI 00000554 [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:11, Info CSI 00000556 [SR] Cannot repair member file [l:44{22}]"Speech Recognition.lnk" of Microsoft-Windows-Speech-UserExperience, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:12, Info CSI 00000558 [SR] Cannot repair member file [l:32{16}]"Sticky Notes.lnk" of Microsoft-Windows-StickyNotes-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:14, Info CSI 0000055a [SR] Cannot repair member file [l:40{20}]"Default Programs.lnk" of Microsoft-Windows-sud-link, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:16, Info CSI 0000055c [SR] Cannot repair member file [l:32{16}]"Sticky Notes.lnk" of Microsoft-Windows-StickyNotes-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:16, Info CSI 0000055d [SR] This component was referenced by [l:166{83}]"Package_3033_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7293_neutral_GDR"
2016-04-11 11:49:16, Info CSI 00000560 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:32{16}]"Sticky Notes.lnk"; source file in store is also corrupted
2016-04-11 11:49:16, Info CSI 00000564 [SR] Cannot repair member file [l:44{22}]"Speech Recognition.lnk" of Microsoft-Windows-Speech-UserExperience, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:16, Info CSI 00000565 [SR] This component was referenced by [l:166{83}]"Package_1049_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3060_neutral_GDR"
2016-04-11 11:49:17, Info CSI 00000568 [SR] Could not reproject corrupted file [ml:520{260},l:140{70}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility"\[l:44{22}]"Speech Recognition.lnk"; source file in store is also corrupted
2016-04-11 11:49:18, Info CSI 0000056b [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:18, Info CSI 0000056c [SR] This component was referenced by [l:166{83}]"Package_1133_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3321_neutral_GDR"
2016-04-11 11:49:18, Info CSI 0000056f [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:36{18}]"Sound Recorder.lnk"; source file in store is also corrupted
2016-04-11 11:49:19, Info CSI 00000572 [SR] Cannot repair member file [l:40{20}]"Default Programs.lnk" of Microsoft-Windows-sud-link, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:19, Info CSI 00000573 [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-shell-Deployment"
2016-04-11 11:49:19, Info CSI 00000576 [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:40{20}]"Default Programs.lnk"; source file in store is also corrupted
2016-04-11 11:49:20, Info CSI 00000579 [SR] Verify complete
2016-04-11 11:49:20, Info CSI 0000057a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:20, Info CSI 0000057b [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:24, Info CSI 0000057d [SR] Cannot repair member file [l:40{20}]"Math Input Panel.lnk" of Microsoft-Windows-TabletPC-MathInputPanel, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:27, Info CSI 00000582 [SR] Cannot repair member file [l:40{20}]"Math Input Panel.lnk" of Microsoft-Windows-TabletPC-MathInputPanel, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:27, Info CSI 00000583 [SR] This component was referenced by [l:166{83}]"Package_2947_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7141_neutral_GDR"
2016-04-11 11:49:27, Info CSI 00000586 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:40{20}]"Math Input Panel.lnk"; source file in store is also corrupted
2016-04-11 11:49:28, Info CSI 00000589 [SR] Verify complete
2016-04-11 11:49:28, Info CSI 0000058a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:28, Info CSI 0000058b [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:32, Info CSI 0000058d [SR] Cannot repair member file [l:58{29}]"Remote Desktop Connection.lnk" of Microsoft-Windows-TerminalServices-TerminalServicesClient, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:37, Info CSI 00000590 [SR] Cannot repair member file [l:58{29}]"Remote Desktop Connection.lnk" of Microsoft-Windows-TerminalServices-TerminalServicesClient, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:37, Info CSI 00000591 [SR] This component was referenced by [l:166{83}]"Package_1471_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4215_neutral_GDR"
2016-04-11 11:49:37, Info CSI 00000594 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:58{29}]"Remote Desktop Connection.lnk"; source file in store is also corrupted
2016-04-11 11:49:37, Info CSI 00000595 [SR] Verify complete
2016-04-11 11:49:37, Info CSI 00000596 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:37, Info CSI 00000597 [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:45, Info CSI 00000598 [SR] Verify complete
2016-04-11 11:49:45, Info CSI 00000599 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:45, Info CSI 0000059a [SR] Beginning Verify and Repair transaction
2016-04-11 11:49:46, Info CSI 0000059c [SR] Cannot repair member file [l:38{19}]"Windows Journal.lnk" of Microsoft-Windows-TabletPC-Journal, Version = 6.3.9600.18189, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:53, Info CSI 000005a3 [SR] Cannot repair member file [l:38{19}]"Windows Journal.lnk" of Microsoft-Windows-TabletPC-Journal, Version = 6.3.9600.18189, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:49:53, Info CSI 000005a4 [SR] This component was referenced by [l:154{77}]"Package_3_for_KB3115858~31bf3856ad364e35~amd64~~6.3.1.1.3115858-5_neutral_GDR"
2016-04-11 11:49:54, Info CSI 000005a7 [SR] Could not reproject corrupted file [ml:520{260},l:156{78}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC"\[l:38{19}]"Windows Journal.lnk"; source file in store is also corrupted
2016-04-11 11:49:55, Info CSI 000005a9 [SR] Verify complete
2016-04-11 11:49:55, Info CSI 000005aa [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:49:55, Info CSI 000005ab [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:06, Info CSI 000005b8 [SR] Verify complete
2016-04-11 11:50:06, Info CSI 000005b9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:06, Info CSI 000005ba [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:15, Info CSI 000005c6 [SR] Verify complete
2016-04-11 11:50:15, Info CSI 000005c7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:15, Info CSI 000005c8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:25, Info CSI 000005d3 [SR] Verify complete
2016-04-11 11:50:26, Info CSI 000005d4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:26, Info CSI 000005d5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:36, Info CSI 000005ec [SR] Verify complete
2016-04-11 11:50:36, Info CSI 000005ed [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:36, Info CSI 000005ee [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:44, Info CSI 000005ef [SR] Verify complete
2016-04-11 11:50:44, Info CSI 000005f0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:44, Info CSI 000005f1 [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:53, Info CSI 000005f3 [SR] Verify complete
2016-04-11 11:50:53, Info CSI 000005f4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:50:53, Info CSI 000005f5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:50:57, Info CSI 000005f7 [SR] Cannot repair member file [l:22{11}]"Wordpad.lnk" of Microsoft-Windows-wordpad, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:51:03, Info CSI 000005ff [SR] Cannot repair member file [l:22{11}]"Wordpad.lnk" of Microsoft-Windows-wordpad, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:51:03, Info CSI 00000600 [SR] This component was referenced by [l:166{83}]"Package_1362_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3948_neutral_GDR"
2016-04-11 11:51:03, Info CSI 00000603 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:22{11}]"Wordpad.lnk"; source file in store is also corrupted
2016-04-11 11:51:05, Info CSI 00000608 [SR] Verify complete
2016-04-11 11:51:06, Info CSI 00000609 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:06, Info CSI 0000060a [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:06, Info CSI 0000060c [SR] Cannot repair member file [l:28{14}]"XPS Viewer.lnk" of Microsoft-Windows-XPSReachViewer, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:51:17, Info CSI 0000063a [SR] Cannot repair member file [l:28{14}]"XPS Viewer.lnk" of Microsoft-Windows-XPSReachViewer, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:51:17, Info CSI 0000063b [SR] This component was referenced by [l:166{83}]"Package_3081_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7359_neutral_GDR"
2016-04-11 11:51:17, Info CSI 0000063e [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:28{14}]"XPS Viewer.lnk"; source file in store is also corrupted
2016-04-11 11:51:18, Info CSI 00000640 [SR] Verify complete
2016-04-11 11:51:19, Info CSI 00000641 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:19, Info CSI 00000642 [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:23, Info CSI 00000645 [SR] Verify complete
2016-04-11 11:51:23, Info CSI 00000646 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:23, Info CSI 00000647 [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:32, Info CSI 00000656 [SR] Verify complete
2016-04-11 11:51:32, Info CSI 00000657 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:32, Info CSI 00000658 [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:38, Info CSI 00000659 [SR] Verify complete
2016-04-11 11:51:38, Info CSI 0000065a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:38, Info CSI 0000065b [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:48, Info CSI 0000065d [SR] Verify complete
2016-04-11 11:51:48, Info CSI 0000065e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:48, Info CSI 0000065f [SR] Beginning Verify and Repair transaction
2016-04-11 11:51:57, Info CSI 00000660 [SR] Verify complete
2016-04-11 11:51:57, Info CSI 00000661 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:51:57, Info CSI 00000662 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:05, Info CSI 00000663 [SR] Verify complete
2016-04-11 11:52:05, Info CSI 00000664 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:05, Info CSI 00000665 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:12, Info CSI 00000666 [SR] Verify complete
2016-04-11 11:52:12, Info CSI 00000667 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:12, Info CSI 00000668 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:18, Info CSI 00000669 [SR] Verify complete
2016-04-11 11:52:18, Info CSI 0000066a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:18, Info CSI 0000066b [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:25, Info CSI 0000066c [SR] Verify complete
2016-04-11 11:52:25, Info CSI 0000066d [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:25, Info CSI 0000066e [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:31, Info CSI 0000066f [SR] Verify complete
2016-04-11 11:52:31, Info CSI 00000670 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:31, Info CSI 00000671 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:39, Info CSI 00000672 [SR] Verify complete
2016-04-11 11:52:39, Info CSI 00000673 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:39, Info CSI 00000674 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:46, Info CSI 00000691 [SR] Verify complete
2016-04-11 11:52:46, Info CSI 00000692 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:46, Info CSI 00000693 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:51, Info CSI 00000694 [SR] Verify complete
2016-04-11 11:52:51, Info CSI 00000695 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:52:51, Info CSI 00000696 [SR] Beginning Verify and Repair transaction
2016-04-11 11:52:54, Info CSI 00000698 [SR] Cannot repair member file [l:86{43}]"Windows Firewall with Advanced Security.lnk" of Networking-MPSSVC, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:52:58, Info CSI 0000069a [SR] Cannot repair member file [l:86{43}]"Windows Firewall with Advanced Security.lnk" of Networking-MPSSVC, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:52:58, Info CSI 0000069b [SR] This component was referenced by [l:166{83}]"Package_1189_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3446_neutral_GDR"
2016-04-11 11:52:58, Info CSI 0000069e [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:86{43}]"Windows Firewall with Advanced Security.lnk"; source file in store is also corrupted
2016-04-11 11:53:00, Info CSI 000006a1 [SR] Verify complete
2016-04-11 11:53:00, Info CSI 000006a2 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:00, Info CSI 000006a3 [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:03, Info CSI 000006a5 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:53:11, Info CSI 000006a7 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:53:11, Info CSI 000006a8 [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"
2016-04-11 11:53:13, Info CSI 000006a9 [SR] Verify complete
2016-04-11 11:53:14, Info CSI 000006aa [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:14, Info CSI 000006ab [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:22, Info CSI 000006ac [SR] Verify complete
2016-04-11 11:53:22, Info CSI 000006ad [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:22, Info CSI 000006ae [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:24, Info CSI 000006b0 [SR] Cannot repair member file [l:36{18}]"Task Scheduler.lnk" of TaskSchedulerSettings, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:53:28, Info CSI 000006b2 [SR] Cannot repair member file [l:36{18}]"Task Scheduler.lnk" of TaskSchedulerSettings, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:53:28, Info CSI 000006b3 [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 11:53:28, Info CSI 000006b6 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:36{18}]"Task Scheduler.lnk"; source file in store is also corrupted
2016-04-11 11:53:29, Info CSI 000006b7 [SR] Verify complete
2016-04-11 11:53:29, Info CSI 000006b8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:29, Info CSI 000006b9 [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:36, Info CSI 000006ba [SR] Verify complete
2016-04-11 11:53:36, Info CSI 000006bb [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:36, Info CSI 000006bc [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:50, Info CSI 000006bd [SR] Verify complete
2016-04-11 11:53:50, Info CSI 000006be [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:50, Info CSI 000006bf [SR] Beginning Verify and Repair transaction
2016-04-11 11:53:57, Info CSI 000006c7 [SR] Verify complete
2016-04-11 11:53:58, Info CSI 000006c8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:53:58, Info CSI 000006c9 [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:03, Info CSI 000006ca [SR] Verify complete
2016-04-11 11:54:03, Info CSI 000006cb [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:03, Info CSI 000006cc [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:11, Info CSI 0000073a [SR] Verify complete
2016-04-11 11:54:11, Info CSI 0000073b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:11, Info CSI 0000073c [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:18, Info CSI 0000073f [SR] Verify complete
2016-04-11 11:54:18, Info CSI 00000740 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:18, Info CSI 00000741 [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:25, Info CSI 00000742 [SR] Verify complete
2016-04-11 11:54:25, Info CSI 00000743 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:25, Info CSI 00000744 [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:33, Info CSI 00000745 [SR] Verify complete
2016-04-11 11:54:33, Info CSI 00000746 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:33, Info CSI 00000747 [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:40, Info CSI 00000748 [SR] Verify complete
2016-04-11 11:54:40, Info CSI 00000749 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:40, Info CSI 0000074a [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:46, Info CSI 0000074b [SR] Verify complete
2016-04-11 11:54:46, Info CSI 0000074c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:46, Info CSI 0000074d [SR] Beginning Verify and Repair transaction
2016-04-11 11:54:55, Info CSI 0000075a [SR] Verify complete
2016-04-11 11:54:55, Info CSI 0000075b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:54:55, Info CSI 0000075c [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:04, Info CSI 00000775 [SR] Verify complete
2016-04-11 11:55:04, Info CSI 00000776 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:04, Info CSI 00000777 [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:14, Info CSI 00000786 [SR] Verify complete
2016-04-11 11:55:14, Info CSI 00000787 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:14, Info CSI 00000788 [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:22, Info CSI 0000078a [SR] Verify complete
2016-04-11 11:55:22, Info CSI 0000078b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:22, Info CSI 0000078c [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:26, Info CSI 0000078d [SR] Verify complete
2016-04-11 11:55:26, Info CSI 0000078e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:26, Info CSI 0000078f [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:35, Info CSI 00000798 [SR] Verify complete
2016-04-11 11:55:35, Info CSI 00000799 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:35, Info CSI 0000079a [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:37, Info CSI 0000079c [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (32-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:55:44, Info CSI 000007a3 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (32-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 11:55:44, Info CSI 000007a4 [SR] This component was referenced by [l:164{82}]"Package_443_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-1244_neutral_GDR"
2016-04-11 11:55:44, Info CSI 000007a7 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:60{30}]"ODBC Data Sources (32-bit).lnk"; source file in store is also corrupted
2016-04-11 11:55:45, Info CSI 000007a8 [SR] Verify complete
2016-04-11 11:55:45, Info CSI 000007a9 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:45, Info CSI 000007aa [SR] Beginning Verify and Repair transaction
2016-04-11 11:55:54, Info CSI 000007c4 [SR] Verify complete
2016-04-11 11:55:54, Info CSI 000007c5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:55:54, Info CSI 000007c6 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:02, Info CSI 000007d3 [SR] Verify complete
2016-04-11 11:56:03, Info CSI 000007d4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:03, Info CSI 000007d5 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:13, Info CSI 000007e6 [SR] Verify complete
2016-04-11 11:56:13, Info CSI 000007e7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:13, Info CSI 000007e8 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:24, Info CSI 00000801 [SR] Verify complete
2016-04-11 11:56:24, Info CSI 00000802 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:24, Info CSI 00000803 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:35, Info CSI 0000084e [SR] Verify complete
2016-04-11 11:56:35, Info CSI 0000084f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:35, Info CSI 00000850 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:43, Info CSI 00000856 [SR] Verify complete
2016-04-11 11:56:43, Info CSI 00000857 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:43, Info CSI 00000858 [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:51, Info CSI 00000859 [SR] Verify complete
2016-04-11 11:56:51, Info CSI 0000085a [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:51, Info CSI 0000085b [SR] Beginning Verify and Repair transaction
2016-04-11 11:56:57, Info CSI 0000085e [SR] Verify complete
2016-04-11 11:56:57, Info CSI 0000085f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:56:57, Info CSI 00000860 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:07, Info CSI 0000087a [SR] Verify complete
2016-04-11 11:57:07, Info CSI 0000087b [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:07, Info CSI 0000087c [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:17, Info CSI 000008a2 [SR] Verify complete
2016-04-11 11:57:18, Info CSI 000008a3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:18, Info CSI 000008a4 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:23, Info CSI 000008a7 [SR] Verify complete
2016-04-11 11:57:24, Info CSI 000008a8 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:24, Info CSI 000008a9 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:31, Info CSI 000008b1 [SR] Verify complete
2016-04-11 11:57:31, Info CSI 000008b2 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:31, Info CSI 000008b3 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:38, Info CSI 000008b4 [SR] Verify complete
2016-04-11 11:57:38, Info CSI 000008b5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:38, Info CSI 000008b6 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:45, Info CSI 000008c0 [SR] Verify complete
2016-04-11 11:57:45, Info CSI 000008c1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:45, Info CSI 000008c2 [SR] Beginning Verify and Repair transaction
2016-04-11 11:57:55, Info CSI 000008e4 [SR] Verify complete
2016-04-11 11:57:55, Info CSI 000008e5 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:57:55, Info CSI 000008e6 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:04, Info CSI 000008fd [SR] Verify complete
2016-04-11 11:58:04, Info CSI 000008fe [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:04, Info CSI 000008ff [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:09, Info CSI 00000900 [SR] Verify complete
2016-04-11 11:58:09, Info CSI 00000901 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:09, Info CSI 00000902 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:13, Info CSI 00000904 [SR] Verify complete
2016-04-11 11:58:13, Info CSI 00000905 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:13, Info CSI 00000906 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:22, Info CSI 00000910 [SR] Verify complete
2016-04-11 11:58:23, Info CSI 00000911 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:23, Info CSI 00000912 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:40, Info CSI 00000913 [SR] Verify complete
2016-04-11 11:58:40, Info CSI 00000914 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:40, Info CSI 00000915 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:49, Info CSI 0000092e [SR] Verify complete
2016-04-11 11:58:50, Info CSI 0000092f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:50, Info CSI 00000930 [SR] Beginning Verify and Repair transaction
2016-04-11 11:58:55, Info CSI 00000931 [SR] Verify complete
2016-04-11 11:58:55, Info CSI 00000932 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:58:55, Info CSI 00000933 [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:05, Info CSI 0000093e [SR] Verify complete
2016-04-11 11:59:05, Info CSI 0000093f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:05, Info CSI 00000940 [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:15, Info CSI 0000095d [SR] Verify complete
2016-04-11 11:59:15, Info CSI 0000095e [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:15, Info CSI 0000095f [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:24, Info CSI 0000096b [SR] Verify complete
2016-04-11 11:59:24, Info CSI 0000096c [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:24, Info CSI 0000096d [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:32, Info CSI 0000098e [SR] Verify complete
2016-04-11 11:59:33, Info CSI 0000098f [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:33, Info CSI 00000990 [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:39, Info CSI 00000992 [SR] Verify complete
2016-04-11 11:59:39, Info CSI 00000993 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:39, Info CSI 00000994 [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:45, Info CSI 000009a5 [SR] Verify complete
2016-04-11 11:59:45, Info CSI 000009a6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:45, Info CSI 000009a7 [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:51, Info CSI 000009ac [SR] Verify complete
2016-04-11 11:59:51, Info CSI 000009ad [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:51, Info CSI 000009ae [SR] Beginning Verify and Repair transaction
2016-04-11 11:59:56, Info CSI 000009b0 [SR] Verify complete
2016-04-11 11:59:56, Info CSI 000009b1 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 11:59:56, Info CSI 000009b2 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:06, Info CSI 000009b5 [SR] Verify complete
2016-04-11 12:00:06, Info CSI 000009b6 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:06, Info CSI 000009b7 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:13, Info CSI 000009be [SR] Verify complete
2016-04-11 12:00:13, Info CSI 000009bf [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:13, Info CSI 000009c0 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:20, Info CSI 000009c3 [SR] Verify complete
2016-04-11 12:00:20, Info CSI 000009c4 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:20, Info CSI 000009c5 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:26, Info CSI 000009ca [SR] Verify complete
2016-04-11 12:00:26, Info CSI 000009cb [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:26, Info CSI 000009cc [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:32, Info CSI 000009ce [SR] Verify complete
2016-04-11 12:00:33, Info CSI 000009cf [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:33, Info CSI 000009d0 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:39, Info CSI 000009d2 [SR] Verify complete
2016-04-11 12:00:40, Info CSI 000009d3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:40, Info CSI 000009d4 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:49, Info CSI 000009df [SR] Verify complete
2016-04-11 12:00:49, Info CSI 000009e0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:49, Info CSI 000009e1 [SR] Beginning Verify and Repair transaction
2016-04-11 12:00:56, Info CSI 000009e2 [SR] Verify complete
2016-04-11 12:00:56, Info CSI 000009e3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:00:56, Info CSI 000009e4 [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:06, Info CSI 000009e6 [SR] Verify complete
2016-04-11 12:01:06, Info CSI 000009e7 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:01:06, Info CSI 000009e8 [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:14, Info CSI 000009e9 [SR] Verify complete
2016-04-11 12:01:14, Info CSI 000009ea [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:01:14, Info CSI 000009eb [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:23, Info CSI 000009ec [SR] Verify complete
2016-04-11 12:01:23, Info CSI 000009ed [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:01:23, Info CSI 000009ee [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:30, Info CSI 000009ef [SR] Verify complete
2016-04-11 12:01:30, Info CSI 000009f0 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:01:30, Info CSI 000009f1 [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:39, Info CSI 000009f2 [SR] Verify complete
2016-04-11 12:01:39, Info CSI 000009f3 [SR] Verifying 100 (0x0000000000000064) components
2016-04-11 12:01:39, Info CSI 000009f4 [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:48, Info CSI 000009f7 [SR] Verify complete
2016-04-11 12:01:48, Info CSI 000009f8 [SR] Verifying 22 (0x0000000000000016) components
2016-04-11 12:01:48, Info CSI 000009f9 [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:50, Info CSI 000009fa [SR] Verify complete
2016-04-11 12:01:50, Info CSI 000009fb [SR] Repairing 35 (0x0000000000000023) components
2016-04-11 12:01:50, Info CSI 000009fc [SR] Beginning Verify and Repair transaction
2016-04-11 12:01:50, Info CSI 000009fe [SR] Cannot repair member file [l:32{16}]"Event Viewer.lnk" of EventViewerSettings, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a00 [SR] Cannot repair member file [l:36{18}]"Steps Recorder.lnk" of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a02 [SR] Cannot repair member file [l:32{16}]"Task Manager.lnk" of Microsoft-Windows-AdvancedTaskManager, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a04 [SR] Cannot repair member file [l:46{23}]"Computer Management.lnk" of Microsoft-Windows-ComputerManagementSnapin, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a06 [SR] Cannot repair member file [l:28{14}]"Calculator.lnk" of Microsoft-Windows-calc, Version = 6.3.9600.17667, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a08 [SR] Cannot repair member file [l:44{22}]"Component Services.lnk" of Microsoft-Windows-COM-ComPlus-Admin-CompSvcLink, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:50, Info CSI 00000a0a [SR] Cannot repair member file [l:34{17}]"Character Map.lnk" of Microsoft-Windows-charmap, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a0c [SR] Cannot repair member file [l:32{16}]"Disk Cleanup.lnk" of Microsoft-Windows-cleanmgr, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a0e [SR] Cannot repair member file [l:20{10}]"dfrgui.lnk" of Microsoft-Windows-Defrag-AdminUI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a10 [SR] Cannot repair member file [l:48{24}]"Windows Fax and Scan.lnk" of Microsoft-Windows-Fax-Client-Applications, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a12 [SR] Cannot repair member file [l:38{19}]"iSCSI Initiator.lnk" of Microsoft-Windows-iSCSI_Initiator_UI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a14 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (64-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a16 [SR] Cannot repair member file [l:54{27}]"Memory Diagnostics Tool.lnk" of Microsoft-Windows-Memory-Diagnostic-Schedule, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a18 [SR] Cannot repair member file [l:50{25}]"Windows Easy Transfer.lnk" of Microsoft-Windows-MigrationWizardApplication, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a1a [SR] Cannot repair member file [l:48{24}]"Windows Media Player.lnk" of Microsoft-Windows-MediaPlayer-Shortcut, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a1c [SR] Cannot repair member file [l:48{24}]"System Configuration.lnk" of Microsoft-Windows-MsConfig-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a1e [SR] Cannot repair member file [l:44{22}]"System Information.lnk" of Microsoft-Windows-MSInfo32-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:51, Info CSI 00000a20 [SR] Cannot repair member file [l:18{9}]"Paint.lnk" of Microsoft-Windows-mspaint, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a22 [SR] Cannot repair member file [l:40{20}]"Resource Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a24 [SR] Cannot repair member file [l:46{23}]"Performance Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a26 [SR] Cannot repair member file [l:52{26}]"Windows PowerShell ISE.lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a28 [SR] Cannot repair member file [l:64{32}]"Windows PowerShell ISE (x86).lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a2a [SR] Cannot repair member file [l:24{12}]"services.lnk" of Microsoft-Windows-ServicesSnapIn, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a2c [SR] Cannot repair member file [l:34{17}]"Snipping Tool.lnk" of Microsoft-Windows-SnippingTool-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a2e [SR] Cannot repair member file [l:32{16}]"Sticky Notes.lnk" of Microsoft-Windows-StickyNotes-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a30 [SR] Cannot repair member file [l:44{22}]"Speech Recognition.lnk" of Microsoft-Windows-Speech-UserExperience, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a32 [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a34 [SR] Cannot repair member file [l:40{20}]"Default Programs.lnk" of Microsoft-Windows-sud-link, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a36 [SR] Cannot repair member file [l:40{20}]"Math Input Panel.lnk" of Microsoft-Windows-TabletPC-MathInputPanel, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a38 [SR] Cannot repair member file [l:58{29}]"Remote Desktop Connection.lnk" of Microsoft-Windows-TerminalServices-TerminalServicesClient, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a3a [SR] Cannot repair member file [l:38{19}]"Windows Journal.lnk" of Microsoft-Windows-TabletPC-Journal, Version = 6.3.9600.18189, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a3c [SR] Cannot repair member file [l:22{11}]"Wordpad.lnk" of Microsoft-Windows-wordpad, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a3e [SR] Cannot repair member file [l:28{14}]"XPS Viewer.lnk" of Microsoft-Windows-XPSReachViewer, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a40 [SR] Cannot repair member file [l:86{43}]"Windows Firewall with Advanced Security.lnk" of Networking-MPSSVC, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a42 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a44 [SR] Cannot repair member file [l:36{18}]"Task Scheduler.lnk" of TaskSchedulerSettings, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a46 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (32-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a48 [SR] Cannot repair member file [l:34{17}]"Character Map.lnk" of Microsoft-Windows-charmap, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:52, Info CSI 00000a49 [SR] This component was referenced by [l:166{83}]"Package_1361_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3943_neutral_GDR"
2016-04-11 12:01:52, Info CSI 00000a4c [SR] Could not reproject corrupted file [ml:520{260},l:162{81}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools"\[l:34{17}]"Character Map.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a4e [SR] Cannot repair member file [l:20{10}]"dfrgui.lnk" of Microsoft-Windows-Defrag-AdminUI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a4f [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2637_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a52 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:20{10}]"dfrgui.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a54 [SR] Cannot repair member file [l:40{20}]"Resource Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a55 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2628_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a57 [SR] Cannot repair member file [l:46{23}]"Performance Monitor.lnk" of Microsoft-Windows-PerformanceToolsGui, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a58 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2628_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a5b [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:40{20}]"Resource Monitor.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a5e [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:46{23}]"Performance Monitor.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a60 [SR] Cannot repair member file [l:86{43}]"Windows Firewall with Advanced Security.lnk" of Networking-MPSSVC, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a61 [SR] This component was referenced by [l:166{83}]"Package_1189_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3446_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a64 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:86{43}]"Windows Firewall with Advanced Security.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a66 [SR] Cannot repair member file [l:36{18}]"Steps Recorder.lnk" of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a67 [SR] This component was referenced by [l:164{82}]"Package_873_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2613_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a6a [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:36{18}]"Steps Recorder.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a6c [SR] Cannot repair member file [l:32{16}]"Task Manager.lnk" of Microsoft-Windows-AdvancedTaskManager, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a6d [SR] This component was referenced by [l:164{82}]"Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2529_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a70 [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:32{16}]"Task Manager.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a72 [SR] Cannot repair member file [l:38{19}]"iSCSI Initiator.lnk" of Microsoft-Windows-iSCSI_Initiator_UI, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a73 [SR] This component was referenced by [l:164{82}]"Package_941_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2791_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a76 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:38{19}]"iSCSI Initiator.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a78 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (64-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a79 [SR] This component was referenced by [l:166{83}]"Package_1052_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3082_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a7c [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:60{30}]"ODBC Data Sources (64-bit).lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a7e [SR] Cannot repair member file [l:18{9}]"Paint.lnk" of Microsoft-Windows-mspaint, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a7f [SR] This component was referenced by [l:166{83}]"Package_1365_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4028_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a82 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:18{9}]"Paint.lnk"; source file in store is also corrupted
2016-04-11 12:01:53, Info CSI 00000a84 [SR] Cannot repair member file [l:36{18}]"Sound Recorder.lnk" of Microsoft-Windows-SoundRecorder, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:53, Info CSI 00000a85 [SR] This component was referenced by [l:166{83}]"Package_1133_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3321_neutral_GDR"
2016-04-11 12:01:53, Info CSI 00000a88 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:36{18}]"Sound Recorder.lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000a8a [SR] Cannot repair member file [l:44{22}]"Component Services.lnk" of Microsoft-Windows-COM-ComPlus-Admin-CompSvcLink, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000a8b [SR] This component was referenced by [l:326{163}]"Microsoft-Windows-Client-Features-Package-AutoMerged-com~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-com-Deployment"
2016-04-11 12:01:54, Info CSI 00000a8e [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:44{22}]"Component Services.lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000a90 [SR] Cannot repair member file [l:48{24}]"Windows Fax and Scan.lnk" of Microsoft-Windows-Fax-Client-Applications, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000a91 [SR] This component was referenced by [l:166{83}]"Package_2188_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6085_neutral_GDR"
2016-04-11 12:01:54, Info CSI 00000a94 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:48{24}]"Windows Fax and Scan.lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000a96 [SR] Cannot repair member file [l:24{12}]"services.lnk" of Microsoft-Windows-ServicesSnapIn, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000a97 [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 12:01:54, Info CSI 00000a9a [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:24{12}]"services.lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000a9c [SR] Cannot repair member file [l:36{18}]"Task Scheduler.lnk" of TaskSchedulerSettings, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000a9d [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 12:01:54, Info CSI 00000aa0 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:36{18}]"Task Scheduler.lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000aa2 [SR] Cannot repair member file [l:60{30}]"ODBC Data Sources (32-bit).lnk" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-Administrator, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000aa3 [SR] This component was referenced by [l:164{82}]"Package_443_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-1244_neutral_GDR"
2016-04-11 12:01:54, Info CSI 00000aa6 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:60{30}]"ODBC Data Sources (32-bit).lnk"; source file in store is also corrupted
2016-04-11 12:01:54, Info CSI 00000aa8 [SR] Cannot repair member file [l:50{25}]"Windows Easy Transfer.lnk" of Microsoft-Windows-MigrationWizardApplication, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:54, Info CSI 00000aa9 [SR] This component was referenced by [l:164{82}]"Package_844_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2333_neutral_GDR"
2016-04-11 12:01:54, Info CSI 00000aac [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:50{25}]"Windows Easy Transfer.lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000aae [SR] Cannot repair member file [l:52{26}]"Windows PowerShell ISE.lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000aaf [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 12:01:55, Info CSI 00000ab1 [SR] Cannot repair member file [l:64{32}]"Windows PowerShell ISE (x86).lnk" of Microsoft-Windows-PowerShell-ISE, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000ab2 [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-admin-Deployment"
2016-04-11 12:01:55, Info CSI 00000ab5 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:52{26}]"Windows PowerShell ISE.lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000ab8 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:64{32}]"Windows PowerShell ISE (x86).lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000aba [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000abb [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"
2016-04-11 12:01:55, Info CSI 00000abd [SR] Cannot repair member file [l:46{23}]"Computer Management.lnk" of Microsoft-Windows-ComputerManagementSnapin, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000abe [SR] This component was referenced by [l:164{82}]"Package_752_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2048_neutral_GDR"
2016-04-11 12:01:55, Info CSI 00000ac1 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:46{23}]"Computer Management.lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000ac3 [SR] Cannot repair member file [l:28{14}]"Calculator.lnk" of Microsoft-Windows-calc, Version = 6.3.9600.17667, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000ac4 [SR] This component was referenced by [l:154{77}]"Package_1_for_KB3024755~31bf3856ad364e35~amd64~~6.3.1.1.3024755-1_neutral_GDR"
2016-04-11 12:01:55, Info CSI 00000ac7 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:28{14}]"Calculator.lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000ac9 [SR] Cannot repair member file [l:32{16}]"Disk Cleanup.lnk" of Microsoft-Windows-cleanmgr, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000aca [SR] This component was referenced by [l:166{83}]"Package_1361_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3942_neutral_GDR"
2016-04-11 12:01:55, Info CSI 00000acd [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:32{16}]"Disk Cleanup.lnk"; source file in store is also corrupted
2016-04-11 12:01:55, Info CSI 00000acf [SR] Cannot repair member file [l:48{24}]"Windows Media Player.lnk" of Microsoft-Windows-MediaPlayer-Shortcut, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:55, Info CSI 00000ad0 [SR] This component was referenced by [l:190{95}]"Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.WindowsMediaPlayer"
2016-04-11 12:01:55, Info CSI 00000ad3 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:48{24}]"Windows Media Player.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000ad5 [SR] Cannot repair member file [l:44{22}]"System Information.lnk" of Microsoft-Windows-MSInfo32-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000ad6 [SR] This component was referenced by [l:164{82}]"Package_844_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2332_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000ad9 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:44{22}]"System Information.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000adb [SR] Cannot repair member file [l:28{14}]"XPS Viewer.lnk" of Microsoft-Windows-XPSReachViewer, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000adc [SR] This component was referenced by [l:166{83}]"Package_3081_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7359_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000adf [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:28{14}]"XPS Viewer.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000ae1 [SR] Cannot repair member file [l:48{24}]"System Configuration.lnk" of Microsoft-Windows-MsConfig-Exe, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000ae2 [SR] This component was referenced by [l:164{82}]"Package_874_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2621_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000ae5 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:48{24}]"System Configuration.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000ae7 [SR] Cannot repair member file [l:40{20}]"Math Input Panel.lnk" of Microsoft-Windows-TabletPC-MathInputPanel, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000ae8 [SR] This component was referenced by [l:166{83}]"Package_2947_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7141_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000aeb [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:40{20}]"Math Input Panel.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000aed [SR] Cannot repair member file [l:32{16}]"Event Viewer.lnk" of EventViewerSettings, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000aee [SR] This component was referenced by [l:164{82}]"Package_752_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2054_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000af1 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:32{16}]"Event Viewer.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000af3 [SR] Cannot repair member file [l:54{27}]"Memory Diagnostics Tool.lnk" of Microsoft-Windows-Memory-Diagnostic-Schedule, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000af4 [SR] This component was referenced by [l:164{82}]"Package_876_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-2631_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000af7 [SR] Could not reproject corrupted file [ml:520{260},l:154{77}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"\[l:54{27}]"Memory Diagnostics Tool.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000af9 [SR] Cannot repair member file [l:34{17}]"Snipping Tool.lnk" of Microsoft-Windows-SnippingTool-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000afa [SR] This component was referenced by [l:166{83}]"Package_2946_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7137_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000afd [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:34{17}]"Snipping Tool.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000aff [SR] Cannot repair member file [l:32{16}]"Sticky Notes.lnk" of Microsoft-Windows-StickyNotes-App, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000b00 [SR] This component was referenced by [l:166{83}]"Package_3033_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-7293_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000b03 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:32{16}]"Sticky Notes.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000b05 [SR] Cannot repair member file [l:44{22}]"Speech Recognition.lnk" of Microsoft-Windows-Speech-UserExperience, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000b06 [SR] This component was referenced by [l:166{83}]"Package_1049_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3060_neutral_GDR"
2016-04-11 12:01:56, Info CSI 00000b09 [SR] Could not reproject corrupted file [ml:520{260},l:140{70}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility"\[l:44{22}]"Speech Recognition.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000b0b [SR] Cannot repair member file [l:40{20}]"Default Programs.lnk" of Microsoft-Windows-sud-link, Version = 6.3.9600.16384, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000b0c [SR] This component was referenced by [l:334{167}]"Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.Microsoft-Windows-Client-Features-Package-AutoMerged-shell-Deployment"
2016-04-11 12:01:56, Info CSI 00000b0f [SR] Could not reproject corrupted file [ml:520{260},l:138{69}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"\[l:40{20}]"Default Programs.lnk"; source file in store is also corrupted
2016-04-11 12:01:56, Info CSI 00000b11 [SR] Cannot repair member file [l:58{29}]"Remote Desktop Connection.lnk" of Microsoft-Windows-TerminalServices-TerminalServicesClient, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:56, Info CSI 00000b12 [SR] This component was referenced by [l:166{83}]"Package_1471_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-4215_neutral_GDR"
2016-04-11 12:01:57, Info CSI 00000b15 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:58{29}]"Remote Desktop Connection.lnk"; source file in store is also corrupted
2016-04-11 12:01:57, Info CSI 00000b17 [SR] Cannot repair member file [l:38{19}]"Windows Journal.lnk" of Microsoft-Windows-TabletPC-Journal, Version = 6.3.9600.18189, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:57, Info CSI 00000b18 [SR] This component was referenced by [l:154{77}]"Package_3_for_KB3115858~31bf3856ad364e35~amd64~~6.3.1.1.3115858-5_neutral_GDR"
2016-04-11 12:01:57, Info CSI 00000b1b [SR] Could not reproject corrupted file [ml:520{260},l:156{78}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC"\[l:38{19}]"Windows Journal.lnk"; source file in store is also corrupted
2016-04-11 12:01:57, Info CSI 00000b1d [SR] Cannot repair member file [l:22{11}]"Wordpad.lnk" of Microsoft-Windows-wordpad, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-04-11 12:01:57, Info CSI 00000b1e [SR] This component was referenced by [l:166{83}]"Package_1362_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-3948_neutral_GDR"
2016-04-11 12:01:57, Info CSI 00000b21 [SR] Could not reproject corrupted file [ml:520{260},l:136{68}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories"\[l:22{11}]"Wordpad.lnk"; source file in store is also corrupted
2016-04-11 12:01:57, Info CSI 00000b22 [SR] Repair complete
2016-04-11 12:01:57, Info CSI 00000b23 [SR] Committing transaction
2016-04-11 12:01:59, Info CSI 00000b28 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
 
Although dealing with SFC logs is not my area of expertise, I see numerous items that are listed as "cannot repair member file". Let's see what the results are from running Disk Check. Please do the following to run the internal disk checker program:
  • Click Start and select "Computer"
  • Right-click C:
  • Left-click "Properties"
  • Select the "Tools" tab
  • In the Error-checking area, click "Check Now"
  • Click "Start"
  • Check the option to "Automatically fix file system errors" and click Start.
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

To find the disk check log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double-click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.
 
Hi Corrine

Thanks for getting back to me, the log you requested is pasted below;

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
------< Log generate on 11/04/2016 22:21:07 >------
Category: 0
Computer Name: Work_Laptop
Event Code: 26226
Record Number: 28568
Source Name: Chkdsk
Time Written: 04-11-2016 @ 21:14:36
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.
Checking file system on C:
Volume label is TI31475500A.
Stage 1: Examining basic file system structure ...

285440 file records processed.
File verification completed.

3331 large file records processed.

0 bad file records processed.

Stage 2: Examining file name linkage ...

360752 index entries processed.
Index verification completed.



Stage 3: Examining security descriptors ...
Security descriptor verification completed.

37657 data files processed.
CHKDSK is verifying Usn Journal...

36422384 USN bytes processed.
Usn Journal verification completed.
Windows has scanned the file system and found no problems.
No further action is required.
964328447 KB total disk space.
91964264 KB in 167213 files.
154436 KB in 37658 indexes.
418975 KB in use by the system.
65536 KB occupied by the log file.
871790772 KB available on disk.
4096 bytes in each allocation unit.
241082111 total allocation units on disk.
217947693 allocation units available on disk.
----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
Stage 2: Examining file name linkage ...
Stage 3: Examining security descriptors ...
Windows has scanned the file system and found no problems.
No further action is required.
-----------------------------------------------------------------------
 
Hi, eparvus.

I've asked other members of the team if they have suggestions.
 
Hi, eparvus.

1. First off, I was reminded that you had McAfee disabled when you provided the logs for review. Since you reported after the cleanup that everything was running smoothly at that time, did the issues return after re-enabling McAfee?

2. Let's see if you still have issues when running Windows with a clean boot. The instructions for Windows 8.1 can be found on this page: How to perform a clean boot in Windows.
 
Hi Corrine

1. No the problem originally started while McAfee was enabled and has persisted the entire time.

2. I followed the instructions for the clean boot and unfortunately the problem persists, when I click on a task bar icon of an open application that has been minimized the icon shifts to the right, then back to its original position and does not open the application. If I right click on the icon and try bringing the application up again it opens a second version of the same application.


I'm sorry I know its not the best explanation of my problem, after searching the net I found that some posts mention duplicate, extended or second screens but ive checked mine and its set for only one monitor.

Sorry once again, I hope you understand all my mumblings
 
Well, then, you may have just confirmed what was pointed out by one of the team members I consulted with! In fact, it is something that I am completely familiar with because *it* made my son's laptop completely unusable until I did what I am going to suggest to you.

eparvus said:
Hi Corrine

1. No the problem originally started while McAfee was enabled and has persisted the entire time.
Click to expand...

That *it* I referred to may just be McAfee.

  1. Please follow the instructions at How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool which includes information on accessing your license information should you wish to reinstall/
  2. Be sure to shutdown/restart after uninstalling McAfee and running the McAfee Consumer Product Removal (MCPR) tool.
  3. Check that Windows Defender is enabled.

Let us know if you are still experiencing problems.
 
Hi Corrine

Thanks this seems to have solved the issue, one thing I must mention though is that I can not get windows defender enabled, I'm presuming that its due to the fact that I have the trial version of malwarebytes still running. Even when I run windows defender as administrator it tells me to contact the administrator to run the program. should I also uninstall malwarebytes and try getting windows defender to run?

Thanks
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top