Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015 Ran by Samuel (2015-08-19 15:50:42) Running from C:\Users\Samuel\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1834921579-1445137321-2227179606-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1834921579-1445137321-2227179606-503 - Limited - Disabled) Guest (S-1-5-21-1834921579-1445137321-2227179606-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1834921579-1445137321-2227179606-1003 - Limited - Enabled) Samuel (S-1-5-21-1834921579-1445137321-2227179606-1001 - Administrator - Enabled) => C:\Users\Samuel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Dropbox (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.1.0 - Telerik) Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version: - ) FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) join.me (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\JoinMe) (Version: 2.1.2.830 - LogMeIn, Inc.) JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 5.3.0 - JPEXS) Kodi (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\Kodi) (Version: - XBMC-Foundation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.17.9562 - SoftEther VPN Project) TakeOwnershipPro 1.6 (HKLM-x32\...\TakeOwnershipPro_is1) (Version: - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer) Unseen App version 0.2.5 (HKLM-x32\...\{5C349BCB-70DB-46DE-8E0E-F07A2B1C0B91}_is1) (Version: 0.2.5 - Unseen, ehf.) URL Helper (HKLM-x32\...\URL Helper_is1) (Version: - ) URL Snooper v2.38.01 (HKLM-x32\...\URLSnooper 2_is1) (Version: - DonationCoder.com) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {02F07688-F9D4-4F9D-8424-0E7355A062D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {093286AE-F782-4AAA-B46C-33D40CC3C667} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {0BD640B4-00E6-4550-9B42-2D9A9EF8B82A} - System32\Tasks\JKRXFGIV1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION Task: {0C9CE355-1324-4966-885C-058450D15F7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1229AB0E-951D-4361-BADA-035B13002D06} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001UA => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-30] (Dropbox, Inc.) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1FE592E4-3C8F-4933-A356-A178CED12BB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2396120D-61ED-4772-A2FB-7AFA83B49687} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001Core => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-30] (Dropbox, Inc.) Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4972D29D-8341-4B9F-84FB-2276F221F552} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {508CC47C-DD56-411C-8D15-47F08D712AA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {73B24A3C-8EA6-4837-BA11-73EFDC9DD51C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation) Task: {9DBF1E06-0EC0-4160-AB0D-BDE846B915DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {B6C674AE-D493-4058-B264-076E8735452A} - System32\Tasks\{65FB15D4-B429-4843-94C3-EF3D4F1F8C50} => pcalua.exe -a C:\ProgramData\EpsanDrive\SoftConfigTest.exe Task: {C2059E7C-71DF-4ECF-8E3F-E4BE0DB3FC73} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {CAA046D5-922C-4A74-AC4C-432A3616D89C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {DA7E794B-53EE-47F8-8517-4F065BE71383} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E3EB6F49-038E-4B96-BC9F-145E5EEF3037} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {EB7140B0-4A5D-433F-9CB6-44C9CE4A6BF1} - System32\Tasks\{FFED5B58-4A07-4D43-9FB0-C3BB6264DEB8} => pcalua.exe -a C:\Users\Samuel\AppData\Local\BrowserAir\Application\Uninstall.exe Task: {ED18191E-B423-4D95-B16D-E215477EFFCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) Task: {ED7C4068-89F3-4660-827E-450E13EEA862} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F8F03F0C-D56F-428E-8F0E-A2D5DA1BE562} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001Core.job => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001UA.job => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\JKRXFGIV1.job => 0x000A0100C9A6B4E72AC44C4F8DE1DCBC095E2AF44600F800000000003C000A0020000000FEFFFFFF0B0107800013040000008021DF070800030013000F0027001C00C6010000290043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E00440072006900760065005C0045007000730061006E00440072006900760065002E00650078006500000000001A0043003A005C00500072006F006700720061006D0044006100740061005C0045007000730061006E004400720069007600650000000B00530041004D005C00530061006D00750065006C0000000000000008000000000000000000020030000000DF0708000E00000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF0708000E0000000000000016002C0000000000000000000000000000000000010000000000000000000000 ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-08-01 16:04 - 2015-08-01 16:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-10 07:00 - 2015-07-10 07:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll 2015-08-18 21:12 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-08-06 23:47 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-06 23:47 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll 2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-01 16:05 - 2015-08-01 16:05 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll 2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-12 07:09 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-08-12 07:09 - 2015-08-02 21:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-08-18 21:12 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-08-01 16:05 - 2015-08-01 16:05 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-08-01 16:05 - 2015-08-01 16:05 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node 2015-07-10 07:00 - 2015-07-10 09:14 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-08-01 16:05 - 2015-08-01 16:05 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2015-08-19 15:39 - 2015-08-19 15:39 - 00071168 _____ () c:\users\samuel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxetxjv.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00012800 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00779776 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 20:19 - 2015-08-05 16:49 - 00056320 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00012288 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-06-02 11:18 - 2015-06-02 11:18 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2015-08-11 13:15 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll 2015-08-11 13:15 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Samuel\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samuel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 192.168.44.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk" HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceStream" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceUpdater" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceWebException" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_50C8B1039103FA485FC53D268D547404" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{76E327F9-5E1E-4A41-9EB1-02ECE5D14D50}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe FirewallRules: [{A47D16F4-0018-43C6-A6C1-EB69EA63ED43}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe FirewallRules: [{ACECB85A-5E3B-4320-9329-D773882BFCA0}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe FirewallRules: [{000B8337-FFAD-439C-A74B-C8E83BCE8D3F}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe FirewallRules: [UDP Query User{8ECCC220-A79C-46FB-B0E2-4B1146C2A435}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{17592725-5F02-4897-B357-670D3BF67020}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{77BBE682-0D55-40C2-AB23-F4568CD6C541}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ABBF702D-969E-4163-969C-06F257084E75}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9B95D3D9-6C7F-47F2-AF22-AF7CD21E168F}C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe] => (Block) C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe FirewallRules: [TCP Query User{1DE60DF2-E4FE-456F-8C0C-E7F7CD29CAB7}C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe] => (Block) C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe FirewallRules: [UDP Query User{4A2367FA-9CE2-4F99-B500-AD1C24C51927}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{2BAAE29C-EC9A-4461-8E47-9D2FB76BB4F1}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{F4332E4E-4C50-42E8-9790-CCA98D912807}C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [TCP Query User{187F027A-20DA-4F9D-8656-C744BD5DC3AF}C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{52B6AC3C-46C3-4490-AE46-C2D8C54089C1}C:\users\samuel\documents\rtmpdump-2.4\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpdump-2.4\rtmpsrv.exe FirewallRules: [TCP Query User{ADF21B62-914B-44C6-BB5C-EB608B37E2A4}C:\users\samuel\documents\rtmpdump-2.4\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpdump-2.4\rtmpsrv.exe FirewallRules: [UDP Query User{6C431F6F-A60B-487D-B76E-3517DCF86F64}C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe FirewallRules: [TCP Query User{07023F13-4F44-4A37-9876-61B25FBCF591}C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpdump-2.4\rtmpsuck.exe FirewallRules: [{14502E31-DA23-4D14-8916-0BBFF30097E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C80D32AA-BC33-461A-ABA2-5B9A1235A120}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{69230B8C-F7B4-48A4-B6C6-DAD3A8A0B98F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{AF5E5A17-61BC-4D0E-B8DF-021C35F103AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8971CC17-D89A-40DB-9891-EF4CE11500BE}] => (Allow) C:\Program Files\SoftEther VPN Server\vpncmd_x64.exe FirewallRules: [{9C5C9B5B-1033-4588-A18D-BD6C730891EB}] => (Allow) C:\Program Files\SoftEther VPN Server\vpnsmgr_x64.exe FirewallRules: [{F6A6E2DE-2922-4C4C-85F8-FD53C294AE08}] => (Allow) C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe FirewallRules: [UDP Query User{D7F07E90-4355-4B31-B31B-EBE95A0AD175}C:\users\samuel\documents\rtmpdump\rtmpgw.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpgw.exe FirewallRules: [TCP Query User{1C4E4096-0B98-4AAE-B572-FC93728DF33A}C:\users\samuel\documents\rtmpdump\rtmpgw.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpgw.exe FirewallRules: [UDP Query User{2D7FBB98-FBDD-42CE-84BF-5B3E6A828782}C:\users\samuel\documents\rtmpdump\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpsrv.exe FirewallRules: [TCP Query User{87FC0543-E995-4876-91A9-68350C9CDA8D}C:\users\samuel\documents\rtmpdump\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpsrv.exe FirewallRules: [UDP Query User{5D7972BB-E27C-433D-B186-AD3B078F4E17}C:\users\samuel\documents\rtmpdump\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpsuck.exe FirewallRules: [TCP Query User{BC7FBDB0-495E-4691-97F1-1425F956F2A0}C:\users\samuel\documents\rtmpdump\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpdump\rtmpsuck.exe FirewallRules: [{91A03675-93FA-4689-B35A-F3A263D45CBB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9DC4000A-1E63-4AB4-8EE7-E8DA5955391B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{2C9332CA-9FDC-4528-8DA5-7F5F1A33E6BB}C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [TCP Query User{5DE76E9A-1521-4278-9FE3-AD3C9DE27265}C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\samuel\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{9EB6BEE6-B58C-4624-94F3-3BAEBA2630D8}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{8FC77FAF-D1E9-488F-B245-F3A28AE3E820}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{A01D1997-3F75-4FD6-AD13-80F2E9036443}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{AC8BFE83-53AA-45FB-B2D6-836AF830F810}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{AE5F466C-48B3-4EC3-B6DE-CD4BDE47D9AE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [{29517903-B1A3-4B91-8043-69BD0A5FE15D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{70DEB8E9-E0CF-4928-BE6B-0228E85FE54D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{A9A18352-D0CF-4AB0-9EDB-480E88C394BA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [UDP Query User{184F91DF-D41B-4602-B583-019ECF8AE836}C:\users\samuel\documents\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpsrv.exe FirewallRules: [TCP Query User{90A5D280-EB1F-423A-97E1-4A9ACF624413}C:\users\samuel\documents\rtmpsrv.exe] => (Allow) C:\users\samuel\documents\rtmpsrv.exe FirewallRules: [UDP Query User{1BF7B5AF-40B9-45D1-B496-250D23802645}C:\users\samuel\documents\rtmpgw.exe] => (Allow) C:\users\samuel\documents\rtmpgw.exe FirewallRules: [TCP Query User{4D2F560A-2D6E-47CE-9D5C-BA5067159900}C:\users\samuel\documents\rtmpgw.exe] => (Allow) C:\users\samuel\documents\rtmpgw.exe FirewallRules: [UDP Query User{3033272A-13A6-40A0-AB50-F550B513AE19}C:\users\samuel\documents\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpsuck.exe FirewallRules: [TCP Query User{93C902C8-EF54-49AF-A88A-3644B2ADCB27}C:\users\samuel\documents\rtmpsuck.exe] => (Allow) C:\users\samuel\documents\rtmpsuck.exe FirewallRules: [{7B3EF7B2-68C0-489F-BB07-C545D8E84DF6}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{7B77ADCD-B3F7-4B7B-AE2E-0761A5E2D413}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{BC595B21-59F7-41D8-85A3-84BFA21F3FFE}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{47BE9175-3641-40CC-AD6B-94B09423ED46}] => (Allow) C:\ProgramData\ZigsNad\fuaatu.exe FirewallRules: [{A4C6B956-62AE-47C7-BAAF-AE6A15723CFD}] => (Allow) C:\ProgramData\ZigsNad\fuaatu.exe FirewallRules: [{EA80E14D-7839-4C35-95B9-6C95DE04BB3F}] => (Allow) C:\ProgramData\ZigsNad\fuaatu.exe FirewallRules: [{0620E21B-8235-46A3-B80B-6F1D19FC69BF}] => (Allow) C:\ProgramData\ZigsNad\fuaatu.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2015 12:23:23 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (1856) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/19/2015 12:23:23 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (1856) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error: (08/19/2015 12:23:13 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (1856) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/19/2015 12:23:13 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (1856) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error: (08/19/2015 12:23:03 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (1856) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/19/2015 12:23:03 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (1856) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error: (08/19/2015 12:22:52 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (1856) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/19/2015 12:22:52 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (1856) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error: (08/19/2015 12:22:42 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (1856) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/19/2015 12:22:42 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (1856) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (08/19/2015 03:42:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (08/19/2015 03:40:00 PM) (Source: DCOM) (EventID: 10016) (User: SAM) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}SamSamuelS-1-5-21-1834921579-1445137321-2227179606-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.8.12.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157 Error: (08/19/2015 03:38:47 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x0000000000000003, 0xffffe000e51e68d0, 0xffffd000488c6990, 0xffffe000e57a6a20)C:\WINDOWS\MEMORY.DMP081915-8078-01 Error: (08/19/2015 03:38:43 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:35:47 PM on ‎8/‎19/‎2015 was unexpected. Error: (08/19/2015 01:31:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. Error: (08/19/2015 01:30:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error: (08/19/2015 01:30:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service. Error: (08/19/2015 01:21:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 1 0xc 0x6 Error: (08/19/2015 12:23:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (08/19/2015 12:22:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Microsoft Office: ========================= Error: (08/19/2015 12:23:23 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost1856-1032 Error: (08/19/2015 12:23:23 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost1856C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (08/19/2015 12:23:13 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost1856-1032 Error: (08/19/2015 12:23:13 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost1856C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (08/19/2015 12:23:03 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost1856-1032 Error: (08/19/2015 12:23:03 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost1856C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (08/19/2015 12:22:52 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost1856-1032 Error: (08/19/2015 12:22:52 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost1856C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (08/19/2015 12:22:42 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost1856-1032 Error: (08/19/2015 12:22:42 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost1856C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. CodeIntegrity: =================================== Date: 2015-08-19 08:02:07.147 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-19 08:02:07.043 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-19 07:56:44.149 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-19 07:56:44.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.761 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.737 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.715 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.557 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-18 21:29:29.534 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 63% Total physical RAM: 4016.04 MB Available physical RAM: 1476.13 MB Total Virtual: 6448.04 MB Available Virtual: 3686.19 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:112.49 GB) (Free:52.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: D866EEE3) Partition: GPT. ==================== End of log ============================