Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 02 Ran by Samuel (2015-08-22 16:12:11) Running from C:\Users\Samuel\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1834921579-1445137321-2227179606-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1834921579-1445137321-2227179606-503 - Limited - Disabled) Guest (S-1-5-21-1834921579-1445137321-2227179606-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1834921579-1445137321-2227179606-1003 - Limited - Enabled) Samuel (S-1-5-21-1834921579-1445137321-2227179606-1001 - Administrator - Enabled) => C:\Users\Samuel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Dropbox (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.1.0 - Telerik) Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version: - ) FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) join.me (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\JoinMe) (Version: 2.1.2.830 - LogMeIn, Inc.) JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 5.3.0 - JPEXS) Kodi (HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\Kodi) (Version: - XBMC-Foundation) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.17.9562 - SoftEther VPN Project) TakeOwnershipPro 1.6 (HKLM-x32\...\TakeOwnershipPro_is1) (Version: - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer) Unseen App version 0.2.5 (HKLM-x32\...\{5C349BCB-70DB-46DE-8E0E-F07A2B1C0B91}_is1) (Version: 0.2.5 - Unseen, ehf.) URL Helper (HKLM-x32\...\URL Helper_is1) (Version: - ) URL Snooper v2.38.01 (HKLM-x32\...\URLSnooper 2_is1) (Version: - DonationCoder.com) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - ) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Samuel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1834921579-1445137321-2227179606-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Samuel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-08-2015 17:01:49 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1229AB0E-951D-4361-BADA-035B13002D06} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001UA => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-30] (Dropbox, Inc.) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {2396120D-61ED-4772-A2FB-7AFA83B49687} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001Core => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-30] (Dropbox, Inc.) Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {508CC47C-DD56-411C-8D15-47F08D712AA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {73B24A3C-8EA6-4837-BA11-73EFDC9DD51C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {80F87A6A-01D8-4D2E-9FCF-13B2AB112A9B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {ED18191E-B423-4D95-B16D-E215477EFFCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001Core.job => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1834921579-1445137321-2227179606-1001UA.job => C:\Users\Samuel\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-08-01 16:04 - 2015-08-01 16:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-10 07:00 - 2015-07-10 07:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll 2015-08-18 21:12 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-08-06 23:47 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-06 23:47 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-06-02 11:18 - 2015-06-02 11:18 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll 2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll 2015-08-01 16:05 - 2015-08-01 16:05 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll 2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-12 07:09 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-08-12 07:09 - 2015-08-02 21:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-08-18 21:12 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-12 07:09 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-06-02 11:18 - 2015-06-02 11:18 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2015-08-20 21:16 - 2015-08-18 01:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll 2015-08-20 21:16 - 2015-08-18 01:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll 2015-08-22 16:06 - 2015-08-22 16:06 - 00071168 _____ () c:\users\samuel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_2f4s8.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00012800 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00779776 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 20:19 - 2015-08-05 16:49 - 00056320 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-05-30 14:10 - 2015-08-05 16:49 - 00012288 _____ () C:\Users\Samuel\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Samuel\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samuel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img4.jpg DNS Servers: 192.168.44.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk" HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceStream" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceUpdater" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "AceWebException" HKU\S-1-5-21-1834921579-1445137321-2227179606-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_50C8B1039103FA485FC53D268D547404" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [TCP Query User{BFC8C4AB-E797-41A7-8DB9-1EB59D079984}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{39914D0B-EC65-4EFE-BC7D-8E82E0DC3942}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/22/2015 04:06:44 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost (4952) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (08/22/2015 04:06:44 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost (4952) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8). Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 454) (User: ) Description: SettingSyncHost (4952) {760EBE9D-4BCD-4CF6-A240-85BD6AAAE340}: Database recovery/restore failed with unexpected error -1032. Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 454) (User: ) Description: SettingSyncHost (4952) {D069811A-FBDD-4BB0-9384-289A9B8D6A59}: Database recovery/restore failed with unexpected error -1216. Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 490) (User: ) Description: SettingSyncHost (4952) {760EBE9D-4BCD-4CF6-A240-85BD6AAAE340}: An attempt to open the file "C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 494) (User: ) Description: SettingSyncHost (4952) {D069811A-FBDD-4BB0-9384-289A9B8D6A59}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 490) (User: ) Description: SettingSyncHost (4952) {D069811A-FBDD-4BB0-9384-289A9B8D6A59}: An attempt to open the file "C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (08/22/2015 08:29:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/21/2015 11:54:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/21/2015 06:24:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (08/22/2015 04:08:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (08/22/2015 04:05:47 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (08/22/2015 08:30:17 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (08/22/2015 08:30:16 AM) (Source: DCOM) (EventID: 10010) (User: SAM) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Microsoft Office: ========================= Error: (08/22/2015 04:06:44 PM) (Source: ESENT) (EventID: 413) (User: ) Description: SettingSyncHost4952-1032 Error: (08/22/2015 04:06:44 PM) (Source: ESENT) (EventID: 488) (User: ) Description: SettingSyncHost4952C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 454) (User: ) Description: SettingSyncHost4952{760EBE9D-4BCD-4CF6-A240-85BD6AAAE340}: -1032 Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 454) (User: ) Description: SettingSyncHost4952{D069811A-FBDD-4BB0-9384-289A9B8D6A59}: -1216 Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 490) (User: ) Description: SettingSyncHost4952{760EBE9D-4BCD-4CF6-A240-85BD6AAAE340}: C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 494) (User: ) Description: SettingSyncHost4952{D069811A-FBDD-4BB0-9384-289A9B8D6A59}: -1216C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb Error: (08/22/2015 04:06:34 PM) (Source: ESENT) (EventID: 490) (User: ) Description: SettingSyncHost4952{D069811A-FBDD-4BB0-9384-289A9B8D6A59}: C:\Users\Samuel\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (08/22/2015 08:29:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen-2147023170 Error: (08/21/2015 11:54:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/21/2015 06:24:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAM) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 CodeIntegrity: =================================== Date: 2015-08-21 20:27:40.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:40.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:40.570 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:40.444 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:40.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:40.118 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:39.929 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:39.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:32.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-21 20:27:32.566 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 62% Total physical RAM: 4016.04 MB Available physical RAM: 1505.49 MB Total Virtual: 6192.04 MB Available Virtual: 3390.97 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:112.49 GB) (Free:51.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: D866EEE3) Partition: GPT. ==================== End of log ============================