Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016 Ran by oliver (2016-05-20 12:34:06) Running from C:\Users\oliver\Downloads Windows 8.1 Single Language (X64) (2014-10-20 08:34:12) Boot Mode: Normal ==================== Accounts: ============================= Administrator (S-1-5-21-2472899907-1604452211-935407213-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2472899907-1604452211-935407213-501 - Limited - Disabled) oliver (S-1-5-21-2472899907-1604452211-935407213-1001 - Administrator - Enabled) => C:\Users\oliver ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2472899907-1604452211-935407213-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 3G Voice Modem (HKLM-x32\...\InstallShield_{3A59AA92-8BAC-4795-B17A-5535ED4AA9FA}) (Version: 1.0 - 3G Voice) 3G Voice Modem (x32 Version: 1.0 - 3G Voice) Hidden Adobe Reader XI (11.0.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.0.0.125 - Symantec Corporation) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) SafeFinder (HKLM-x32\...\{D05C2B68-CF99-4650-8AAC-6B50311C42A3}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden SMADAV version 9.7.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 9.7.1 - SmadSoft) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.1.0000 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden WinRAR 4.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0282E1DB-AAF6-424A-9B54-45C0B4B6DED1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-05-16] (AVAST Software) Task: {1EFDBA56-8536-4943-ADB7-7B7A83133094} - System32\Tasks\WenessUpdateTaskMachineUA => C:\Program Files (x86)\Weness\Update\WenessUpdate.exe [2016-05-18] () Task: {21E2C840-A3A3-4435-9F8A-3FDCE35B4E0E} - System32\Tasks\TOSHIBA\HotKeysCmds => C:\Windows\system32\hkcmd.exe [2013-08-31] (Intel Corporation) Task: {2A7CB8FC-8068-43D7-AF95-54309E3F0E82} - System32\Tasks\psv_Opecof => /c regedit.exe /s "C:\ProgramData\Quoteex\Opencof.reg" & del "C:\ProgramData\Quoteex\Opencof.reg" & SCHTASKS /Delete /TN "psv_Opecof" /F <==== ATTENTION Task: {31D5CE8E-CD48-4A3F-9762-A9CAC96FCCD1} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23] (TOSHIBA) Task: {3979DD4E-4337-4E45-81B4-BC2E49630CE5} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\52F9E1B7CA6F85B715B73EC4BC1A792F\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION Task: {412F8ADD-C15F-45AF-B0F2-58718FA64CCA} - System32\Tasks\psv_Tresdomcof => /c regedit.exe /s "C:\ProgramData\Quoteex\Tan-Hold.reg" & del "C:\ProgramData\Quoteex\Tan-Hold.reg" & SCHTASKS /Delete /TN "psv_Tresdomcof" /F <==== ATTENTION Task: {495E3F97-7B83-4F5C-BF3D-9AD70267C6D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-16] (Microsoft Corporation) Task: {5126289F-2572-4E03-A196-D94C5C833BC4} - System32\Tasks\psv_Zaamsonzap => /c regedit.exe /s "C:\ProgramData\Quoteex\Zumin.reg" & del "C:\ProgramData\Quoteex\Zumin.reg" & SCHTASKS /Delete /TN "psv_Zaamsonzap" /F <==== ATTENTION Task: {5C4C6110-9EE4-4C06-8924-F039FB97128D} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: ) Task: {681D84BE-6314-4B16-A2EA-2BC39342FCEC} - System32\Tasks\TOSHIBA\TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [2013-08-21] (TOSHIBA Corporation) Task: {73FC3073-E28C-487E-B3AB-48A7AF63712A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation) Task: {775C893C-0EF6-46E2-BC1C-AA6BBAF9CFB6} - System32\Tasks\WenessUpdateTaskMachineCore => C:\Program Files (x86)\Weness\Update\WenessUpdate.exe [2016-05-18] () Task: {981BC066-930D-462F-92CE-2A02D76B7AEE} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2013-08-13] (TOSHIBA Corporation) Task: {9C521EEC-58B6-4550-875D-825AF4D00AFD} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {9F33B46A-AC92-4E96-8534-B7D4D54E4115} - System32\Tasks\TOSHIBA\IgfxTray => C:\Windows\system32\igfxtray.exe [2013-08-31] (Intel Corporation) Task: {A7B5EB2D-87AF-4F53-9E41-9E904E432B95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-05-16] (Microsoft Corporation) Task: {C59BE6D5-F47E-418B-9CFF-85B2B5B5396F} - System32\Tasks\psv_Faxdom => /c regedit.exe /s "C:\ProgramData\Quoteex\SuperIt.reg" & del "C:\ProgramData\Quoteex\SuperIt.reg" & SCHTASKS /Delete /TN "psv_Faxdom" /F <==== ATTENTION Task: {C608F8E3-75B2-4FB2-AA7D-1BE342D8E709} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated) Task: {E33D88D4-11E3-4789-BF91-D22C3F6666D6} - System32\Tasks\TOSHIBA\Persistence => C:\Windows\system32\igfxpers.exe [2013-08-31] (Intel Corporation) Task: {E4946166-F007-483B-A95B-FDAFBC02AA97} - System32\Tasks\psv_Goodfresh => /c regedit.exe /s "C:\ProgramData\Quoteex\Dontech.reg" & del "C:\ProgramData\Quoteex\Dontech.reg" & SCHTASKS /Delete /TN "psv_Goodfresh" /F <==== ATTENTION Task: {EB28C38A-99FD-4ABB-853D-11CB19A3EB9C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor) Task: {EDB3CE4E-3310-41A7-9948-FD373CD7E29E} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {EE60AC5C-03E6-4717-906A-C52AC8A17183} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2014-03-12] (Smadsoft) Task: {EFFABD5C-0465-4EB5-83F9-00CF770ADCBF} - System32\Tasks\psv_Duolab => /c regedit.exe /s "C:\ProgramData\Quoteex\Triseco.reg" & del "C:\ProgramData\Quoteex\Triseco.reg" & SCHTASKS /Delete /TN "psv_Duolab" /F <==== ATTENTION Task: {F20B3C8B-A3EE-4310-8515-ECAD479B2D4C} - System32\Tasks\Tawesh Helper => C:\Program Files (x86)\Tawesh\twsHlpTsk.exe [2016-05-12] () <==== ATTENTION Task: {F661E3BE-4142-489B-BC8E-CF71EDF29E56} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {FEEC7355-F4C2-46CD-8E73-1B2959446EE5} - System32\Tasks\TOSHIBA\TCrdMain => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2013-08-17] (TOSHIBA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\oliver\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Weness\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\oliver\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Weness\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Weness\Application\chrome.exe (Google Inc.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-18 09:44 - 2016-05-18 06:37 - 00365440 _____ () C:\ProgramData\Weness\Weness.exe 2016-03-03 21:18 - 2011-12-07 12:40 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2012-02-22 14:31 - 2012-02-22 14:31 - 00233472 _____ () C:\Program Files (x86)\3G Voice Modem\HSPALauncher.exe 2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2013-08-13 04:52 - 2013-08-13 04:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2013-08-22 09:19 - 2013-08-22 08:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2013-08-22 21:13 - 2013-08-22 21:13 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00054784 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Globalization.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00020480 _____ () C:\WINDOWS\system32\WinMetadata\Windows.System.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00096256 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Storage.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00134144 _____ () C:\WINDOWS\system32\WinMetadata\Windows.ApplicationModel.winmd 2014-04-12 00:20 - 2014-04-12 00:34 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2013-08-22 21:13 - 2013-08-22 21:13 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe\Sqlite3.dll 2016-05-11 22:06 - 2016-05-11 22:06 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00066560 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Security.winmd 2014-04-12 00:20 - 2014-04-12 00:34 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe\SqliteWrapper.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00112640 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Networking.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00093696 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Web.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00169472 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Devices.winmd 2016-05-13 23:13 - 2016-05-13 23:13 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\zlib.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll 2016-05-13 23:13 - 2016-05-13 23:13 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll 2016-05-13 23:13 - 2016-05-13 23:13 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll 2016-05-13 23:17 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll 2016-05-13 23:12 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00169152 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll 2016-05-13 23:13 - 2016-05-13 23:13 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TavPedc.dll 2013-11-12 01:43 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-05-13 23:13 - 2016-05-13 23:13 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xImage.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\GF.dll 2016-05-13 23:13 - 2016-05-13 23:13 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libpng.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00083136 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00337088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll 2016-05-13 23:12 - 2016-05-13 23:12 - 00251072 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2016-05-18 09:44 - 2016-05-18 06:37 - 01708416 _____ () C:\Program Files (x86)\Weness\Application\libglesv2.dll 2016-05-18 09:44 - 2016-05-18 06:37 - 00080256 _____ () C:\Program Files (x86)\Weness\Application\libegl.dll 2016-05-18 09:44 - 2016-05-18 06:37 - 17530752 _____ () C:\Program Files (x86)\Weness\Application\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-05-20 09:59 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2472899907-1604452211-935407213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oliver\Desktop\2015 Jan -Mar\2015 Photoz\20150816_141156.jpg DNS Servers: 168.210.2.2 - 196.14.239.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{AFA7664F-4339-4BFF-BEA5-E4348581EA7F}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FC6104F-5332-4C91-B6F9-865E9ED9A7DB}] => (Allow) C:\Users\oliver\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2991F92C-F468-4A74-8C63-B231ADA46514}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{8F9E0023-9C48-4536-A04B-2B81667B9012}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{3693C593-2BCB-4353-B1DA-3CF65A170CAA}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{286332D7-CAFA-4DC1-AD56-C19A5CC5DC4E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{9EF185E1-B126-4718-B7FC-AAA0B4BADD16}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{A6794C50-F486-4611-B3F9-F08E2BE1CD77}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{29E6EA8B-2EE2-4AB6-B4D9-98F656DE21F3}] => (Allow) LPort=4481 FirewallRules: [{A3E5BB69-CD2F-4054-80A6-2CD4148B492D}] => (Allow) LPort=4481 FirewallRules: [{28D15ECE-0217-476C-95FD-48B398B08C95}] => (Allow) LPort=4482 FirewallRules: [{4AC3ACA7-6174-4851-840A-5411A0DB2F63}] => (Allow) LPort=4482 FirewallRules: [{5063CBF1-D5FE-4F16-972D-3D8A7B9ABEE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F3984F31-D74F-4D54-BE56-4B973327C5C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{CA2530F3-785D-42F6-9D2A-3D6B96CCC625}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{F6AC9B01-1EFD-40BA-8EA8-3A72D0C89CB4}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{7AAD88D3-89A9-4BB5-8436-0329BEDBE951}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe FirewallRules: [{2901F26E-F099-4876-AB35-91F5B26262DC}] => (Allow) C:\Users\oliver\AppData\Local\Temp\113257328\download\MiniThunderPlatform.exe FirewallRules: [{82D9C473-2D97-428C-A409-EBB198731E9C}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{52D109BA-1C48-4DAA-A7EC-D00F820D3AFB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCmgrInstallGuide.exe FirewallRules: [{FF5B06E8-21DC-4CF4-9158-81AD115A2475}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{491FCB4C-B249-4025-8CB4-EE4000CFE774}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe FirewallRules: [{347195AA-E229-4564-BEF4-517A0F0C0409}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCMgr.exe FirewallRules: [{CC677246-B20D-49B7-B32E-909BBC09A4AF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe FirewallRules: [{CE8B7490-A48E-4A24-8D15-C3C7087CA891}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe FirewallRules: [{9607B9A9-9A66-414A-8CE0-EE542240469D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\bugreport.exe FirewallRules: [{44F2C5E0-DBF0-4EF4-8386-679FC9198D27}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCFileOpen.exe FirewallRules: [{63890222-C44E-413A-8A3C-9C7B35F63D67}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe FirewallRules: [{6D3FB261-2114-4A99-9D68-7390B82742D9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPConfig.exe FirewallRules: [{2A9CE69E-F549-4049-8CC1-E5357914951B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftMgr.exe FirewallRules: [{D7F9DD3F-EF99-4A3B-A8E8-DB696C6682F8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{32971A39-B97D-48B1-9230-8E7E713024B9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCBTU.exe FirewallRules: [{DEF4880F-337F-4A32-9BC9-39705962CEBB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCClinic.exe FirewallRules: [{9B6754D9-BFE0-4C5A-9B9E-9E7D1E99BBD6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLaunch.exe FirewallRules: [{74DDF6E6-EEFE-4FE5-B55C-4BA6C7AE4526}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{12BD19D5-8906-419A-85A8-41928D8E5CEE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftGame.exe FirewallRules: [{E9E447E5-F41D-409D-BB1B-912C1BF94A3C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSysOptimize.exe FirewallRules: [{4CDA80AF-9E28-41A0-9B82-8C4B8D0DC7DB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCUpdateAVLib.exe FirewallRules: [{48EA8908-D563-4370-9117-DCBFAE38EB66}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQRepair.exe FirewallRules: [{6366A041-76E0-4A70-AC11-C85C4FE088E9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\Uninst.exe FirewallRules: [{5F58CE07-55EC-445A-9686-1F2AD2D38983}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCPatch.exe FirewallRules: [{B872AAC2-A9B0-4CA3-BE02-DCE0256A32C5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TpkUpdate.exe FirewallRules: [{28FA86E9-6646-4A29-8F72-26A0CFA0DCD6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMRouterMgr.exe FirewallRules: [{47005EFD-8E05-428B-8062-21198CB5143B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAccountProtection.exe FirewallRules: [{EDACF653-D870-42D2-A1C0-6FAD88B07037}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAdBlock.exe FirewallRules: [{AD563E48-9E59-4538-8BE8-2688FBBFF20F}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe FirewallRules: [{D7C74366-A051-41F7-9E0C-D63025416878}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe FirewallRules: [{C2D35217-18D0-466A-A347-E2CB4EC7EF94}] => (Allow) C:\Program Files (x86)\Weness\Update\WenessUpdate.exe FirewallRules: [{F9024118-639E-4682-BA33-9EA7328E342A}] => (Allow) C:\Program Files (x86)\Weness\Application\chrome.exe FirewallRules: [{745C808F-7CE7-48E6-A3BC-EEC01EF33F49}] => (Allow) C:\ProgramData\Weness\Weness.exe ==================== Restore Points ========================= 16-05-2016 19:35:50 avast! antivirus system restore point 18-05-2016 17:46:36 avast! antivirus system restore point 20-05-2016 10:03:24 Installed AVG 2016 20-05-2016 10:04:11 Installed AVG ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2016 11:35:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY) Description: There was an error communicating to the Orion DCS server Error: (05/20/2016 10:44:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WenessUpdate.exe, version: 1.0.0.1, time stamp: 0x573bf19e Faulting module name: WenessUpdate.exe, version: 1.0.0.1, time stamp: 0x573bf19e Exception code: 0xc0000409 Fault offset: 0x0004497a Faulting process id: 0x17a0 Faulting application start time: 0xWenessUpdate.exe0 Faulting application path: WenessUpdate.exe1 Faulting module path: WenessUpdate.exe2 Report Id: WenessUpdate.exe3 Faulting package full name: WenessUpdate.exe4 Faulting package-relative application ID: WenessUpdate.exe5 Error: (05/20/2016 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Toshiba) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xE0010054): Driver installation failed Error: (05/20/2016 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: Toshiba) Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xE0010054): Driver installation failed Error: (05/20/2016 09:49:22 AM) (Source: VMCService) (EventID: 0) (User: ) Description: GetLoggedOnUser Error: (05/20/2016 09:49:20 AM) (Source: VMCService) (EventID: 0) (User: ) Description: GetLoggedOnUser Error: (05/19/2016 09:59:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreshPaint.exe, version: 2.0.15133.1, time stamp: 0x568eb2f4 Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6792 Exception code: 0xc000027b Fault offset: 0x00121311 Faulting process id: 0x9e8 Faulting application start time: 0xFreshPaint.exe0 Faulting application path: FreshPaint.exe1 Faulting module path: FreshPaint.exe2 Report Id: FreshPaint.exe3 Faulting package full name: FreshPaint.exe4 Faulting package-relative application ID: FreshPaint.exe5 Error: (05/19/2016 06:59:41 PM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (05/19/2016 06:54:50 PM) (Source: MsiInstaller) (EventID: 1018) (User: Toshiba) Description: The application 'Kaspersky Internet Security 2012' cannot be installed because it is not compatible with this version of Windows. Contact the application vendor for an update. Error: (05/19/2016 05:33:49 PM) (Source: VMCService) (EventID: 0) (User: ) Description: GetLoggedOnUser System errors: ============= Error: (05/20/2016 11:57:09 AM) (Source: DCOM) (EventID: 10010) (User: Toshiba) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/20/2016 11:56:39 AM) (Source: DCOM) (EventID: 10010) (User: Toshiba) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/20/2016 11:42:03 AM) (Source: DCOM) (EventID: 10016) (User: Toshiba) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToshibaoliverS-1-5-21-2472899907-1604452211-935407213-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257 Error: (05/20/2016 11:41:03 AM) (Source: DCOM) (EventID: 10016) (User: Toshiba) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ToshibaoliverS-1-5-21-2472899907-1604452211-935407213-1001LocalHost (Using LRPC)Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbweS-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257 Error: (05/20/2016 10:46:56 AM) (Source: Schannel) (EventID: 4116) (User: Toshiba) Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (05/20/2016 10:46:56 AM) (Source: Schannel) (EventID: 4120) (User: Toshiba) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (05/20/2016 10:41:14 AM) (Source: Schannel) (EventID: 4116) (User: Toshiba) Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (05/20/2016 10:41:14 AM) (Source: Schannel) (EventID: 4120) (User: Toshiba) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (05/20/2016 10:35:37 AM) (Source: Schannel) (EventID: 4116) (User: Toshiba) Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (05/20/2016 10:35:37 AM) (Source: Schannel) (EventID: 4120) (User: Toshiba) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. CodeIntegrity: =================================== Date: 2016-05-10 17:35:15.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-28 20:01:23.310 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-24 22:48:43.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-19 10:39:53.298 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-11 11:03:19.304 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz Percentage of memory in use: 66% Total physical RAM: 3975.27 MB Available physical RAM: 1322.96 MB Total Virtual: 8071.27 MB Available Virtual: 5259.03 MB ==================== Drives ================================ Drive c: (TI31142400B) (Fixed) (Total:454.84 GB) (Free:207.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================