Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01 Ran by Kapustaman (2016-06-23 20:33:18) Running from C:\Users\Kapustaman\Desktop Windows 10 Home Version 1511 (X64) (2016-04-10 12:39:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1626598932-1590900815-3097174469-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1626598932-1590900815-3097174469-503 - Limited - Disabled) Guest (S-1-5-21-1626598932-1590900815-3097174469-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1626598932-1590900815-3097174469-1003 - Limited - Enabled) Kapustaman (S-1-5-21-1626598932-1590900815-3097174469-1001 - Administrator - Enabled) => C:\Users\Kapustaman ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Blackboard Collaborate Launcher (HKLM-x32\...\{11BC8796-4F0D-4561-94EA-1571E28E9C2D}) (Version: 1.6.2.0 - Blackboard) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.) DTS Sound (HKLM-x32\...\{2C7A5AF4-1793-4B5A-89C0-021FB198EDE8}) (Version: 1.01.3900 - DTS, Inc.) Finale PrintMusic 2010 (HKLM-x32\...\Finale PrintMusic 2010) (Version: 15.0.1.1 - MakeMusic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation) Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.) TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.1.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.04.6403 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.15 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.0.32003 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1626598932-1590900815-3097174469-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {080C196E-3C96-44E1-999D-ABAE339F7662} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-19] (Adobe Systems Incorporated) Task: {0E64B680-0321-44BF-9B3A-B670D62F1569} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.) Task: {25144568-8B3F-4EC0-9B59-5B86871DC13E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {3E056BFD-1449-4646-81DF-2210FAFA12C7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated) Task: {4A8A8728-14A8-465A-BCB0-B99F28C6BAA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.) Task: {72E92FD3-E710-4632-9194-4339BB9C084F} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {8376D59B-4A74-4478-B14B-0EE2BC65C862} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-18] (AVAST Software) Task: {9687E1AA-73E2-486C-8BEB-292E77BA26F7} - System32\Tasks\SafeZone scheduled Autoupdate 1458726606 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {CBB847D4-7379-428D-AC9C-A15D7CFFE256} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24] (Realtek Semiconductor) Task: {D55F0C09-853F-4A8B-B6AD-EC7B437FDA6D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-20] (Microsoft Corporation) Task: {D72D283B-CB22-4E18-ABB5-98138B09703A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {DCEF6960-F667-4870-8796-2A96C9FEA46C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {E1368C04-FD4C-4231-A625-A5FC5E1F81AB} - System32\Tasks\avastBCLRestartS-1-5-21-1626598932-1590900815-3097174469-1001 => Chrome.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-06 17:26 - 2013-11-06 17:26 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2016-04-16 18:54 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-16 18:54 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-23 19:15 - 2016-05-23 19:15 - 00959168 _____ () C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-19 20:56 - 2016-05-27 22:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-19 20:57 - 2016-05-27 22:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-18 18:40 - 2016-04-18 18:40 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-10 02:13 - 2016-04-10 02:13 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 19:52 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-19 20:56 - 2016-05-27 22:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-19 20:56 - 2016-05-27 22:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-06-19 20:57 - 2016-05-27 22:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-10 02:12 - 2016-04-10 02:12 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-04-10 02:12 - 2016-04-10 02:12 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2015-10-30 02:17 - 2015-10-30 02:17 - 01813504 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll 2015-10-30 02:17 - 2015-10-30 02:17 - 00618496 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL 2016-06-18 21:24 - 2016-06-18 21:24 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-06-18 21:24 - 2016-06-18 21:24 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-23 18:35 - 2016-06-23 18:35 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062303\algo.dll 2016-06-18 21:24 - 2016-06-18 21:24 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-06-18 21:24 - 2016-06-18 21:24 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-04-18 18:40 - 2016-04-18 18:40 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 18:40 - 2016-04-18 18:40 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-05-23 19:14 - 2016-05-23 19:14 - 00679624 _____ () C:\Users\Kapustaman\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2015-12-11 21:33 - 2015-12-11 21:34 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-06-23 20:26 - 2016-06-23 20:26 - 00098816 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32api.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00110080 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\pywintypes27.dll 2016-06-23 20:26 - 2016-06-23 20:26 - 00364544 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\pythoncom27.dll 2016-06-23 20:26 - 2016-06-23 20:26 - 00320512 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32com.shell.shell.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00776704 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_hashlib.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 01176576 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._core_.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00806400 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._gdi_.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00816128 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._windows_.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 01067008 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._controls_.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00733184 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._misc_.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00682496 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\pysqlite2._sqlite.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00088064 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_ctypes.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00119808 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32file.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00108544 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32security.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00007168 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\hashobjs_ext.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00017920 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\thumbnails_ext.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00088064 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\usb_ext.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00012288 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\common.time34.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00018432 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32event.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00167936 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32gui.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00046080 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_socket.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 01208320 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_ssl.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00128512 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_elementtree.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00127488 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\pyexpat.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00038912 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32inet.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00036864 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_psutil_windows.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00525208 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\windows._lib_cacheinvalidation.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00011264 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32crypt.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00077312 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._html2.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00027136 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_multiprocessing.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00020480 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\_yappi.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00035840 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32process.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00686080 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\unicodedata.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00078848 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._animate.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00123392 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\wx._wizard.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00024064 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32pipe.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00010240 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\select.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00025600 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32pdh.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00017408 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32profile.pyd 2016-06-23 20:26 - 2016-06-23 20:26 - 00022528 ____R () C:\Users\Kapustaman\AppData\Local\Temp\_MEI59002\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1626598932-1590900815-3097174469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kapustaman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TSSSrv" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKLM\...\StartupApproved\Run32: => "TSVU" HKLM\...\StartupApproved\Run32: => "Adobe ARM" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 10-04-2016 13:40:09 Windows Update 16-04-2016 20:31:28 Windows Update 16-04-2016 20:33:00 Windows Update 12-05-2016 18:24:44 Windows Update 12-05-2016 18:26:07 Windows Update 07-06-2016 12:56:58 Installed Blackboard Collaborate Launcher 20-06-2016 00:27:05 Windows Update 20-06-2016 00:29:17 Windows Update 23-06-2016 19:50:29 Restore Point Created by FRST 23-06-2016 20:08:47 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/23/2016 08:10:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.420, time stamp: 0x57491bcb Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x56fa0e13 Exception code: 0xc0000005 Fault offset: 0x00000000000782c7 Faulting process id: 0x1008 Faulting application start time: 0xMicrosoftEdge.exe0 Faulting application path: MicrosoftEdge.exe1 Faulting module path: MicrosoftEdge.exe2 Report Id: MicrosoftEdge.exe3 Faulting package full name: MicrosoftEdge.exe4 Faulting package-relative application ID: MicrosoftEdge.exe5 Error: (06/23/2016 08:09:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/23/2016 07:50:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/23/2016 07:50:27 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {edd43193-5abc-4f5a-a915-a886af0a70e0} Error: (06/23/2016 07:28:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5188 Error: (06/23/2016 07:28:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5188 Error: (06/23/2016 07:28:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/23/2016 07:27:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KAPUSTALINI) Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/23/2016 07:27:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Kapustalini.local already in use; will try Kapustalini-2.local instead Error: (06/23/2016 07:27:14 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Kapustalini.local. Addr 192.168.1.109 System errors: ============= Error: (06/23/2016 08:34:04 PM) (Source: DCOM) (EventID: 10010) (User: KAPUSTALINI) Description: CortanaPlaces.PlaceStore Error: (06/23/2016 08:28:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (06/23/2016 08:24:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: %%3 = The system cannot find the path specified. Error: (06/23/2016 08:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_33f54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/23/2016 08:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_33f54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/23/2016 08:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_33f54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/23/2016 08:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_33f54 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/23/2016 08:24:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/23/2016 08:23:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/23/2016 08:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-06-20 06:11:11.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 00:31:34.433 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-28 07:24:01.104 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-15 05:53:05.238 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-13 01:53:26.460 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 18:27:11.915 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-07 05:37:34.157 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 08:01:49.735 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 05:44:19.876 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-16 20:35:52.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2820 @ 2.13GHz Percentage of memory in use: 51% Total physical RAM: 3979.19 MB Available physical RAM: 1937.86 MB Total Virtual: 4683.19 MB Available Virtual: 2483.68 MB ==================== Drives ================================ Drive c: (TI10686800A) (Fixed) (Total:455.38 GB) (Free:320.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================