Hello Geeks,
My son's laptop seemed to have some malware despite my having installed MAB. I ran a scan and it cleaned up a bunch, but I wanted to post the logs here from FRST64 because Chrome seemed to have been attacked. Please let me know if we're good to go now. He had many issues of it running slowly, freezing, mouse / touchpad freezing (I found that it got switched to "disable" twice by itself somehow).
So without further delay, here are my scan logs...
TIA,
Adam
000000000000000000000000000
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015
Ran by adami_000 (administrator) on MAXROSENFELD (28-10-2015 21:57:39)
Running from C:\Users\adami_000\Desktop
Loaded Profiles: adami_000 (Available Profiles: adami_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Toshiba\TOSHIBA System Driver\TOSTABSYSSVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\adami_000\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
Startup: C:\Users\adami_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2B081AA9-3B6C-428F-99B9-75FB8DDA31D7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB8F5A40-DF39-4564-97BF-9485A6FE679E}: [DhcpNameServer] 192.168.168.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {105EC9BF-C5FC-429A-80DA-B7D7AAFD3C20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> {0C181DD7-EC66-11E4-826C-D61CB079928F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> {105EC9BF-C5FC-429A-80DA-B7D7AAFD3C20} URL =
SearchScopes: HKU\S-1-5-21-1190642625-1873434813-491721638-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-18] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-12-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-12-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Gmail) - C:\Users\adami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe [121856 2014-07-15] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21816 2014-08-26] ()
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [34680 2014-08-01] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-15] (RaMMicHaeL)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\ProgramData\McAfee\Update\Installs\pkg_default\Download_Files\default\vso\vso_li_cat\%VSINSTALL_DIR64%\mcods.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70104 2013-07-08] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-09-05] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3560664 2014-09-05] (Realtek Semiconductor Corporation )
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows ® Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-28 21:57 - 2015-10-28 21:58 - 00017162 _____ C:\Users\adami_000\Desktop\FRST.txt
2015-10-28 21:55 - 2015-10-28 21:57 - 00000000 ____D C:\FRST
2015-10-28 21:54 - 2015-10-28 21:54 - 02197504 _____ (Farbar) C:\Users\adami_000\Downloads\FRST64 (2).exe
2015-10-28 21:54 - 2015-10-28 21:54 - 02197504 _____ (Farbar) C:\Users\adami_000\Desktop\FRST64 (1).exe
2015-10-28 21:52 - 2015-10-28 21:52 - 02197504 _____ (Farbar) C:\Users\adami_000\Downloads\FRST64.exe
2015-10-28 21:16 - 2015-10-28 21:16 - 06341384 _____ (ParetoLogic Inc.) C:\Users\adami_000\Downloads\PCHASetup.exe
2015-10-15 16:54 - 2015-09-29 08:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-15 16:54 - 2015-09-29 08:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-15 16:54 - 2015-09-29 08:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-15 16:54 - 2015-09-29 08:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-15 16:54 - 2015-09-29 08:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-15 16:54 - 2015-09-24 12:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-15 16:54 - 2015-09-24 12:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-15 16:54 - 2015-08-26 22:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-15 16:54 - 2015-08-26 22:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-15 16:54 - 2015-08-07 17:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-15 16:54 - 2015-08-07 17:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-15 16:53 - 2015-09-10 14:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-15 16:53 - 2015-09-10 13:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-15 16:53 - 2015-09-10 13:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-15 16:53 - 2015-09-10 13:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-15 16:53 - 2015-09-10 13:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-15 16:53 - 2015-09-10 13:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-15 16:53 - 2015-09-10 13:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-15 16:53 - 2015-09-10 13:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-15 16:53 - 2015-09-10 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-15 16:53 - 2015-09-10 12:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-15 16:53 - 2015-09-10 12:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-15 16:53 - 2015-09-10 12:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-15 16:53 - 2015-09-10 12:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-15 16:53 - 2015-09-10 12:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-15 16:53 - 2015-09-10 12:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-15 16:53 - 2015-09-10 12:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-15 16:53 - 2015-09-10 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-15 16:53 - 2015-09-10 12:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-15 16:53 - 2015-09-10 12:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-15 16:53 - 2015-09-10 12:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-15 16:53 - 2015-09-10 12:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-15 16:53 - 2015-09-10 12:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-15 16:53 - 2015-09-10 12:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-15 16:53 - 2015-09-10 12:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-15 16:53 - 2015-09-10 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-15 16:53 - 2015-09-10 12:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-15 16:53 - 2015-09-10 12:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-15 16:53 - 2015-09-10 12:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-15 16:53 - 2015-09-10 12:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-15 16:53 - 2015-09-10 11:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-15 16:53 - 2015-09-10 11:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-15 16:53 - 2015-09-10 11:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-15 16:53 - 2015-09-10 11:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-15 16:53 - 2015-09-10 11:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-15 16:53 - 2015-09-10 11:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-15 16:53 - 2015-09-10 11:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-15 16:53 - 2015-09-10 11:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-15 16:53 - 2015-09-10 11:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-15 16:53 - 2015-09-10 11:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-15 16:51 - 2015-09-29 08:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-15 16:51 - 2015-09-28 14:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-15 16:51 - 2015-09-28 14:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-15 16:51 - 2015-09-28 14:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-15 16:51 - 2015-09-28 14:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-15 16:51 - 2015-09-28 14:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-15 16:51 - 2015-09-28 14:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-15 16:51 - 2015-09-28 14:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-15 16:51 - 2015-09-28 14:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-15 16:51 - 2015-09-28 14:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-15 16:51 - 2015-09-28 14:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-15 16:51 - 2015-09-28 14:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-28 21:55 - 2014-12-22 08:52 - 02071940 _____ C:\Windows\WindowsUpdate.log
2015-10-28 21:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-28 21:34 - 2015-04-18 16:35 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1190642625-1873434813-491721638-1001
2015-10-28 21:31 - 2015-09-17 16:25 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 21:30 - 2015-05-18 14:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-28 21:30 - 2015-04-18 16:52 - 00000000 __RDO C:\Users\adami_000\OneDrive
2015-10-28 21:29 - 2015-09-17 16:25 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-28 21:28 - 2014-03-18 05:44 - 00497688 _____ C:\Windows\PFRO.log
2015-10-28 21:28 - 2013-08-22 10:46 - 00047331 _____ C:\Windows\setupact.log
2015-10-28 21:28 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-28 21:27 - 2014-12-22 09:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-28 21:27 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-10-28 21:26 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-28 21:24 - 2015-04-19 07:27 - 00000000 ____D C:\Users\adami_000\AppData\Roaming\Skype
2015-10-28 21:21 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
2015-10-28 20:54 - 2015-04-21 19:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-28 20:35 - 2015-05-18 14:45 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-28 20:35 - 2015-05-18 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-28 20:35 - 2015-05-18 14:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-28 10:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-28 10:11 - 2015-04-18 16:24 - 00000000 ____D C:\Users\adami_000
2015-10-28 09:45 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-16 00:51 - 2013-08-22 11:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 00:51 - 2013-08-22 11:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 16:28 - 2015-05-22 20:39 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-05 09:50 - 2015-05-18 14:45 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-05-18 14:45 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-05-18 14:45 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-04 17:14 - 2015-04-18 16:29 - 00000000 ____D C:\Users\adami_000\AppData\Local\Packages
2015-10-01 16:52 - 2015-04-18 19:13 - 00000000 ____D C:\Users\adami_000\Desktop\other computer files
==================== Files in the root of some directories =======
2014-12-22 09:01 - 2014-12-22 09:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-22 09:29 - 2014-12-22 09:29 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-28 09:54
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-10-2015
Ran by adami_000 (2015-10-28 21:59:34)
Running from C:\Users\adami_000\Desktop
Windows 8.1 (X64) (2015-04-18 20:28:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
adami_000 (S-1-5-21-1190642625-1873434813-491721638-1001 - Administrator - Enabled) => C:\Users\adami_000
Administrator (S-1-5-21-1190642625-1873434813-491721638-500 - Administrator - Disabled)
Guest (S-1-5-21-1190642625-1873434813-491721638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1190642625-1873434813-491721638-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bRowseandshop (HKLM-x32\...\{B54A674B-5B6E-A4E6-4E71-FB7182E9D18F}) (Version: - "") <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5501 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
DTS Sound (HKLM-x32\...\{85D86047-2FD3-47D5-88E5-D0255903533F}) (Version: 1.01.9500 - DTS, Inc.)
FarmVille 2 (HKU\S-1-5-21-1190642625-1873434813-491721638-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IMG inspector (HKLM-x32\...\{BDA14B0B-4672-3ABF-B189-A5958FE3A42F}) (Version: - "") <==== ATTENTION
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LightningDownloader (HKLM-x32\...\{0F44DC3H-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - LightningDownloader)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.32.2014.0722 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.32.2014.0722 - REALTEK Semiconductor Corp) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7329 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0003 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0003 - REALTEK Semiconductor Corp.) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.8.2 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.3 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B9A67DC9-EAD3-4B87-B733-F2BA28F0D68E}) (Version: 1.2.4.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.10.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.01.56006006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0041 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.5.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unchecky v0.4 (HKLM-x32\...\Unchecky) (Version: 0.4 - RaMMicHaeL)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
20-09-2015 18:43:16 Windows Update
27-09-2015 16:20:30 Windows Update
28-10-2015 09:55:10 Windows Update
28-10-2015 20:38:17 Chrome Cleanup Tool
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2015-10-28 21:29 - 00003195 ____A C:\Windows\system32\Drivers\etc\hosts
⌠䍯灹物杨琠⡣⤠ㄹ㤳ⴲ〰㤠䵩捲潳潦琠䍯牰⸍ਣഊ⌠周楳猠愠獡浰汥⁈体呓楬攠畳敤礠䵩捲潳潦琠呃倯䥐潲⁗楮摯睳⸍ਣഊ⌠周楳楬攠捯湴慩湳⁴桥慰灩湧猠潦⁉倠慤摲敳獥猠瑯潳琠湡浥献⁅慣栍ਣ湴特桯畬搠扥数琠潮渠楮摩癩摵慬楮攮⁔桥⁉倠慤摲敳猠獨潵汤ഊ⌠扥⁰污捥搠楮⁴桥楲獴潬畭渠景汬潷敤礠瑨攠捯牲敳灯湤楮朠桯獴慭攮ഊ⌠周攠䥐摤牥獳湤⁴桥潳琠湡浥桯畬搠扥数慲慴敤礠慴敡獴湥ഊ⌠獰慣攮ഊ⌍ਣ⁁摤楴楯湡汬礬潭浥湴猠⡳畣栠慳⁴桥獥⤠浡礠扥湳敲瑥搠潮湤楶楤畡氍ਣ楮敳爠景汬潷楮朠瑨攠浡捨楮攠湡浥敮潴敤礠愠✣✠獹浢潬⸍ਣഊ⌠䙯爠數慭灬攺ഊ⌍ਣ†††㈮㔴⸹㐮㤷††桩湯捭攮捯洠††††‣潵牣攠獥牶敲ഊ⌠†††㌸⸲㔮㘳⸱〠††砮慣浥潭†††††††⌠砠捬楥湴潳琍ਣ潣慬桯獴慭攠牥獯汵瑩潮猠桡湤汥搠睩瑨楮⁄乓瑳敬昮ഊ⌉ㄲ㜮〮〮ㄠ†††汯捡汨潳琍ਣऺ㨱††††††潣慬桯獴ഊ
ਣ⁵湣桥捫祟扥杩渍ਣ⁔桥獥畬敳⁷敲攠慤摥搠批⁴桥⁕湣桥捫礠灲潧牡洠楮牤敲⁴漠扬潣欠慤癥牴楳楮朠獯晴睡牥潤畬敳ഊ〮〮〮〠〮〮〮〠⌠晩砠景爠瑲慣敲潵瑥湤整獴慴楳灬慹湯浡汹ഊ〮〮〮〠瑲慣歩湧灥湣慮摹潭㌮慭慺潮慷献捯洍ਰ⸰⸰⸰敤楡灥湣慮摹潭ഊ〮〮〮〠捤渮潰敮捡湤礮捯洍ਰ⸰⸰⸰⁴牡捫楮朮潰敮捡湤礮捯洍ਰ⸰⸰⸰灩灥湣慮摹潭ഊ〮〮〮〠慰椮牥捯浭敮摥摳眮捯洍ਰ⸰⸰⸰湳瑡汬敲整瑥物湳瑡汬敲潭ഊ〮〮〮〠楮獴慬汥爮晩汥扵汬摯朮捯洍ਰ⸰⸰⸰㍯硴渱砳戸搷椮捬潵摦牯湴整ഊ〮〮〮〠楮湯楳牶潭ഊ〮〮〮〠湳楳楳牶潭ഊ〮〮〮〠捤渮晩汥㉤敳歴潰潭ഊ〮〮〮〠捤渮杯慴敡獴捡捨猍ਰ⸰⸰⸰摮畴瑡獴慴摫猍ਰ⸰⸰⸰摮湳歩湭敤楡潭ഊ〮〮〮〠捤渮楮獴愮潩扵湤汥猲潭ഊ〮〮〮〠捤渮楮獴愮灬慹扲祴攮捯洍ਰ⸰⸰⸰摮汯来瑦慳瑣慣栮畳ഊ〮〮〮〠捤渮浯湴楥牡潭ഊ〮〮〮〠捤渮浳摷湬搮捯洍ਰ⸰⸰⸰摮祰换慣歵瀮捯洍ਰ⸰⸰⸰摮灤潷湬潡搮捯洍ਰ⸰⸰⸰摮楣敡瑥慳瑣慣栮畳ഊ〮〮〮〠捤渮獨祡灯瑡瑯猍ਰ⸰⸰⸰摮潬業扡潭ഊ〮〮〮〠捤渮瑵瑯㑰挮捯洍ਰ⸰⸰⸰摮灰牯畮搮扩稍ਰ⸰⸰⸰摮楧獰敥摰牯潭ഊ〮〮〮〠捤渮扩獰搮捯洍ਰ⸰⸰⸰摮楳牶潭ഊ〮〮〮〠捤渮捤湤瀮捯洍ਰ⸰⸰⸰摮潷湬潡搮獷敥瑰慣歳潭ഊ〮〮〮〠捤渮摰摯睮汯慤潭ഊ〮〮〮〠捤渮癩獵慬扥攮湥琍ਣ⁵湣桥捫祟敮損
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {172637BE-1FB7-4F9A-A68C-18D2310AD12D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-08-14] (Realtek Semiconductor)
Task: {18E4AA4F-15CE-41E6-8165-8F35934CB331} - \avabvbavad -> No File <==== ATTENTION
Task: {3688301E-B7D9-42CA-9DA7-1129F533082B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2014-08-26] ()
Task: {3DF6F529-47E4-428B-989E-59DABE59180A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4CA8CEA1-CA7C-4FD7-8986-E6E7ED434057} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-12] (Synaptics Incorporated)
Task: {516614EF-A98F-4B2E-9111-025773E70CD5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {5217491F-C40D-4096-91AA-EFA8AC22244C} - \{1C034622-AC42-44C3-806D-C4B5EA6CBDEC} -> No File <==== ATTENTION
Task: {5F2FE496-9AC2-4A3B-A98F-E94352A444CC} - System32\Tasks\PostPoneInstall => C:\Users\ADAMI_~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {66643637-79A1-4F64-886E-B97F1D2DBEC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {8FD63B8E-A5DD-47C8-B749-CE9C419CC501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {B2E8BE22-B1E2-476F-894F-DF6B3C0F3AD0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {BB832825-029E-4663-A2DA-3E279FB41DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {CA87409D-365F-4AA5-8AF6-CD97FFE5B41A} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {D97DB3A7-0DDF-4662-8ADD-A8F2E04104F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-03-27 16:53 - 2013-03-27 16:53 - 00163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2015-03-20 21:12 - 2015-03-20 21:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-15 23:44 - 2014-07-15 23:44 - 00121856 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter Driver Package\BTDevMgr.exe
2015-05-22 19:23 - 2015-10-07 19:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 20:53 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-22 09:37 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-01 19:54 - 2014-08-01 19:54 - 00034680 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-08-26 21:38 - 2014-08-26 21:38 - 00021816 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-05-05 16:45 - 2015-05-18 21:51 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-10-28 20:35 - 2015-10-20 10:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-28 20:35 - 2015-10-20 10:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1190642625-1873434813-491721638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\adami_000\Desktop\under water walking\DSCN3606.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5607A2E7-6A6D-4D0D-876E-56E75D2A8E90}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{91C812FA-C924-430B-A6C7-44EBB348EC57}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F0506D8E-F6FF-4545-842C-2EFD6A683054}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{70CCE42A-D545-4B3B-B282-9DB6EA6D0AE4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{94119546-6676-4C44-BC2C-D4D4EC98F667}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F6ABF552-7D24-4525-A2CE-235076F7B1A2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{025CBB04-26D4-4808-8553-8DF870BE22C0}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{332CC395-7A3F-4886-BFFA-84B0693748BF}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{040781B2-85D8-46EB-997E-95E4F750FAF8}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{42F1209B-35D7-4801-829F-7CDEA219EFE9}] => (Allow) C:\Users\adami_000\Documents\Steam\Steam.exe
FirewallRules: [{C4BDABBA-BFD7-4289-AA8B-FD7A1048BA23}] => (Allow) C:\Users\adami_000\Documents\Steam\Steam.exe
FirewallRules: [{6F04739F-AD53-4688-97E1-DD8A38675670}] => (Allow) C:\Users\adami_000\Documents\Steam\bin\steamwebhelper.exe
FirewallRules: [{D3135EC4-2F29-4F2C-9DA2-0E7B2E1267F6}] => (Allow) C:\Users\adami_000\Documents\Steam\bin\steamwebhelper.exe
FirewallRules: [{B705C168-B8FC-4ACA-ACD4-6B4B336E1FF2}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{F4E39EB9-9997-4DE4-A290-4FC636497491}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [TCP Query User{F68E7DE2-8A74-42D1-BE07-9F2489FF3E6E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CDC008F8-00F0-4320-A457-97BF8E174654}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A60C8115-31C5-49FA-8877-40D4976B4330}] => (Allow) C:\Users\adami_000\AppData\Local\BoBrowser\Application\bobrowser.exe
FirewallRules: [{A6D56A4B-B4A5-47A1-A9D9-177264A56420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2586B72-D40F-4763-A649-D83AD8FDBD97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E1893D8D-3071-44B3-9058-EDA392CE7FFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F0F94C5-A70D-4FD6-9B1E-3681ECAF3EB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75CF1AB1-15F3-402C-BBE0-9167D5D92F07}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2E4C16BE-056D-4F4E-B296-E8DD457CCAAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/28/2015 08:31:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/28/2015 08:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33569984
Error: (10/28/2015 08:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33569984
Error: (10/28/2015 08:29:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/28/2015 08:29:03 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error: (10/15/2015 05:18:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26203
Error: (10/15/2015 05:18:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26203
Error: (10/15/2015 05:18:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/15/2015 04:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36656
Error: (10/15/2015 04:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36656
System errors:
=============
Error: (10/28/2015 09:31:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
%%2
Error: (10/28/2015 09:29:27 PM) (Source: DCOM) (EventID: 10016) (User: MAXROSENFELD)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MaxRosenfeldadami_000S-1-5-21-1190642625-1873434813-491721638-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/28/2015 09:29:26 PM) (Source: DCOM) (EventID: 10016) (User: MAXROSENFELD)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MaxRosenfeldadami_000S-1-5-21-1190642625-1873434813-491721638-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/28/2015 09:29:26 PM) (Source: DCOM) (EventID: 10016) (User: MAXROSENFELD)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MaxRosenfeldadami_000S-1-5-21-1190642625-1873434813-491721638-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/28/2015 09:29:25 PM) (Source: DCOM) (EventID: 10016) (User: MAXROSENFELD)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MaxRosenfeldadami_000S-1-5-21-1190642625-1873434813-491721638-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/28/2015 09:29:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following service: mfevtp. This service might not be installed.
Error: (10/28/2015 09:24:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
%%2
Error: (10/28/2015 09:22:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends on the following service: mfevtp. This service might not be installed.
Error: (10/28/2015 08:48:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.209.822.0).
Error: (10/28/2015 10:37:03 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
CodeIntegrity:
===================================
Date: 2015-06-12 23:36:01.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:01.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:01.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:01.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:00.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:00.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:00.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:36:00.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:35:59.514
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-12 23:35:58.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3977.04 MB
Available physical RAM: 2168.38 MB
Total Virtual: 5449.04 MB
Available Virtual: 3289.33 MB
==================== Drives ================================
Drive c: (TI10702700E) (Fixed) (Total:455.46 GB) (Free:395.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================