Professional Documents
Culture Documents
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{00
5A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\REVERIEN\AppData\R
oaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{14
23F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{5C
8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{71
DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\REVERIEN\AppData\L
ocal\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{78
550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{79
3EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{82
0D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.
exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{C3
BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{CC
182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D0
336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D1
EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{E8
CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{EC
D97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
C9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
Task: {037C1E69-2352-4B71-BF9F-41F90E188F8F} - System32\Tasks\{B427AFCD-2507-455
E-962F-0A755643BDDC} => pcalua.exe -a C:\Users\REVERIEN\Downloads\setup_basic_48
00_14-5(1).exe -d C:\Users\REVERIEN\Downloads
Task: {06652989-4F08-4C22-9929-45FEAD589085} - System32\Tasks\{8B398634-E508-401
C-8F40-1E6B8018FAF9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {08F320F2-51C3-40FA-901E-6299F4ED245D} - System32\Tasks\Toshiba\CommonNoti
fier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.e
xe [2013-01-04] (Toshiba Europe GmbH)
Task: {1B3DA511-80EE-4124-9D8C-4214B6F9F7C7} - System32\Tasks\Trigger KMS Activa
tion => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {1B690D77-BED4-4BD3-87B3-77B30470B172} - System32\Tasks\{335127B4-0212-47B
8-A6F6-BB6DFEC8DC4C} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\pdf-annotator-5.exe -d C:\Users\REVERIEN\Documents\Downloads\Programs
Task: {1C4D72AE-A136-44B9-AB6D-618DC414022A} - System32\Tasks\LaunchPreSignup =>
C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {43142973-CF66-4C75-9A9C-BD86A7D56A2C} - System32\Tasks\{DE380E56-84B4-4F7
8-91DA-6FEB3482985D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {435AE71D-CBDE-4DDF-A504-6D7A8DC77019} - System32\Tasks\Adobe Flash Player
Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [201
6-03-24] (Adobe Systems Incorporated)
Task: {4754F53F-BCD6-4CEB-AE31-E3D1081F2919} - System32\Tasks\RealDownloader Upd
ate Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
[2016-02-03] ()
Task: {4899038C-645F-4F99-B06E-C6C53E90E8E8} - System32\Tasks\GoogleUpdateTaskUs
erS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\L
ocal\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4D2B6648-C88F-42D0-801A-2BC13B0D4419} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
Task: {52FC6D96-0F79-4D7F-9016-C45F51E68844} - System32\Tasks\{B4A54807-95C1-4C5
6-AD99-3A2CF5B1A653} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\setup_basic_4800_14-5_2.exe -d C:\Users\REVERIEN\AppData\Roaming\IDM
Task: {57B2A906-6471-42D9-813A-6ECC1BB8FE03} - System32\Tasks\Microsoft\Windows\
RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-15] (Microsoft Corpo
ration)
Task: {620EA6A0-7874-4884-8744-C548E5709A0F} - System32\Tasks\Microsoft\Office\O
fficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
[2014-01-22] (Microsoft Corporation)
Task: {698FBBBE-2414-4D8D-8C84-3409AD2E7EE0} - System32\Tasks\RealDownloaderReal
UpgradeLogonTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program File
s (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks,
Inc.)
Task: {7194F166-8483-4E63-B348-4665129E173B} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe
Task: {71B218C2-3599-478E-A2FD-5AD8943CB636} - System32\Tasks\{B7687898-7A46-489
6-A5EA-EF2E5B2F59D6} => pcalua.exe -a G:\RRutayis\Pavilion\Softwares\setup_basic
_4800.exe -d G:\RRutayis\Pavilion\Softwares
(Google Inc.)
Task: {F22B8338-9644-4660-BE5D-D422066ECD42} - System32\Tasks\RealDownloaderDown
loaderScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program F
iles (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNe
tworks, Inc.)
Task: {F29AEFCF-3872-459A-BE83-E74679F989F2} - System32\Tasks\ReimageUpdater =>
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage) <=
=== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Mac
romed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdat
e.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdate.
exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)
\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\G
oogle\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.e
xe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\S
ynaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\
bin\hpqwrg.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk ->
C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide
"C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"
==================== Loaded Modules (Whitelisted) ==============
2011-10-13 15:38 - 2011-10-13 15:38 - 00156672
OSHIBA\Password Utility\GFNEXSrv.exe
2014-12-24 17:10 - 2014-08-06 03:04 - 01441792
ing\Everything.exe
2016-03-11 20:25 - 2013-11-15 14:38 - 00066048
EALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-09-18 17:53 - 2015-09-18 17:53 - 13067264
ySQL Server 5.6\bin\mysqld.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544
eal\UpdateService\RealPlayerUpdateSvc.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 06908904
\Reimage Protector\ReiSystem.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856
2k.dll
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872
UIComponents.dll
a\Local\Temp\_MEI56922\pywintypes27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00364544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pythoncom27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00320512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32com.shell.shell.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00776704 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_hashlib.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01176576 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._core_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00806400 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._gdi_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00816128 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._windows_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01067008 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._controls_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00733184 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._misc_.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00682496 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pysqlite2._sqlite.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ctypes.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00119808 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32file.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00108544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32security.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00007168 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\hashobjs_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00017920 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\thumbnails_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\usb_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00167936 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32gui.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00018432 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32event.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00046080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_socket.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 01208320 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ssl.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00128512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_elementtree.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00127488 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pyexpat.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00013824 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\common.time34.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00038912 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32inet.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00036864 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_psutil_windows.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00525208 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\windows._lib_cacheinvalidation.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00011264 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32crypt.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00077312 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._html2.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00027136 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_multiprocessing.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00020480 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_yappi.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00035840 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32process.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00686080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\unicodedata.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00078848 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._animate.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00123392 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._wizard.pyd
2016-04-06 09:29 - 2016-04-06 09:30 - 00024064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pipe.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00010240 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\select.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00025600 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pdh.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00017408 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32profile.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00022528 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32ts.pyd
2016-02-02 09:38 - 2016-02-03 11:58 - 00141312 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dl
l
2016-02-02 09:38 - 2016-02-03 11:58 - 22330368 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\M
icrosoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-08 13:38 - 2015-04-08 13:38 - 00471040 _____ () C:\Program Files (x86)\M
endeley Desktop\Mendeley.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 01382048 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\cpprest100_1_2.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00654608 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Lib\r1api.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 06242107 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\videodl.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
C:\WINDOWS\system32\Drivers\anwlblhj.sys:changelist [4642]
C:\ProgramData\TEMP:05E9FFE5 [145]
C:\ProgramData\TEMP:5C1D8A71 [138]
C:\ProgramData\TEMP:661DFA1C [117]
C:\ProgramData\TEMP:DBC416F8 [286]
www.malwaretips.com
malwareremovalguides.info
onlinevirusrepair.com
enigmasoftware.com
pcrisk.com
malwarebytes.org/
tomshardware.co.uk
malwaretips.com
answers.yahoo.com
www.malwareremovalguides.info
www.onlinevirusrepair.com
www.enigmasoftware.com
www.pcrisk.com
guides.yoosecurity.com
www.malwarebytes.org/
www.tomshardware.co.uk
www.gmail.com
gmail.com
www.hotmail.com
hotmail.com
www.mail.ru
mail.ru
www.torrentz.eu
torrentz.eu
www.kat.ph
kat.ph
www.thepiratebay.se
thepiratebay.se
www.thepiratebay.org
thepiratebay.org
les\KMSpico\AutoPico.exe
FirewallRules: [{81227772-2DAA-4A12-AF45-6FD4A355B49D}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{9BACA3F2-6A32-43D2-9A57-FE02F540F858}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{EF122BC9-8ED2-4F76-9A83-979E295D2594}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{BC44951D-BA85-4509-A961-CC23E6570D30}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{FB9C1AA6-B1DC-4FAF-823C-D769CA11ED7F}] => (Allow)
FirewallRules: [{EAB34039-D997-49A7-96B5-57F98CCD1402}] => (Allow)
les (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CAA82361-BF4D-4259-A3DF-830A363F74C4}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{50EE1F7B-EEDB-46A0-99F8-FEA2C0BD925D}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{29B0DB79-257F-40D0-AA83-C1AD16D8ADD7}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{52D27317-8D42-43FF-A895-4BB64E868B1E}] => (Allow)
FirewallRules: [{3CF0ED6F-3D1A-4F51-9E5E-4C2BD0B5C806}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C4E8E3C-1BB7-4E4C-AE79-DF4AC5C9B8D4}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B631FD5E-2E77-4114-A834-AAEDAE48BAF6}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D063D9A9-8BBB-481E-933B-CD7F0967A396}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow)
les (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{69B5AC7F-E405-4421-A111-09A6F9EEDD62}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{E6B96284-A2D9-4F0E-9CA7-813B79BC8EF0}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{8C677F5F-8553-429E-8E5E-7271B10687B7}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{574FD494-3CA7-4021-8A39-F14DA44AFC16}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{CD0B6F4B-0009-4EBC-A245-C5562ACE4FB4}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3C2D29B-B322-4EB2-B525-2F1273B1F716}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9B53418-4574-45A0-8639-DC0D6707F655}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F570D4F2-1C74-46C1-BCF1-1120781D9D59}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B9610DF-DAF7-4650-B8EB-BE4B5CAAE391}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{705BE377-AD8B-4F94-90AB-D2EFCB6644B4}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{02C0309B-F069-4FF4-9696-6487D878C8CE}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{AEE1A837-3B32-4F4E-84D3-C59B67FC0D4F}] => (Allow)
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=1688
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=3306
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{1283C0F1-9220-4572-9FA4-B585067FC7F4}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{3696728A-EA99-464F-A76A-C4298E33CD6A}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{DC0F0CEB-84AC-4464-8BA3-4402EB74A9D6}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{E5709ADD-BFFA-4A8C-A9B5-7E15E0582DC9}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{DF2B8723-CEC4-4121-B6DB-19FDA93A6270}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BAB82F17-DE9D-4248-A0CB-8B5879ADB4D5}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54ABF091-1DF9-4B69-B37B-C41E73C69CB6}] => (Allow) LPort=2869
FirewallRules: [{862B93C9-B9A9-48FA-ADA3-55F921FF41A4}] => (Allow) LPort=1900
FirewallRules: [{6F700F9F-D2C2-468C-B86E-5CA39E1D4741}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5D10C7CA-B991-4391-B4D4-5C8BB7A03570}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{87A90989-487D-4828-AA46-7A469FF67E99}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{A33D9D2D-3F09-4532-BFCF-3F5E7EB512D8}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{AB39E013-B069-4E52-9BE2-E0FFDB0DFFEB}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{59651CC9-DAE1-45A7-B149-D8FC70DCE492}] => (Allow) C:\Program Fi
les (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FEC06A52-37E7-4021-ACBD-CD78C3D93BDB}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{45B734E6-71F3-4293-868A-6B2043316142}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [{80B7C41D-AE8A-4702-8BB8-17C136318964}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{EDC8A610-4B6C-4F1E-BD72-B18609B14D31}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{9CE82D32-5C0E-4E17-8B6D-E4944A71551B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E86DBDF3-5870-46CB-B2C1-7B01B124FD8B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{4064EA95-343A-4444-AA16-7E87ABDFCDA6}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{47DFAE74-EBA1-4001-8308-3316B9D1FC26}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{C0110B3C-2BCF-4E80-AEF4-74B2F19B9830}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7C67A3A5-4C70-435B-A43A-897049E4F23B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1C739540-6B6E-4658-85DE-AE84B2115A96}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [UDP Query User{625CADCA-9AD2-4D93-9946-9935A73F3C1A}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [{9BE26317-4C02-4241-92DB-A8A1FC476E35}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{0185FCB4-F83E-476C-8C83-7E96F997E750}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{A94D9EED-B06D-40EF-BC22-696A748AA005}] => (Allow) c:\program fi
les (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{C5F57E73-72B0-41B8-BC44-8684B97CC4DA}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [UDP Query User{739CCF3C-E344-4A02-9C2E-E15BE58C0F42}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [TCP Query User{23EA3972-718B-4DC8-8F47-383CBD730E9E}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{F0C8441B-10DA-43D0-ADD9-E489B359C9CC}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [{F653B5D8-9AAC-4521-9B17-DFB7DC379077}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{88671DA2-CC5A-49CB-A0C9-48B72A220E78}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{91A5D443-9D77-4A0B-8E80-B5D3392DD370}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87EF9B94-EE96-466E-BD82-8CE5117E7A10}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{70B2A856-2AF0-424D-8629-2DB1B396EC82}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{10211271-2BDC-42C2-B961-8DB4582E4C2F}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 788: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 1016: ERROR: read_msg errno 0 (The operation completed successfully
.)
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 976: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Access_560cb16 service terminated unexpectedly. It ha
s done this 1 time(s). The following corrective action will be taken in 10000 mi
lliseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Storage_560cb16 service terminated unexpectedly. It h
as done this 1 time(s). The following corrective action will be taken in 10000 m
illiseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Contact Data_560cb16 service terminated unexpectedly. It has do
ne this 1 time(s). The following corrective action will be taken in 10000 millis
econds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Sync Host_560cb16 service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseco
nds: Restart the service.
Error: (04/06/2016 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 08:58:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 05:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 03:08:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter ACER
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{D3A7E1A2-BF66-4FA4-B421-289C91B29B3B}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 02:40:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter LENOVO
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{C7344E23-A6A5-4EEE-9867-288EC4D5B277}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 01:02:47 PM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The UpdateSvc service terminated unexpectedly. It has done this 2 t
ime(s). The following corrective action will be taken in 60000 milliseconds: Res
tart the service.
CodeIntegrity:
===================================
Date: 2016-04-06 09:07:15.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-06 09:07:15.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-04 14:22:01.468